Loading npm registry ca certs from environment to npmrc - node.js

In order to use private npm registry I am trying to setup credentials and ca certs in project's .npmrc file .
like following:
ca[]=<ROOT_CA> # NOTE this needs to string in double quotes, with newlines replaced be \n
ca[]=<INTERMEDIATE_CA> # NOTE this needs to string in double quotes, with newlines replaced be \n
And it works absolutely fine.
But when I move these values to system environment (Mac OS .zshrc) & try to read like following :
ca[]="${NPM_REG_ROOT_CERT}"
ca[]="${NPM_REG_INTERMEDIATE_CERT}"
It gives me error like following
npm ERR! code UNABLE_TO_VERIFY_LEAF_SIGNATURE
npm ERR! errno UNABLE_TO_VERIFY_LEAF_SIGNATURE
npm ERR! request <complete path to dependency> failed, reason: unable to verify the first certificate
I have ensured the env values are available & everything works fine (other login credentials are also coming from environment only).
These CA certs are having issue while loading from system environment !
If I disable strict-ssl things work. It means other credentials are loading correctly from system environment .
Am I missing something here ?
Could it be related to format of CA cert string stored in system environment. I am setting it as base64 string having newline replaced with \n.
Please help.

Related

NPM ssl certificate issue

Currently we need to ignore the strict-ssl false configuration from our .npmrc file in order to have secure connection to our private npm registry hosted in Jfrog.
I tried pointing the cert.pem file by using npm config set cafile and also
export NODE_EXTRA_CA_CERTS= both does not work.
Nodejs 12.
Could anyone please help me to solve this issue as im getting blocked a long time due to this.
You can just use:
set NODE_EXTRA_CA_CERTS="path to yourrootcertificate.pem or yourrootcertificate.cer>"
or
npm config set cafile "path toyourrootcertificate.pem or yourrootcertificate.cer"

Getting NPM 407 error while installing jquery, in VPN

I am trying to install jquery using npm in my project, but it is giving this error : npm ERR! 407 Proxy Authentication Required - GET http://registry.npmjs.org/jquery. On Googling I found out that we have to set proxy settings using commands such as npm config set proxy http://proxy.company.com:proxyport but I am using a VPN network, and in proxy settings it shows *Some properties are hidden or managed by your organization How do I resolve this problem?
Correct proxy setting:
HOME:File .npmrc
Mac:
/Users/user_name/.npmrc
Window:
C:\Users\user_name\.npmrc
Add proxy with username and password
proxy=http://username:password#proxy_url:8080
http-proxy=http://username:password#proxy_url:8080
https-proxy=http://username:password#proxy_url:8080
Note: If your password contains special char, replace with encoded value. Like # will be %40

what do lines starting with double-slash '//' mean in a .npmrc?

I'd naively assumed that .npmrc lines with double slash ('//') indicate a comment, but that's clearly not the case, because when I delete them, I'm unable to publish to my local registry.
Example:
registry=https://npm.myregistry.io/
//email=me#mydomain.com
//npm.myregistry.io/:_authToken="Pgwb34F123EQdHqE7OoZA=="
If I remove the above // lines, publish results in
npm ERR! code ENEEDAUTH
npm ERR! need auth auth required for publishing
npm ERR! need auth You need to authorize this machine using `npm adduser`
I can't find any reference to this syntax in npmrc documentation or the ini module parser documentation. I'm assuming it has something to do with synthesized properties?
// has no special meaning in .npmrc or any other .ini file.
The ini syntax is key = value. So in this case the key is //npm.myregistry.io/:_authToken.
This is a Protocol-relative URL, meaning an URL that will take the protocol automatically from the current page (you can actually type //google.com in the browser, and it should take you to https://google.com)
Note that this may not necessarily be the URL used by npm for authentication. It's just a format chosen by the developers to hold the authToken (or other values) in the same string with the registry URL.

How to set _auth for a scoped registry in .npmrc?

