I am trying to run node.js but cannot install any packages as npm
is blocked. I have tried the solutions here: How to fill in proxy information in cntlm config file?, and here: NPM behind NTLM proxy and still received errors. I have tripled checked that I have followed the instructions and my ini has the same configuration as the instructions.
My next step is to ask the security team to allow npm
access through the firewall, but I cannot see any documentation about this. What do I need to tell the security team?
Note: I am aware of npm
Enterprise but I think before I get to that step I need to get established with npm
.
The company claims it found more than 1,300 malicious npm packages in 2021 in npm. That's bad, but 1,300 out of 1.8-million is only 0.007222%. If you were to just randomly grab JavaScript packages for your program, odds are you'll be safe.
You should run it in your project root folder, or the folder above your node_modules folder as sometimes the structure can differentiate between projects. But in general: the root folder of your project, as long as it is one folder above your node_modules.
Central registry: an npm proxy acts as a central registry for all your required package versions. Private and public together, possibly from multiple upstream sources. Visualization of dependencies: With all required packages in one place it enables identification of a potential issues.
Yeah, in your simplest case all you need to do is one of these
npm config set proxy http://company.com:8000
or
npm config set https-proxy http://company.com:8000
where http://company.com:8000 is your proxy server and port
(note the - dash, not _ underscore)
Also can you test access to http://registry.npmjs.org the npm registry from that machine.
Additionally your package.json also contains dependencies that require the pulling of a git repository code. You may (most likely will) need to configure git to use a proxy as well.
If you come here searching for an iptables
rule:
If you want to allow only npm
traffic for a certain user, the following might work:
iptables -I OUTPUT 1 -p tcp -m owner --uid-owner <username> -d registry.npmjs.org --dport 443 -j ACCEPT
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With