npm install without ssl
https://stackoverflow.com/questions/8874363
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have an Ubuntu VM that is having trouble connecting to sites with ssl, i.e. https. It can successfully download artifacts from the internet if the url begins with http.
npm install will download dependencies via https. Is there anyway make it download via http?
Solution
Try changing the registry to the http version rather that the default https one using the command
npm config set registry http://registry.npmjs.org/
OTHER TIPS
As conlinf said, the following should work :
npm config set registry http://registry.npmjs.org/
Now, to add my word, you should also consider that downloading without ssl allows a man-in-the-middle attack. It is only to add a warning to people who would read the post.
If you are a solo developer there should be not much trouble downloading in http directly, but if I wanted to attack a company using node.js I would consider delivering malicious code through npm... And performing such an attack without ssl will be much easier.
After much trial and error I found that in addition to all that was said above, I also need to set the https-proxy to the value of the http proxy.
So the end .npmrc file looks like
proxy=http://username:password@proxy.address:port/
https-proxy=http://username:password@proxy.address:port/
strict-ssl=false
registry=http://registry.npmjs.org/
Note that proxy and https-proxy are identical!
See the comments on this thread for more info:
https://github.com/npm/npm/issues/8034
Also I ran a npm cache clean --force after updating the npmrc for good measure but I am not sure if it is required.
Hope that helps.
