npm install without ssl

Question

I have an Ubuntu VM that is having trouble connecting to sites with ssl, i.e. https. It can successfully download artifacts from the internet if the url begins with http.

Answer 1

Try changing the registry to the http version rather that the default https one using the command

npm config set registry http://registry.npmjs.org/

Answer 2

As conlinf said, the following should work :

npm config set registry http://registry.npmjs.org/

Now, to add my word, you should also consider that downloading without ssl allows a man-in-the-middle attack. It is only to add a warning to people who would read the post.

If you are a solo developer there should be not much trouble downloading in http directly, but if I wanted to attack a company using node.js I would consider delivering malicious code through npm... And performing such an attack without ssl will be much easier.

Answer 3

After much trial and error I found that in addition to all that was said above, I also need to set the https-proxy to the value of the http proxy.

So the end .npmrc file looks like

proxy=http://username:password@proxy.address:port/
https-proxy=http://username:password@proxy.address:port/
strict-ssl=false
registry=http://registry.npmjs.org/

Note that proxy and https-proxy are identical!

See the comments on this thread for more info:

https://github.com/npm/npm/issues/8034

Also I ran a npm cache clean --force after updating the npmrc for good measure but I am not sure if it is required.

Hope that helps.

Answer 4

changing ssl-strict worked for me behind a corporate firewall

npm config set ssl-strict=false