4

I'm working at a company that uses a firewall for internal users.

When I try to install npm libraries I get this error message

C:\Users\me\source\repos\webpage [(1_0_0)]> npm install -g puppeteer
npm ERR! code 1
npm ERR! path C:\Users\me\AppData\Roaming\npm\node_modules\puppeteer
npm ERR! command failed
npm ERR! command C:\WINDOWS\system32\cmd.exe /d /s /c node install.js
npm ERR! ERROR: Failed to set up Chrome r114.0.5735.133! Set "PUPPETEER_SKIP_DOWNLOAD" env variable to skip download.
npm ERR! Error: unable to get local issuer certificate
npm ERR!     at TLSSocket.onConnectSecure (node:_tls_wrap:1530:34)
npm ERR!     at TLSSocket.emit (node:events:390:28)
npm ERR!     at TLSSocket._finishInit (node:_tls_wrap:944:8)
npm ERR!     at TLSWrap.ssl.onhandshakedone (node:_tls_wrap:725:12) {
npm ERR!   code: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY'
npm ERR! }

npm ERR! A complete log of this run can be found in:
npm ERR!     C:\Users\me\AppData\Local\npm-cache\_logs\2023-06-16T14_37_01_393Z-debug.log

But if I navigate via browser to https://registry.npmjs.org/, I can see the certificate is valid, and somehow approved by my company.

Is the error returned by npm install caused by the firewall of the company ? Or is it something completely unrelated ?

Improve this question
1
  • Can you provide the relevant information from the debug log? What is the value of “ PUPPETEER_SKIP_DOWNLOAD”? Since you suspect the firewall, when you asked your system administrator if this could be caused by the firewall, what did they say?
    – Ramhound
    Commented Jun 16, 2023 at 14:59

1 Answer 1

Reset to default
6

A possible explanation is that your company decrypts certain traffic and re-encrypts it with their certificate (which you probably already have in your keychain or trusted root certificates).

Some workarounds from the article Fixing unable_to_get_issuer_cert_locally error in Node JS:

  • Temporarily stop rigid SSL verification

    npm config set strict-ssl false

  • Change the default public registry version to HTTP

    npm config set registry http://registry.npmjs.org/

  • Expand Node.js trust store with the company's Root certificate

    set NODE_EXTRA_CA_CERTS=C:\\path\\to\\certificate.pem

  • Modify the settings of the CAfile to take precedence over the standard CA lookups that NPM utilizes

    npm config set cafile /path/to/root/certificate.pem

  • Disable certificate verification altogether

    export NODE_TLS_REJECT_UNAUTHORIZED=0

More information can be found in the post
npm ERR! code UNABLE_TO_GET_ISSUER_CERT_LOCALLY.

Improve this answer
1
  • Indeed, when I browse to the target website, I see the certificate is signed with my company's Firewall vendor. I'd prefer avoiding as much as possible the idea of disabling SSL altogether. I'll try expanding with my company's root certificate and let you know.
    – Arthur Attout
    Commented Jun 19, 2023 at 8:08

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .