score:426

Accepted answer

A quick solution from the internet search was npm config set strict-ssl false, luckily it worked. But as a part of my work environment, I am restricted to set the strict-ssl flag to false.

Later I found a safe and working solution,

npm config set registry http://registry.npmjs.org/  

this worked perfectly and I got a success message Happy Hacking! by not setting the strict-ssl flag to false.

score:-1

doing the following steps solved it for me.

npm config set strict-ssl=false
npm config set registry http://registry.npmjs.org/
npm config set cafile /path/to/your/cert.pem
set NODE_TLS_REJECT_UNAUTHORIZED=0

score:0

Some schematics use yarn under the hood and throw the same error.

yarn config set registry http://registry.npmjs.org

score:0

Zscalar update policy help me to make network calls, after trying couple of work around mentioned.

Workarounds tried Before Zscalar update:

Update policy(Highlighted in yellow) in Zscalar app helped me to fix "unable to get local issuer certificate" issue.

Open Zscalar App -> click

score:0

This is what worked for me (on a Mac 10.15.7).

My issue was I tried this command...

npm install eslint --save-dev

...and got this error message...

npm ERR! code UNABLE_TO_GET_ISSUER_CERT_LOCALLY
npm ERR! errno UNABLE_TO_GET_ISSUER_CERT_LOCALLY
npm ERR! request to https://registry.npmjs.org/eslint failed, reason: unable to get local issuer certificate

...I googled one of the error messages and ended up on the stack overflow issue you are reading now.

I then tried one of the suggestions above, i.e.

npm config set registry http://registry.npmjs.org/

...then, I again tried...

npm install eslint --save-dev

...and got the same error message.

Then I did something unique. I connected to my company's vpn. (This is the opposite of what someone (i.e. @mask) suggested. They said they turned OFF their vpn!)

I tried...

npm install eslint --save-dev

...for the third time and it worked like a charm. Problem solved. (-:

(Aside: I wonder if my first attempt to fix this, i.e.

npm config set registry http://registry.npmjs.org/

...was necessary?)

score:1

I had this error when I tried to update npm, but had a really old version (1.3.6 !) installed from yum in AWS Linux. I was able to manually install a newer npm version and everything was remedied.

score:1

Its very easy to fix this issue.

ERROR

npm ERR! code UNABLE_TO_GET_ISSUER_CERT_LOCALLY 
npm ERR! errno UNABLE_TO_GET_ISSUER_CERT_LOCALLY
npm ERR! request to https://registry.npmjs.org/yarn failed, reason: unable to get local issuer certificate  
npm ERR! A complete log of this run can be found in:

Solution

If you are in organization or intranet then use below commend.

npm config set registry https://type_your_org_repo_fqdn

other wise

npm config set registry http://registry.npmjs.org/

score:4

For me the issue was VPN, I disconnected the VPN and "npm i" command worked with no fail.

score:4

What is your OS? On Ubuntu I was able to fix this error by running

npm config set cafile /etc/ssl/certs/ca-certificates.crt

to tell npm to use my system's certificate store. Debian uses the same system certificate path, I'm less familiar with other distributions and OSes.

(I don't like the other answers that all turn off certificate verification and allow man-in-the-middle attacks.)

score:6

In my case, at some point I set my global config to use a cert that was meant for a project.

npm config list

/path/to/global/.npmrc
NODE_EXTRA_CA_CERTS = "./certs/chain.pem"

I opened the file, removed the line and npm install worked again.

score:6

npm config set registry http://registry.npmjs.org/

If this code trick didn't work for you then try to run your application from home directory.. It worked for me.

score:9

Had the same error. Looks like it is related to SSL certificates. If you are using NPM for public packages (don't need the security of HTTPS) you can turn off strict SSL key validation with the following command.

This might be the simplest fix if you're just looking to install a few publicly available packages one time.

npm config set strict-ssl=false

score:28

After trying out every solution I could find:

  • Turning off strict ssl: npm config set strict-ssl=false
  • Changing the registry to http instead of https: npm config set registry http://registry.npmjs.org/
  • Changing my cafile setting: npm config set cafile /path/to/your/cert.pem
  • Stop rejecting unknown CAs: set NODE_TLS_REJECT_UNAUTHORIZED=0

The solution that seems to be working the best for me now is to use the NODE_EXTRA_CA_CERTS environment variable which extends the existing CAs rather than replacing them with the cafile option in your .npmrc file. You can set it by entering this in your terminal: NODE_EXTRA_CA_CERTS=path/to/your/cert.pem

Of course, setting this variable every time can be annoying, so I added it to my bash profile so that it will be set every time I open terminal. If you don’t already have a ~/.bash_profile file, create one. Then at the end of that file add export NODE_EXTRA_CA_CERTS=path/to/your/cert.pem. Then, remove the cafile setting in your .npmrc.

score:33

Changing the NPM repo URL to HTTP works as a quick-fix, but I wanted to use HTTPS.

In my case, the proxy at my employer (ZScaler) was causing issues (as it acts as a MITM, causing certification verification issues)

I forgot I found a script that helps with this and Git (for cloning GitHub repos via HTTPS had the same issue) and forked it for my use

Basically, it does the following for git:

git config --global http.proxy http://gateway.zscaler.net:80/
git config --system http.proxy http://gateway.zscaler.net:80/

and for Node, it adds proxy=http://gateway.zscaler.net:80/ to the end of c:\Users\$USERNAME\npm\.npmrc

That solved the issue for me.

score:58

what may be happening is your company decrypts certain traffic and re-encrypts it with their certificate (which you probably already have in your keychain or trusted root certificates)

if you're using node 7 or later I've found this fix to be compatible with node and node-gyp (for Windows you'll need to do this differently, but you basically just need to add this environment variable):

export NODE_EXTRA_CA_CERTS="absolute_path_to_your_certificates.pem" (in Windows you may need to remove the quotes)

the pem file can have multiple certificates: https://nodejs.org/api/cli.html#node_extra_ca_certsfile

make sure your certificates are in proper pem format (you need real line breaks not literal \n)

I couldn't seem to get it to work with relative paths (. or ~)

This fix basically tells npm and node-gyp to use the check against the regular CAs, but also allow this certificate when it comes across it

Ideally you would be able to use your system's trusted certificates, but unfortunately this is not the case.


Related Query

More Query from same tag