Develop Reference

407 Authentication required npm

Hello everyone I´ve been trying to configure and use npm on my enterprise PC without success.
I´ve set proxy, https-proxy, strict-ssl false, registry http://registry.npmjs.org
proxy has been set like this "http://user:password#proxy_ip:proxy:port"
Where the password has a special character written in urlencode.
npm config get proxy
returns proxy with credentials as they should be.
I have cleared my npm cache and tried again.
No success.
Any ideas what can be the problem?

I recommend reading through this article to configure the proxy for npm.
http://wil.boayue.com/blog/2013/06/14/using-npm-behind-a-proxy/
npm config set proxy http://proxy.company.com:proxyport
npm config set http-proxy http://proxy.company.com:proxyport
npm config set https-proxy http://proxy.company.com:proxyport
Hope this is useful for you!

Usually, when you are behind a corporate proxy, it is needed to add the domain where you are at. Given that also the characters should be URL encoded, it would look like:
https://domain%5Cusername:password#proxy:port

We should add proxy with username and password to avoid this error.
For example:
username: admin
password: admin123
proxy: 172.10.3.21
port: 3128
npm config set proxy http://admin:admin123#172.10.3.21:3128
npm config set https-proxy http://admin:admin123#172.10.3.21:3128

Editing the .npmrc file in user folder worked for me.
I set the proxy and npm registry as follows:
proxy=http://username:password#proxy:port/
https-proxy=http://username:password#proxy:port
registry=http://registry.npmjs.org/
Note : for usenames and passwords containing special charcters, the characters need to be encoded in the proxy configuration.
e.g if username is "user" and password is "1234#user", then the .npmrc file will look like :
proxy=http://user:1234%40user#proxy:port/
https-proxy=http://user:1234#user#proxy:port
registry=http://registry.npmjs.org/
where, %40 is the encoded form of "#".
In my case, the pound symbol(#) was not getting accepted in username or password(Dont know why).

if you use windows and cntlm and you get a 407 error from cntlm proxy server, make sure that your PassNTLMv2 in the cntlm.ini is up-to-date, as you have to recreate it, everytime that you change domain password.

I had this error on my corporate machine and this command in Terminal fixed it:
proxyOn () {
export PROXY_CREDS=http://localhost:9000
export ALL_PROXY=${PROXY_CREDS}
export https_proxy=${PROXY_CREDS}
export http_proxy=${PROXY_CREDS}
export HTTP_PROXY=${PROXY_CREDS}
export HTTPS_PROXY=${PROXY_CREDS}
}

The character dot . , dont work on http request but &#46 remplace it
Before
npm config set proxy http://name.surname:pwrd#host:port
After
npm config set proxy http://name&#46surname:pwrd#host:port

As others mention above you should set both the proxy and https-proxy configuration variables. as below:
https-proxy=http://userName:password#urlOfYourProxy:8080/
What no mentions is that the https-proxy variable should point to a proxy url that uses the http protocol NOT the https protocol (as shown above)!! Pretty darned counter intuitive.

npm install error - unable to get local issuer certificate

I am getting an unable to get local issuer certificate error when performing an npm install:
typings ERR! message Unable to read typings for "es6-shim". You should check the
entry paths in "es6-shim.d.ts" are up to date
typings ERR! caused by Unable to connect to "https://raw.githubusercontent.com/D
efinitelyTyped/DefinitelyTyped/7de6c3dd94feaeb21f20054b9f30d5dabc5efabd/es6-shim
/es6-shim.d.ts"
typings ERR! caused by unable to get local issuer certificate
I have recently update to node 4 from a much earlier version and it sounds like node is much more strict when these kind of problems arise.
There is an issue discussed here which talks about using ca files, but it's a bit beyond my understanding and I'm unsure what to do about it.
I am behind a corporate firewall, but I can get to the url fine in a browser without any restriction.
Does anyone have any further insight into this issue and what possible solutions there are?
I'm wondering about reverting to node 0.12 in the meantime :(

