Running npm behind a corporate firewall: what do I need to tell the security team?

Question

I am trying to run node.js but cannot install any packages as npm is blocked. I have tried the solutions here: How to fill in proxy information in cntlm config file?, and here: NPM behind NTLM proxy and still received errors. I have tripled checked that I have followed the instructions and my ini has the same configuration as the instructions.

My next step is to ask the security team to allow npm access through the firewall, but I cannot see any documentation about this. What do I need to tell the security team?

Note: I am aware of npm Enterprise but I think before I get to that step I need to get established with npm.

Answer 1

Yeah, in your simplest case all you need to do is one of these

npm config set proxy http://company.com:8000

or

npm config set https-proxy http://company.com:8000

where http://company.com:8000 is your proxy server and port

(note the - dash, not _ underscore)

Also can you test access to http://registry.npmjs.org the npm registry from that machine.

Additionally your package.json also contains dependencies that require the pulling of a git repository code. You may (most likely will) need to configure git to use a proxy as well.

Answer 2

If you come here searching for an iptables rule:

If you want to allow only npm traffic for a certain user, the following might work:

iptables -I OUTPUT 1 -p tcp -m owner --uid-owner <username> -d registry.npmjs.org --dport 443 -j ACCEPT