Login/Register
Using npm behind corporate proxy .pac
Asked Answered
Solved node.jsnpmproxypacnpm-config
P

28

184

I need to download several packages through npm but our corporate proxy configuration is a .pac file (i'm on windows)

I have already tried

npm config set proxy http://mydomain\username:[email protected]:8181/proxy.pac
npm config set https-proxy http://mydomain\username:[email protected]:8181/proxy.pac

or

npm config set proxy http://1.2.3.4:8181/proxy.pac
npm config set https-proxy http://1.2.3.4:8181/proxy.pac

but it doesn't work...

any suggestion? thanks

Prospectus answered 4/9, 2014 at 8:40 Comment(5)
Possible duplicate of Is there a way to make npm install (the command) to work behind proxy?Tab
I don't think this question is a duplicate, pac scripts can contain multiple proxy addresses depending on the target ip/host address, while the dube only addresses 1 proxy address - From reviewMetallist
Not a single answer indicate how to use pac scripts which can contain multiple proxy addresses depending on the target ip/host address. Can anyone help please.Tintype
For me it helped to open the proxy.pac file in order to get proxy address from it. (In my case I simply had to switch port to 8080).Sweltering
@ParthaSarathiGhosh You're right, none of the answers actually explained how to use PAC scripts, so I've added another answer which addresses this: stackoverflow.com/a/61811444. It's a few years late, but better late than never?Urina
E
227

I've just had a very similar problem, where I couldn't get npm to work behind our proxy server.

My username is of the form "domain\username" - including the slash in the proxy configuration resulted in a forward slash appearing. So entering this:

npm config set proxy "http://domain\username:password@servername:port/"

then running this npm config get proxy returns this: http://domain/username:password@servername:port/

Therefore to fix the problem I instead URL encoded the backslash, so entered this:

npm config set proxy "http://domain%5Cusername:password@servername:port/"

and with this the proxy access was fixed.

Entrust answered 29/1, 2015 at 15:29 Comment(16)
if u do your little %5 workaround i get URIError: URI malformed(on windows) did you encrypt your password?Overactive
its cause your missing the %5C .key part being the C....see i spaced it out for yaDither
I just updated some stuff and my proxy stopped working again. It turned out that in the "proxy" setting of the .npmrc file (as mentioned below by @Ovidiu Buligan) it contained the %5C for the backslash, but the "https-proxy" just contained the "\". Changing this to also by %5C fixed the problem. I presume this could also be updated by running npm config set http_proxy "domain% 5Cusername:password@servername:port/"Entrust
I'm trying to configure npm behind proxy, but there is a way to do a "ping" using npm configuration. Because if my conf is wrong my user will get blocked on my corporate domain.Juggler
I got this to work using http, for the https_proxy variable just like this answer states. I had thought it was a accidental omission, but it turned out to be a very important detail.Macgregor
What worked for me is to CLEAR the darn environmental variables first. Use set HTTP_PROXY= and set HTTPS_PROXY=Destined
Adding strict-ssl=false to the .npmrc config file solved for me behind a corporate proxy - see answers from @ovidiu-buligan and @karthikeyan-aAcrimony
while mentioning password, kindly take care of special characters too.Seventy
Is there any way to avoid sending passwords as plain text in URL?Insane
I ended up needing to turn off ssl, and set the https proxy to a http address. https://mcmap.net/q/137456/-npm-install-without-sslGearard
What should be the value of servername:port? We have url of automatic configuration script.Vignola
Thanks for this, it really helped me figure this out, I just needed to do a little tweak (double back-slashes) for my config to work: npm config set proxy "http://domain\\username:password@servername:port/"Rumor
Excellent; thanks for this. This just saved me a headache as I'd obtained the corporate proxy and a helpdesk bloke suggested requiring UID/PWD. I added this to my google search and found this SO thread. It worked like a charm this morning meaning I could let npm go and get the goods for some new work! Happy Friday! :)Cicily
Don't get me wrong, but isn't this a big security risk - putting your domain username and password in a text file on your PC? Developers usually have some form of elevated rights...Underexpose
I should note that this does not actually answer the question of using a PAC script with NPMGuillermoguilloche
Given that this is the accepted answer I like to point out that, strictly speaking, it is flawed. The trailing slash after the port must be removed for it to be correct. Otherwise it adresses the root (/) resource on servername:port and not the proxy server itself.Globular
R
68

Look for the url of the pac file in internet explorer lan settings and download the pac file from the URL configured. The pac file is just a javascript file with a function named FindProxyForURL which returns different proxy hosts in different scenarios.

Try to find a host in that pac file which you think is for general web traffic and plug it into .npmrc in C:\Users\<username>\.npmrc 

proxy=http://<username>:<pass>@proxyhost:<port>
https-proxy=http://<uname>:<pass>@proxyhost:<port>

Even though you may login with your domain and username on your corporate machine, It is highly possible that the user active directory domain name is not required for the proxy, only the username and password (which may be different than your Active Directory login)

Don't forget to fiddle with escaping special password characters.

Recollect answered 20/3, 2015 at 18:34 Comment(0)
M
59

Download your .pac file. Open it in any editor and look for PROXY = "PROXY X.X.X.X:80;. You may have many proxies, copy any of them and run the following terminal commands:

npm config set proxy http://X.X.X.X:80
npm config set https-proxy http://X.X.X.X:80

Now you should be able to install any package!

