npm ERR! code UNABLE_TO_GET_ISSUER_CERT_LOCALLY

Question

A quick solution from the internet search was npm config set strict-ssl false, luckily it worked. But as a part of my work environment, I am restricted to set the strict-ssl flag to false.

Later I found a safe and working solution,

npm config set registry http://registry.npmjs.org/  

this worked perfectly and I got a success message Happy Hacking! by not setting the strict-ssl flag to false.

what may be happening is your company decrypts certain traffic and re-encrypts it with their certificate (which you probably already have in your keychain or trusted root certificates)

if you're using node 7 or later I've found this fix to be compatible with node and node-gyp (for Windows you'll need to do this differently, but you basically just need to add this environment variable):

export NODE_EXTRA_CA_CERTS="absolute_path_to_your_certificates.pem" (in Windows you may need to remove the quotes)

the pem file can have multiple certificates: https://nodejs.org/api/cli.html#cli_node_extra_ca_certs_file

make sure your certificates are in proper pem format (you need real line breaks not literal \n)

I couldn't seem to get it to work with relative paths (. or ~)

This fix basically tells npm and node-gyp to use the check against the regular CAs, but also allow this certificate when it comes across it

Ideally you would be able to use your system's trusted certificates, but unfortunately this is not the case.

Changing the NPM repo URL to HTTP works as a quick-fix, but I wanted to use HTTPS.

In my case, the proxy at my employer (ZScaler) was causing issues (as it acts as a MITM, causing certification verification issues)

I forgot I found a script that helps with this and Git (for cloning GitHub repos via HTTPS had the same issue) and forked it for my use

Basically, it does the following for git:

git config --global http.proxy http://gateway.zscaler.net:80/
git config --system http.proxy http://gateway.zscaler.net:80/

and for Node, it adds proxy=http://gateway.zscaler.net:80/ to the end of c:\Users\$USERNAME\npm\.npmrc

That solved the issue for me.

After trying out every solution I could find:

• Turning off strict ssl: npm config set strict-ssl=false
• Changing the registry to http instead of https: npm config set registry http://registry.npmjs.org/
• Changing my cafile setting: npm config set cafile /path/to/your/cert.pem
• Stop rejecting unknown CAs: set NODE_TLS_REJECT_UNAUTHORIZED=0

The solution that seems to be working the best for me now is to use the NODE_EXTRA_CA_CERTS environment variable which extends the existing CAs rather than replacing them with the cafile option in your .npmrc file. You can set it by entering this in your terminal: NODE_EXTRA_CA_CERTS=path/to/your/cert.pem

Of course, setting this variable every time can be annoying, so I added it to my bash profile so that it will be set every time I open terminal. If you don’t already have a ~/.bash_profile file, create one. Then at the end of that file add export NODE_EXTRA_CA_CERTS=path/to/your/cert.pem. Then, remove the cafile setting in your .npmrc.

Had the same error. Looks like it is related to SSL certificates. If you are using NPM for public packages (don't need the security of HTTPS) you can turn off strict SSL key validation with the following command.

This might be the simplest fix if you're just looking to install a few publicly available packages one time.

npm config set strict-ssl=false

npm config set registry http://registry.npmjs.org/

If this code trick didn't work for you then try to run your application from home directory.. It worked for me.

Trust me, this will work for you:

    npm config set registry http://registry.npmjs.org/