Solving the `npm ERR! code UNABLE_TO_GET_ISSUER_CERT_LOCALLY` Issue
If you do consulting like we Sympraxians do, sooner or later you will end up working on a client laptop. There are a number of issues you might run into with this, including different ergonomics, software you don’t need or want, etc., but that’s not the point of this post. Or you may be trying to develop in an environment where there is lots of network filtering and overzealous security.
One of the things I’ve seen when I’m trying to install npm packages – usually to frame up a SharePoint Framework (SPFx) solution – is an error something like this:
That is:
npm ERR! code UNABLE_TO_GET_ISSUER_CERT_LOCALLY
npm ERR! errno UNABLE_TO_GET_ISSUER_CERT_LOCALLY
I’m only runningnpm i gulpin this example, which simply installs the gulp task runner. Very simple and very common, if you are a developer.
Reading through the log the error points you to tells you what happened, but not how to fix it. Over the last few years, I’ve run into these issues more than once, and each time it takes me a little while to find and remember how to solve it.
In this particular instance, I’m pretty certain the traffic to get the issuer certificate is blocked by ZScaler. While I suppose the intent behind it is reasonable, it does things like preventing me from going to certain types of Web sites like blogs and software download pages. Even though I’m an administrator on my machine, I need to jump through some hoops to be able to go from standard build to productive.
There’s a quick fix for this issue – much quicker than some of the other things I’ve tried, spending time monitoring the traffic with Fiddler, and so forth. The silly thing here is I’m not doing anything forbidden really, the security settings are just so poorly managed that they block people from actually doing their work.
I found the fix in this StackOverflow post. By running this line in the terminal:
npm config set registry https://registry.npmjs.org/
You’re telling npm not to muck about with the issuer cert, just go out to https://registry.npmjs.org/ to get stuff. (I’m sure I’m saying something wrong there, but it works!)
Next time this happens to me, I’m hoping this post will be the first result in my search!
Why pull from an unencrypted line when https works?
Granted, NPM verifies the checksums, but technically those could be spoofed too.
Thanks for this post. As a newbie to NPM, this has ended hours of frustration for me.
Disabling SSL is not really a solution, but rather circumventing the problem altogether.
You can just run the following command:
npm config set cafile "/path/to/CA.crt"With your custom cert. If you don’t know how to get the cert, you can ask the security team.
The same problem is with bower installer. Tip for fix it is changing DNS address in your config.
Update, change the code to have https instead of http. npm registry deprecated TLS 1.0 and 1.1