Best IT Recipes

Npm install without ssl

I have an Ubuntu VM that cannot connect to sites with ssl, i.e. https. It can successfully download artifacts from the Internet if the URL starts with http.

npm install will download dependencies via https. Is there any way to download it via http?

+53
ssl npm
Jan 15 2018-12-15T00:
source share
3 answers

Try changing the registry to the http version, instead of using https by default with the command

npm config set registry http://registry.npmjs.org/
+133
Jan 16 '12 at 12:55
source share

As stated earlier, the following should work:

npm config set registry http://registry.npmjs.org/

Now, to add my word, you should also consider that downloading without ssl allows for a man-in-the-middle attack. This is just to add a warning to people who will read the message.

If you are a solo developer, you don’t need to upload files directly to http , but if I wanted to attack a company using node.js, I would consider the possibility of delivering malicious code via npm ... And such an attack without ssl will be much easier.

+10
Sep 11 '14 at 0:13
source share

After much trial and error, I found that in addition to everything that was said above, I also need to set https-proxy to the value of http proxy .

Thus, the final .npmrc file looks like this:

 proxy=http://username:password@proxy.address:port/ https-proxy=http://username:password@proxy.address:port/ strict-ssl=false registry=http://registry.npmjs.org/

Please note that proxies and https proxies are the same!

See Comments on this topic for more information:

https://github.com/npm/npm/issues/8034

I also have npm cache clean --force after updating npmrc for a good grade, but I'm not sure if this is required.

Hope this helps.

+8
Jan 02 '18 at 18:18
source share


More articles:


All Articles