I am wondering how to configure the .npmrc file so that I can have a default registry and a different scoped registry with authentication.
I am using Nexus for the private repository and I am not sure how to set authentication for the scoped registry, only the default registry.
For example my ~/.npmrc file is:
registry=https://registry.npmjs.org/
#test-scope:registry=http://nexus:8081/nexus/content/repositories/npm-test/
email=test#user.com
_auth="…"
If I do npm publish for a package scoped to test-scope, I get an authentication error.
AFAIK, the _auth only applies to the registry=... section. Is there a way of specifying an auth key for the #test-scope:registry=... section?
Thanks,
So, after some digging through the NPM source code, it turns out there is a way to do this.
My solution is below:
registry=https://registry.npmjs.org/
#test-scope:registry=http://nexus:8081/nexus/content/repositories/npm-test/
//nexus:8081/nexus/content/repositories/npm-test/:username=admin
//nexus:8081/nexus/content/repositories/npm-test/:_password=YWRtaW4xMjM=
email=…
Explanation:
The scope #test-scope specifies that packages with the scope should be published to a different registry than the default registry= when executing the npm publish command.
The two lines starting with //nexus:8081/... are used to specify the credentials to the scoped repository for both username and _password where _password is the base64 encoded password component from the previously used _auth credentials.
Using this approach, only scoped packages will be published and installed from the private registry and all other packages will be installed from the default registry.
Edit:
Additional to this, the password can be specified as an environment variable so that it is not stored in plaintext in the file.
For example:
registry=https://registry.npmjs.org/
#test-scope:registry=http://nexus:8081/nexus/content/repositories/npm-test/
//nexus:8081/nexus/content/repositories/npm-test/:username=admin
//nexus:8081/nexus/content/repositories/npm-test/:_password=${BASE64_PASSWORD}
email=…
Also, when using Nexus, the email= line must be specified.
for some strange reason the _auth is called _authToken when used with scoped packages. If you are using this you don't have to store your plain text password in your .npmrc
registry=https://registry.npmjs.org/
#test-scope:registry=http://nexus:8081/nexus/content/repositories/npm-test/
//nexus:8081/nexus/content/repositories/npm-test/:_authToken=...
email=…
Run the following command, replacing #company-scope with the scope, and company-registry with the name of your company’s npm Enterprise registry:
npm login --scope=#company-scope --registry=https://registry.company-registry.npme.io/
This information is available on the npm documention.

npm warn invalid config proxy config Must be a full url with 'http://' [duplicate]

This question already has answers here:
Escape # character in git proxy password
(5 answers)
Closed 7 years ago.
Please look into it as it is not working for me:
npm warn invalid config proxy http://'Accenture\username:userpassword#2017'#127.0.0.1:8080
npm warn invalid config Must be a full url with 'http://'
Finally i got the issue resolved with the help from network guy
strict-ssl=false
proxy = http://ip address of proxy:8088
https-proxy = https://ip address of proxy:8088
registry = http://registry.npmjs.org/
These settings should go in ~/.npmrc, or in /root/.npmrc if you need to use sudo.
If you wish to change any of the configuration properties in npm, the section on config on npmjs.com is useful:
https://docs.npmjs.com/cli/config
The full proxy configuration for npm is
npm config set http-proxy http://username:password#proxy-address.com:80/'
npm config set https-proxy http://username:password#proxy-address.com:80/'
That should work for you, you can also double check it's set by typing
npm config list
http-proxy = "http://username:password#proxy-address.com:80/"
https-proxy = "http://username:password#proxy-address.com:80/"
Further to that, if you prefer to edit the config file directly it is stored in a file called .npmrc that can be added either to each project root or the global settings in your user directory, please see the npmrc help content
https://docs.npmjs.com/files/npmrc
In relation to your question, if your password contains special characters, they need to be escaped. This url provides useful information on special characters:
http://www.cyberciti.biz/faq/unix-linux-export-variable-http_proxy-with-special-characters/
As an example, if your password were P#ssword then it will become P%40ssword.

Resources