Try
npm config set strict-ssl false
This is a alternative shared in this url https://github.com/nodejs/node/issues/3742

There is an issue discussed here which talks about using ca files, but it's a bit beyond my understanding and I'm unsure what to do about it.
This isn't too difficult once you know how! For Windows:
Using Chrome go to the root URL NPM is complaining about (so https://raw.githubusercontent.com in your case).
Open up dev tools and go to Security-> View Certificate. Check Certification path and make sure your at the top level certificate, if not open that one. Now go to "Details" and export the cert with "Copy to File...".
You need to convert this from DER to PEM. There are several ways to do this, but the easiest way I found was an online tool which should be easy to find with relevant keywords.
Now if you open the key with your favorite text editor you should see
-----BEGIN CERTIFICATE-----
yourkey
-----END CERTIFICATE-----
This is the format you need. You can do this for as many keys as you need, and combine them all into one file. I had to do github and the npm registry keys in my case.
Now just edit your .npmrc to point to the file containing your keys like so
cafile=C:\workspace\rootCerts.crt
I have personally found this to perform significantly better behind our corporate proxy as opposed to the strict-ssl option. YMMV.

This worked for me:
export NODE_TLS_REJECT_UNAUTHORIZED=0
Please refer to the NodeJS documentation for usage and warnings:
https://nodejs.org/api/cli.html#cli_node_tls_reject_unauthorized_value

Anyone gets this error when 'npm install' is trying to fetch a package from HTTPS server with a self-signed or invalid certificate.
Quick and insecure solution:
npm config set strict-ssl false
Why this solution is insecure?
The above command tells npm to connect and fetch module from server even server do not have valid certificate and server identity is not verified. So if there is a proxy server between npm client and actual server, it provided man in middle attack opportunity to an intruder.
Secure solution:
If any module in your package.json is hosted on a server with self-signed CA certificate then npm is unable to identify that server with an available system CA certificates.
So you need to provide CA certificate for server validation with the explicit configuration in .npmrc.
In .npmrc you need to provide cafile, please refer to more detail about cafile configuration.
cafile=./ca-certs.pem
In ca-certs file, you can add any number of CA certificates(public) that you required to identify servers. The certificate should be in “Base-64 encoded X.509 (.CER)(PEM)” format.
For example,
# cat ca-certs.pem
DigiCert Global Root CA
=======================
-----BEGIN CERTIFICATE-----
CAUw7C29C79Fv1C5qfPrmAE.....
-----END CERTIFICATE-----
VeriSign Class 3 Public Primary Certification Authority - G5
========================================
-----BEGIN CERTIFICATE-----
MIIE0zCCA7ugAwIBAgIQ......
-----END CERTIFICATE-----
Note: once you provide cafile configuration in .npmrc, npm try to identify all server using CA certificate(s) provided in cafile only, it won't check system CA certificate bundles then.
Here's a well-known public CA authority certificate bundle.
One other situation when you get this error:
If you have mentioned Git URL as a dependency in package.json and git is on invalid/self-signed certificate then also npm throws a similar error.
You can fix it with following configuration for git client
git config --global http.sslVerify false

Typings can be configured with the ~/.typingsrc config file. (~ means your home directory)
After finding this issue on github: https://github.com/typings/typings/issues/120, I was able to hack around this issue by creating ~/.typingsrc and setting this configuration:
{
"proxy": "http://<server>:<port>",
"rejectUnauthorized": false
}
It also seemed to work without the proxy setting, so maybe it was able to pick that up from the environment somewhere.
This is not a true solution, but was enough for typings to ignore the corporate firewall issues so that I could continue working. I'm sure there is a better solution out there.

