cli icon indicating copy to clipboard operation
cli copied to clipboard
verified publisher icon npm

[BUG] Using `--install-strategy = "linked"` ignores the `strict-ssl` config

Open Treycos opened this issue 6 months ago • 0 comments

Is there an existing issue for this?

  • [x] I have searched the existing issues

This issue exists in the latest npm version

  • [x] I am using the latest npm

Current Behavior

Running npm i with the following configuration:

Global configuration since we're running behind a restrictive firewall:

npm config set strict-ssl false

Config file in our project .npmrc:

install-strategy = "linked"

The command output gives us a c:

npm error: Error: self-signed certificate in certificate chain
///
npm error:  code: 'SELF_SIGNED_CERT_IN_CHAIN'

Running the install script using the default strategy works fine (no cert error)

Expected Behavior

The strict-ssl config param should work the same way no matter which install-strategy is selected

Steps To Reproduce

  1. Install packages with self-signed cetificates
  2. Set strict-ssl to false
  3. Set install-strategy to linked
  4. Run npm install
  5. Get error SELF_SIGNED_CERT_IN_CHAIN

Environment

  • npm: 11.4.1
  • Node.js: 20.18.1
  • OS Name: Windows 11
  • npm config:
cafile = // File path
prefix = // Appdata path
registry = // Company registry
strict-ssl = false
unsafe-perm = true

Treycos avatar Jun 02 '25 16:06 Treycos