NPM can't verify certificate after man-in-the-middle tls inspection enabled

Posted by Orville Bennett on September 30, 2018
Read time: less than 1 minute

So, I have TLS 1 inspection happening for some machines on my home network, including my development machine are among the machines where I allow this to happen.

While trying to install an npm package the other day I ran into some errors. After I checked the log file at ~/.npm/_logs/2018-09-22T04_08_03_137Z-debug.log I found out some a potential culprit. The failure led to the following message being printed out::

silly fetchPackageMetaData error for gatsby-cli@latest request to https://registry.npmjs.org/gatsby-cli failed, reason: unable to verify the first certificate

Apparently npm was unable to verify the certificate. This makes sense as npm has it’s own certificate store, which my intercepting root certificate2 did not get added to. While I could have tried adding my root certificate to npm’s global store, I decided to use npm’s built in facilities to do the job. I moved my root certificate file to ~/.certs and pointed npm at it like so:

npm config set cafile ~/.certs/root.pem

All credit to the NPM Wiki for this solution.

  1. TLS stands for Transport Layer Security and the successor to SSL (Secure Socket Layer). TLS encryption is commonly used to protect web traffic from eavedropping. 

  2. I can’t even begin to do this justice in a sentence, so I’ll just refer you to here and here