If you're on a corporate computer, it likely has custom certificates (note the plural on that). It took a while to figure out, but I've been using this little script to grab everything and configure Node, NPM, Yarn, AWS, and Git (turns out the solution is similar for most tools). Stuff this in your ~/.bashrc or ~/.zshrc or similar location:
function setup-certs() {
# place to put the combined certs
local cert_path="$HOME/.certs/all.pem"
local cert_dir=$(dirname "${cert_path}")
[[ -d "${cert_dir}" ]] || mkdir -p "${cert_dir}"
# grab all the certs
security find-certificate -a -p /System/Library/Keychains/SystemRootCertificates.keychain > "${cert_path}"
security find-certificate -a -p /Library/Keychains/System.keychain >> "${cert_path}"
# configure env vars for commonly used tools
export GIT_SSL_CAINFO="${cert_path}"
export AWS_CA_BUNDLE="${cert_path}"
export NODE_EXTRA_CA_CERTS="${cert_path}"
# add the certs for npm and yarn
# and since we have certs, strict-ssl can be true
npm config set -g cafile "${cert_path}"
npm config set -g strict-ssl true
yarn config set cafile "${cert_path}" -g
yarn config set strict-ssl true -g
}
setup-certs
You can then, at any time, run setup-certs in your terminal. Note that if you're using Nvm to manage Node versions, you'll need to run this for each version of Node. I've noticed that some corporate certificates get rotated every so often. Simply re-running setup-certs fixes all that.
You'll notice that most answers suggest setting strict-ssl to false. Please don't do that. Instead use the setup-certs solution to use the actual certificates.

My problem was that my company proxy was getting in the way. The solution here was to identify the Root CA / certificate chain of our proxy, (on mac) export it from the keychain in .pem format, then export a variable for node to use.
export NODE_EXTRA_CA_CERTS=/path/to/your/CA/cert.pem

There are different reason for this issue and workaround is different depends on situation. Listing here few workaround (note: it is insecure workaround so please check your organizational policies before trying).
Step 1: Test and ensure internet is working on machine with command prompt and same url is accessible directly which fails by NPM. There are many tools for this, like curl, wget etc. If you are using windows then try telnet or curl for windows.
Step 2: Set strict ssl to false by using below command
npm -g config set strict-ssl false
Step 3: Set reject unauthorized TLS to no by using below command:
export NODE_TLS_REJECT_UNAUTHORIZED=0
In case of windows (or can use screen to set environment variable):
set NODE_TLS_REJECT_UNAUTHORIZED=0
Step 4: Add unsafe param in installation command e.g.
npm i -g abc-package#1.0 --unsafe-perm true

In case you use yarn:
yarn config set strict-ssl false

Add:
process.env["NODE_TLS_REJECT_UNAUTHORIZED"] = 0;
Source: Ignore invalid self-signed ssl certificate in node.js with https.request?

I have encountered the same issue. This command didn't work for me either:
npm config set strict-ssl false
After digging deeper, I found out that this link was block by our IT admin.
http://registry.npmjs.org/npm
So if you are facing the same issue, make sure this link is accessible to your browser first.

For anyone coming to this from macOS:
Somehow, npm hasn't picked up correct certificates file location, and I needed to explicitly point to it:
$ echo "cafile=$(brew --prefix)/share/ca-certificates/cacert.pem" >> ~/.npmrc
$ cat ~/.npmrc # for ARM macOS
cafile=/opt/homebrew/share/ca-certificates/cacert.pem

Well this is not a right answer but can be consider as a quick workaround. Right answer is turn off Strict SSL.
I am having the same error
PhantomJS not found on PATH
Downloading https://github.com/Medium/phantomjs/releases/download/v2.1.1/phantomjs-2.1.1-windows.zip
Saving to C:\Users\Sam\AppData\Local\Temp\phantomjs\phantomjs-2.1.1-windows.zip
Receiving...
Error making request.
Error: unable to get local issuer certificate
at TLSSocket. (_tls_wrap.js:1105:38)
at emitNone (events.js:106:13)
at TLSSocket.emit (events.js:208:7)
at TLSSocket._finishInit (_tls_wrap.js:639:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:469:38)
So the after reading the error.
Just downloaded the file manually and placed it on the required path.
i.e
C:\Users\Sam\AppData\Local\Temp\phantomjs\
This solved my problem.
PhantomJS not found on PATH
Download already available at C:\Users\sam\AppData\Local\Temp\phantomjs\phantomjs-2.1.1-windows.zip
Verified checksum of previously downloaded file
Extracting zip contents

