npm install error - unable to get local issuer certificate

I am getting an unable to get local issuer certificate error when performing an npm install:

typings ERR! message Unable to read typings for "es6-shim". You should check the
 entry paths in "es6-shim.d.ts" are up to date
typings ERR! caused by Unable to connect to "https://raw.githubusercontent.com/D
efinitelyTyped/DefinitelyTyped/7de6c3dd94feaeb21f20054b9f30d5dabc5efabd/es6-shim
/es6-shim.d.ts"
typings ERR! caused by unable to get local issuer certificate

I have recently update to node 4 from a much earlier version and it sounds like node is much more strict when these kind of problems arise.

There is an issue discussed here which talks about using ca files, but it's a bit beyond my understanding and I'm unsure what to do about it.

I am behind a corporate firewall, but I can get to the url fine in a browser without any restriction.

Does anyone have any further insight into this issue and what possible solutions there are?

I'm wondering about reverting to node 0.12 in the meantime :(


Solution 1:

Try

npm config set strict-ssl false

This is a alternative shared in this url https://github.com/nodejs/node/issues/3742

Solution 2:

There is an issue discussed here which talks about using ca files, but it's a bit beyond my understanding and I'm unsure what to do about it.

This isn't too difficult once you know how! For Windows:

Using Chrome go to the root URL NPM is complaining about (so https://raw.githubusercontent.com in your case). Open up dev tools and go to Security-> View Certificate. Check Certification path and make sure your at the top level certificate, if not open that one. Now go to "Details" and export the cert with "Copy to File...".

You need to convert this from DER to PEM. There are several ways to do this, but the easiest way I found was an online tool which should be easy to find with relevant keywords.

Now if you open the key with your favorite text editor you should see

-----BEGIN CERTIFICATE----- 

yourkey

-----END CERTIFICATE-----

This is the format you need. You can do this for as many keys as you need, and combine them all into one file. I had to do github and the npm registry keys in my case.

Now just edit your .npmrc to point to the file containing your keys like so

cafile=C:\workspace\rootCerts.crt

I have personally found this to perform significantly better behind our corporate proxy as opposed to the strict-ssl option. YMMV.