•  27-06-2022
  •  | 
  •  

Question

Is it possible to run npm install behind an HTTP proxy, which uses NTLM authentication? If yes, how can I set the server's address and port, the username, and the password?

Was it helpful?

Solution

I solved it this way (OS: Windows XP SP3):

1. Download CNTLM installer and run it.

2. Find and fill in these fields in cntlm.ini. Do not fill in the Password field, it's never a good idea to store unencrypted passwords in text files.

Username    YOUR_USERNAME
Domain      YOUR_DOMAIN
Proxy       YOUR_PROXY_IP:PORT
Listen      53128

3. Open console, and type these commands to generate password hashes.

> cd c:\the_install_directory_of_cntlm
> cntlm -H
Password: ...type proxy password here...
PassLM          D6888AC8AE0EEE294D954420463215AE
PassNT          0E1FAED265D32EBBFB15F410D27994B2
PassNTLMv2      91E810C86B3FD1BD14342F945ED42CD6

4. Copy the above three lines into cntlm.ini, under the Domain field's line. Once more, do not fill in the Password field. Save cntlm.ini.

5. Open the Service Manager (from command line: services.msc), and start the service called "CNTLM Authentication Proxy".

6. In the console, type these lines:

> npm config set proxy http://localhost:53128
> npm config set https-proxy http://localhost:53128
> npm config set registry https://registry.npmjs.org

7. Now npm view, npm install etc. should work. Example:

> npm view qunit
...nice answer, no errors :)

OTHER TIPS

CNTLM answer was working for me, but with connection errors make npm unusable. I've fixed them by adding this header in CNTML.

Header      Connection: close

Another alternative is to use Px for Windows which talks NTLM on your behalf like Cntlm and NTLMAps without having to provide your credentials. It uses the logged in user's credentials via SSPI.

Rather than running CNTLM, you could instead try running Fiddler when you need to use npm. I've found this works in fairly locked down environments (e.g. investment banks). It's also a tool that is fairly easy to make a business case for (if you need to) since it's invaluable for checking/creating/altering HTTP traffic.

I've had to go this route before due to usage of smartpass authentication - i.e. we didn't actually have passwords. At those locations setting up CNTLM would have been impossible.

You can pass the settings as parameters:

npm --proxy=http://username:password@proxyserver:port --proxy-https=http://username:password@proxyserver:port --registry=http://registry.npmjs.org/ install whateveryouwanttoinstall

CNTLM didn't work for me. I tried all possible combinations. NPM was giving Authentication error. Fiddler came for rescue and saved my time. It is easy to install and configure. Set Fiddler Rule to Automatically Authenticated.In .npmrc set these

registry=http://registry.npmjs.org
proxy=http://127.0.0.1:8888
https-proxy=http://127.0.0.1:8888
http-proxy=http://127.0.0.1:8888
strict-ssl=false

It worked for me :)

Another Fiddler Option:

A second way to make Fiddler act as an HTTP proxy for NTLM and other protocols is to leave the auto authenticate options/rules defaults in place and go to this setting from the menu bar:

Tools > Telerik Fiddler Options > Connections tab

Click on the Allow remote computers to connect checkbox. You will see a dialog explaining the consequences of enabling this option. Restart Fiddler and update the .npmrc file as shown above. Whenever you need npm to access the registry site just run Fiddler. This setting won't affect the way Fiddler runs for other captures.

  1. Open your .npmrc file in C:\users\username\ folder using notepad
  2. Add the below lines..
  3. Replace domain, username, pwd, servername with your correct values
  4. Try to install or get packages now

  5. If trying from Vs2017, close and reopen VS IDE, then only it works

    proxy=http://DOMAIN%5CUSERNAME:PWD@proxy.servername.com:6050   
https-proxy=http://DOMAIN%5CUSERNAME:PWD@proxy.servername.com:6050  
http-proxy=http://DOMAIN%5CUSERNAME:PWD@proxy.servername.com:6050   
strict-ssl=false

CNTLM worked for me as suggested by KOL. Thanks KOL for that. Just wanted to add that there are some oddities in individual proxies because of which the password may not be acceptable when using simple cntlm -H.

Use cntlm -I -M http://test.com and copy the below config after erasing older configs and you should be through.

The output is like 

---------------------------------------------------
Auth            NTLM
PassNT          8EE9B595A89F7D8774C2146FB302CBCF
PassLM          78901DA9889727EDE28EF9F2769485B9
----------------------------------------------------
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top