A disclaimer: This solution is less secure, bad practice, don't do this.
I had a duplicate error message--I'm behind a corporate VPN/firewall. I was able to resolve this issue by adding a .typingsrc file to my user directory (C:\Users\MyUserName\.typingsrc in windows). Of course, anytime you're circumventing SSL you should be yapping to your sys admins to fix the certificate issue.
Change the registry URL from https to http, and as seen in nfiles' answser above, set rejectUnauthorized to false.
.typingsrc (placed in project directory or in user root directory)
{
"rejectUnauthorized": false,
"registryURL": "http://api.typings.org/"
}
Optionally add your github token (I didn't find success until I had added this too.)
{
"rejectUnauthorized": false,
"registryURL": "http://api.typings.org/",
"githubToken": "YourGitHubToken"
}
See instructions for setting up your github token at https://github.com/blog/1509-personal-api-tokens

Once you have your certificate (cer or pem file), add it as a system variable like in the screenshot below.
This is the secure way of solving the problem, rather than disabling SSL. You have to tell npm or whatever node tool you're using to use these certificates when establing an SSL connection using the environment variable NODE_EXTRA_CA_CERTS.
This is common when you're behind a corporate firewall or proxy. You can find the correct certificate by just inspecting the security tab in Chrome when visiting a page while on your company's VPN or proxy and exporting the certificate through the "Manage Computer Certificates" window in Windows.

On FreeBSD, this error can be produced because the cafile path is set to a symlink instead of the absolute path.

Installing Bower Package behind a proxy

I am struggling with the Bower's installation behind my company's network.
Despite of setting npm proxy and bower proxy (in the .bowerrc file), as suggested in many other posts, I still get this error:
bower ECONNREFUSED Request to https://bower.herokuapp.com/packages/bootstrap-sass-official failed: connect ECONNREFUSED
On the other hand node, npm and grunt seem to work well.
Can anybody help with some other idea about how to tackle the problem?

Try to create a file named ".bowerrc" inside your user profile (usually at "C:/Users/[YOUR USERNAME]" or "%USERPROFILE%" shortcut).
Try to put this inside your file and save:
{
"registry": "http://bower.herokuapp.com"
}
If that doesn't work, try to put this:
{
"registry": "http://bower.herokuapp.com",
"proxy": "http://<user>:<pwd>#proxy.host.br:8080",
"https-proxy": "http://<user>:<pwd>#proxy.host.br:8080",
"strict-ssl": false
}
PS.: You will need to know your company's proxy address.

Have you tried:
http_proxy='proxyserver' https_proxy='proxyserver' bower install
?

{
"directory": "library",
"registry": "http://bower.herokuapp.com",
"proxy":"http://<USERNAME>:<PASSWORD>#<PROXY_IP>:<PROXY_PORT>/",
"https-proxy":"http://<USERNAME>:<PASSWORD>#<PROXY_IP>:<PROXY_PORT>/"
}
This code worked for me. I am using Win 7 and chrome and also git bash. Here few things need to be cleared. This takes me huge time to find the actual data regarding the user name, password, proxy IP and Port. I will describe it step by step so that every learners can easily grasp the message:
Create a file in the notepad named .bowerrc in the login folder; You can go there by typing at Start>Run>%UserProfile% and press OK.
Type above code in the .bowerrc file with the following changes:
Replace <USERNAME> with your internet connection user ID or login ID
Replace <PASSWORD> with your internet connection password or login password.
Replace <PROXY_IP> and <PROXY_PORT> with the working proxy IP address and its port number.
Note: There should be no angle brackets.
Proxy IP should be different than your own IP.
Before using any proxy IP and port you should check it is working by changing your proxy IP and port.
You can go through this link to know the details of proxy settings at description here
From this proxy settings you will get Proxy IP and Port.
Recheck all the input so that all are correct and save and close the file.
Open git bash and change directory to the project file and type command and hit enter, in my case, git bash command:
a#a-PC MINGW32 /d/conFusion
$ bower install
It worked like magic.

