8

I'm working at a company that uses a firewall for internal users.

When I try to install npm libraries I get this error message

C:\Users\me\source\repos\webpage [(1_0_0)]> npm install -g puppeteer
npm ERR! code 1
npm ERR! path C:\Users\me\AppData\Roaming\npm\node_modules\puppeteer
npm ERR! command failed
npm ERR! command C:\WINDOWS\system32\cmd.exe /d /s /c node install.js
npm ERR! ERROR: Failed to set up Chrome r114.0.5735.133! Set "PUPPETEER_SKIP_DOWNLOAD" env variable to skip download.
npm ERR! Error: unable to get local issuer certificate
npm ERR!     at TLSSocket.onConnectSecure (node:_tls_wrap:1530:34)
npm ERR!     at TLSSocket.emit (node:events:390:28)
npm ERR!     at TLSSocket._finishInit (node:_tls_wrap:944:8)
npm ERR!     at TLSWrap.ssl.onhandshakedone (node:_tls_wrap:725:12) {
npm ERR!   code: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY'
npm ERR! }

npm ERR! A complete log of this run can be found in:
npm ERR!     C:\Users\me\AppData\Local\npm-cache_logs\2023-06-16T14_37_01_393Z-debug.log

But if I navigate via browser to https://registry.npmjs.org/, I can see the certificate is valid, and somehow approved by my company.

Is the error returned by npm install caused by the firewall of the company ? Or is it something completely unrelated ?

Arthur Attout
  • 287

1 Answers1

16

A possible explanation is that your company decrypts certain traffic and re-encrypts it with their certificate (which you probably already have in your keychain or trusted root certificates).

Some workarounds from the article Fixing unable_to_get_issuer_cert_locally error in Node JS:

  • Temporarily stop rigid SSL verification

    npm config set strict-ssl false

  • Change the default public registry version to HTTP

    npm config set registry http://registry.npmjs.org/

  • Expand Node.js trust store with the company's Root certificate

    set NODE_EXTRA_CA_CERTS=C:\\path\\to\\certificate.pem

  • Modify the settings of the CAfile to take precedence over the standard CA lookups that NPM utilizes

    npm config set cafile /path/to/root/certificate.pem

  • Disable certificate verification altogether

    export NODE_TLS_REJECT_UNAUTHORIZED=0

More information can be found in the post
npm ERR! code UNABLE_TO_GET_ISSUER_CERT_LOCALLY.

harrymc
  • 498,455