gyp ERR, Npm is unable to get local issuer certificate

Question

I am working on clean Windows 10 installation. Only thing is cygwin that I installed to get unix commands in the cmd.

When I type npm install -g @angular/cli it downloads the necessary files but I receive an error:

gyp ERR! configure error
gyp ERR! stack Error: unable to get local issuer certificate
gyp ERR! stack     at Error (native)
gyp ERR! stack     at TLSSocket.<anonymous> (_tls_wrap.js:1092:38)
gyp ERR! stack     at emitNone (events.js:86:13)
gyp ERR! stack     at TLSSocket.emit (events.js:185:7)
gyp ERR! stack     at TLSSocket._finishInit (_tls_wrap.js:610:8)
gyp ERR! stack     at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:440:38)
gyp ERR! System Windows_NT 10.0.15063
gyp ERR! command "C:\\Program Files\\nodejs\\node.exe" "C:\\Users\\user\\AppData\\Roaming\\npm\\node_modules\\@angular\\cli\\node_modules\\node-gyp\\bin\\node-gyp.js" "rebuild" "--verbose" "--libsass_ext=" "--libsass_cflags=" "--libsass_ldflags=" "--libsass_library="
gyp ERR! cwd C:\Users\user\AppData\Roaming\npm\node_modules\@angular\cli\node_modules\node-sass
gyp ERR! node -v v6.11.2
gyp ERR! node-gyp -v v3.6.2
gyp ERR! not ok
Build failed with error code: 1

I edited npm config file like 'npm config edit'. In the opened file I added the following settings:

strict-ssl=false
http_proxy=null
proxy=null

But this does not work and I still receive the same error. What more, npm install also breaks with the same result.

Answer 1

I had the same issue. The following solved my issue

• Windows

set NODE_TLS_REJECT_UNAUTHORIZED=0

• Linux

export NODE_TLS_REJECT_UNAUTHORIZED=0

Then npm install again

You can refer here for more info.

Answer 2

The answer from @Emon is correct, however for Linuz users the command obviously would be:

export NODE_TLS_REJECT_UNAUTHORIZED=0

Edit: as pointed out in the comments this should be used only as temporary fix for development, but it exposes you to man-in-the-middle attacks. The long-term solution should be to properly set up SSL certificates.

Answer 3

Find the certificate bundle on your system and then set the environment variable NODE_EXTRA_CA_CERTS to that path.

find / -name *.crt

/etc/ssl/certs/ca-certificates.crt
/usr/share/ca-certificates/full_bundle.crt
/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt
/usr/share/ca-certificates/mozilla/E-Tugra_Certification_Authority.crt
...

You should get lots of results so you will have to look through them to determine the correct crt file. then:

export NODE_EXTRA_CA_CERTS=/usr/share/ca-certificates/full_bundle.crt

Answer 4

The issue is that your machine is being blocked by security - possibly by a firewall or by software installed on your machine - from downloading files into the _cacert folder. I got around this by running "npm install" on another machine that was not being blocked and then using the _cacert folder from that machine on my machine.

The same issue also exists for ca certificates that you already have because they usually have an expiration date. You will get a warning message like "Using stale data from https://registry.npmjs.org/ due to a request error during revalidation." when doing an npm install or update in such cases. Eventually, your certificate will expire and you will blocked altogether.

This is an awkward workaround. The only real long time solution is work with the security provider to stop blocking new ca certificates from being downloaded.