In my case, my .bowerrc file was using a proxy (so .bowerrc had both proxy and https-proxy properties set, without any username or password).
Those were causing me the ECONNREFUSED.
https://github.com/jquery/jquery.git", exit code of #128 fatal: unable to access 'https://github.com/jquery/jquery.git/':
Failed to connect to webproxy.wlb2.nam.nsroot.net port 8080: Connection refused
Additional error details:
fatal: unable to access 'https://github.com/jquery/jquery.git/':
Failed to connect to webproxy.wlb2.nam.nsroot.net port 8080: Connection refused
I removed them, (my current internet connection is not behind a proxy), and so errors stopped.

Get Node.js npm command to work behind corporate proxy

I am trying to install bower
npm install -g bower
but am getting an authentication error from our proxy
...
npm http 407 http://registry.npmjs.org/bower
...
Error Code: 407 Proxy Authentication Required.
...
I am trying to get npm working behind a corprate proxy. I think our proxy is a little weird because the only way I was able to get maven downloading packages was to add wagon-http-lightweight.jar as a maven extension.
http://maven.apache.org/wagon/wagon-providers/wagon-http-lightweight/
I have tried all the regular things as described here:
Is there a way to make npm install (the command) to work behind proxy?
(I don't need to supply authentication details in my maven proxy settings).
npm config set registry http://registry.npmjs.org/
npm config set proxy http://myusername:mypassword#proxy.us.somecompany:8080
npm config set https-proxy http://myusername:mypassword#proxy.us.somecompany:8080
npm config set strict-ssl false
What else can I try?

Can try this....working for me.
Open IE (Chrome did not work for me).
Hit the URL http://registry.npmjs.org
it will download json output if successful.
Now go back to command prompt and try npm install.

I was able to get this working by installing a local proxy:
NPM behind NTLM proxy

Use fiddler http://www.telerik.com/fiddler
Install and run and that's it, everything will run as it is supposed to. I spent half a day cracking my head on this
Edit: I honestly have no idea if it was fiddler or something else I tried that fixed it (it is mostly the latter) but you should try setting registry, http-proxy, proxy and strict-ssl
When authentication is required for the HTTP proxy:
Fiddler can be configured to authenticate with the corporate HTTP proxy using NTLM or other protocols. Leave the existing auto authenticate options/rules defaults in place. Instead, go to this setting from the menu bar:
Tools > Telerik Fiddler Options > Connections tab
Click on the Allow remote computers to connect checkbox. You will see a dialog explaining the consequences of enabling this option. Restart Fiddler and update the .npmrc file as shown above. Whenever you need npm to access the registry site just run Fiddler. This setting won't affect the way Fiddler runs for other captures.

I have the same issue.
The root cause is my password contains a special character '#', when I npm set config proxy, the character become '#' in .npmrc file, so I change my password to remove the special character and it's working fine.
If your password does not contains special characters, just use syntax command below, it will work.
npm config set strict-ssl=false
npm config set proxy http://<username>:<password>#<proxy-server-url>:<port>
npm config set https-proxy http://<username>:<password>#<proxy-server-url>:<port>
Thanks,

NPM behind NTLM proxy

Is it possible to run npm install behind an HTTP proxy, which uses NTLM authentication? If yes, how can I set the server's address and port, the username, and the password?

I solved it this way (OS: Windows XP SP3):
1. Download CNTLM installer and run it.
2. Find and fill in these fields in cntlm.ini. Do not fill in the Password field, it's never a good idea to store unencrypted passwords in text files.
Username YOUR_USERNAME
Domain YOUR_DOMAIN
Proxy YOUR_PROXY_IP:PORT
Listen 53128
3. Open console, and type these commands to generate password hashes.
> cd c:\the_install_directory_of_cntlm
> cntlm -H
Password: ...type proxy password here...
PassLM D6888AC8AE0EEE294D954420463215AE
PassNT 0E1FAED265D32EBBFB15F410D27994B2
PassNTLMv2 91E810C86B3FD1BD14342F945ED42CD6
4. Copy the above three lines into cntlm.ini, under the Domain field's line. Once more, do not fill in the Password field. Save cntlm.ini.
5. Open the Service Manager (from command line: services.msc), and start the service called "CNTLM Authentication Proxy".
6. In the console, type these lines:
> npm config set proxy http://localhost:53128
> npm config set https-proxy http://localhost:53128
> npm config set registry https://registry.npmjs.org
7. Now npm view, npm install etc. should work. Example:
> npm view qunit
...nice answer, no errors :)

CNTLM answer was working for me, but with connection errors make npm unusable. I've fixed them by adding this header in CNTML.
Header Connection: close

Another alternative is to use Px for Windows which talks NTLM on your behalf like Cntlm and NTLMAps without having to provide your credentials. It uses the logged in user's credentials via SSPI.

Rather than running CNTLM, you could instead try running Fiddler when you need to use npm. I've found this works in fairly locked down environments (e.g. investment banks). It's also a tool that is fairly easy to make a business case for (if you need to) since it's invaluable for checking/creating/altering HTTP traffic.
I've had to go this route before due to usage of smartpass authentication - i.e. we didn't actually have passwords. At those locations setting up CNTLM would have been impossible.

You can pass the settings as parameters:
npm --proxy=http://username:password#proxyserver:port --proxy-https=http://username:password#proxyserver:port --registry=http://registry.npmjs.org/ install whateveryouwanttoinstall

CNTLM didn't work for me. I tried all possible combinations. NPM was giving Authentication error. Fiddler came for rescue and saved my time. It is easy to install and configure. Set Fiddler Rule to Automatically Authenticated.In .npmrc set these
registry=http://registry.npmjs.org
proxy=http://127.0.0.1:8888
https-proxy=http://127.0.0.1:8888
http-proxy=http://127.0.0.1:8888
strict-ssl=false
It worked for me :)
Another Fiddler Option:
A second way to make Fiddler act as an HTTP proxy for NTLM and other protocols is to leave the auto authenticate options/rules defaults in place and go to this setting from the menu bar:
Tools > Telerik Fiddler Options > Connections tab
Click on the Allow remote computers to connect checkbox. You will see a dialog explaining the consequences of enabling this option. Restart Fiddler and update the .npmrc file as shown above. Whenever you need npm to access the registry site just run Fiddler. This setting won't affect the way Fiddler runs for other captures.

Open your .npmrc file in C:\users\username\ folder using notepad
Add the below lines..
Replace domain, username, pwd, servername with your correct values
Try to install or get packages now
If trying from Vs2017, close and reopen VS IDE, then only it works
proxy=http://DOMAIN%5CUSERNAME:PWD#proxy.servername.com:6050
https-proxy=http://DOMAIN%5CUSERNAME:PWD#proxy.servername.com:6050
http-proxy=http://DOMAIN%5CUSERNAME:PWD#proxy.servername.com:6050
strict-ssl=false

CNTLM worked for me as suggested by KOL. Thanks KOL for that. Just wanted to add that there are some oddities in individual proxies because of which the password may not be acceptable when using simple cntlm -H.
Use cntlm -I -M http://test.com and copy the below config after erasing older configs and you should be through.
The output is like
---------------------------------------------------
Auth NTLM
PassNT 8EE9B595A89F7D8774C2146FB302CBCF
PassLM 78901DA9889727EDE28EF9F2769485B9
----------------------------------------------------