Mo answered 10/11, 2014 at 7:32 Comment(4)
For the https-proxy part, I had to do "... set https-proxy=http://..." instead of "... set https-proxy http://..." for it it to work. Just my $.02.Kremlin
Thanks setting https-proxy to http:// is the only thing that worked; after I unset the http_proxy and https_proxy environment variables from bash!Deathless
For https-proxy, i couldn't set to "set https-proxy https:/.../", I had to set to "set https-proxy http://..." (proxy info from https -> http)Photoelectron
same goes for git too, git config --global http.proxy http://X.X.X.X:80 git config --global https.proxy http://X.X.X.X:80Westbrook
D
42

I solved this problem this way:

1) I run this command:

npm config set strict-ssl false

2) Then set npm to run with http, instead of https:

npm config set registry "http://registry.npmjs.org/"

3) Then install your package

npm install <package name>

Definitely answered 31/8, 2016 at 6:59 Comment(1)
Just to point out that setting npm's strict-ssl to false is a security issue. Consider instead properly setting up the ca[] property on npm.Anchusin
A
31

To expand on @Steve Roberts answer.

My username is of the form "domain\username" - including the slash in the proxy configuration resulted in a forward slash appearing. So entering this:

npm config set proxy "http://domain\username:password@servername:port/"

I also had to URL encode my domain\user string, however, I have a space inside my username so I put a + to encode the space URL encoding, but it would get double encoded as %2B (which is the URL encoding for the plus sign, however the URL encoding for a space is %20), so I had to instead do the following:

npm command

// option one 
// it works for some packages
npm config set http_proxy "http://DOMAIN%5Cuser+name:[email protected]:port"
npm config set proxy "http://DOMAIN%5Cuser+name:[email protected]:port"

// option two
// it works best for me
// please notice that I actually used a space 
// instead of URL encode it with '+', '%20 ' OR %2B (plus url encoded)
npm config set http_proxy "http://DOMAIN%5Cuser name:[email protected]:port"
npm config set proxy "http://DOMAIN%5Cuser name:[email protected]:port"

// option two (B) as of 2019-06-01
// no DOMAIN
// instead of URL encode it with '+', '%20 ' OR %2B (plus url encoded)
npm config set http_proxy "http://user name:[email protected]:port"
npm config set proxy "http://user name:[email protected]:port"

troubleshooting npm config

I used the npm config list to get the parsed values that I had set above, and that is how I found out about the double encoding. Weird.

Essentially you must figure out the following requirements:

  1. Is a DOMAIN string required for authentication
  2. Do you need to encode special characters?
    • Spaces and at (@) signs are specially challenging

Regards.

WINDOWS ENVIRONMENT VARIABLES (CMD Prompt)

Update

Turns out that even with the above configurations, I still had some issues with some packages/scripts that use Request - Simplified HTTP client internally to download stuff. So, as the above readme explained, we can specify environment variables to set the proxy on the command line, and Request will honor those values.

Then, after (and I am reluctant to admit this) several tries (more like days), of trying to set the environment variables I finally succeeded with the following guidelines:

rem notice that the value after the = has no quotations
rem    - I believe that if quotations are placed after it, they become
rem    part of the value, you do not want that
rem notice that there is no space before or after the = sign
rem     - if you leave a space before it, you will be declaring a variable 
rem     name that includes such space, you do not want to do that
rem     - if you leave a space after it, you will be including the space
rem     as part of the value, you do not want that either
rem looks like there is no need to URL encode stuff in there
SET HTTP_PROXY=http://DOMAIN\user name:[email protected]:port
SET HTTPS_PROXY=http://DOMAIN\user name:[email protected]:port

cntlm

I used the above technique for a few weeks, untill I realized the overhead of updating my password across all the tools that needed the proxy setup.

Besides npm, I also use:

  • bower
  • vagrant
    • virtual box (running linux)
    • apt-get [linux]
  • git
  • vscode
  • brackets
  • atom
  • tsd

cntlm Setup Steps

So, I installed cntlm. Setting cntlm is pretty stright forward, you look for the ini file @ C:\Program Files\Cntlm\cntlm.ini

  1. Open C:\Program Files\Cntlm\cntlm.ini (you may need admin rights)
  2. look for Username and Domain lines (line 8-9 I think)
    • add your username
    • add your domain

  3. On cmd prompt run: 

    cd C:\Program Files\Cntlm\
cntlm -M
cntlm -H
    • you will be asked for the password:
     cygwin warning:
   MS-DOS style path detected: C:\Program Files\Cntlm\cntlm.ini
   Preferred POSIX equivalent is: /Cntlm/cntlm.ini
   CYGWIN environment variable option "nodosfilewarning" turns off this warning.
   Consult the user's guide for more details about POSIX paths:
     http://cygwin.com/cygwin-ug-net/using.html#using-pathnames
 Password:

  4. The output you get from cntlm -H will look something like:

    PassLM          561DF6AF15D5A5ADG  
PassNT          A1D651A5F15DFA5AD  
PassNTLMv2      A1D65F1A65D1ASD51  # Only for user 'user name', domain 'DOMAIN'
    • It is recomended that you use PassNTLMv2 so add a # before line PassLM and PassNT or do not use them
  5. Paste the output from cntlm -H on the ini file replacing the lines for PassLM, PassNT and PassNTMLv2, or comment the original lines and add yours.
  6. Add your Proxy servers. If you do not know what the proxy server is... Do what I did, I looked for my proxy auto-config file by looking for the AutoConfigURL Registry key in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings. Navigate to that url and look through the code which happens to be JavaScript.
  7. Optionaly you can change the port where cntlm listens to by changing the Listen #### line, where #### is the port number.

Setup NPM with cntlm

So, you point npm to your cntml proxy, you can use the ip, I used localhost and the default port for cntlm 3128 so my proxy url looks like this

http://localhost:3128

With the proper command:

npm config set proxy http://localhost:3128

Is a lot simpler. You setup all your tools with that same url, and you only update the password on one place. Life is so much simpler not.

Must Setup The npm CA certificate

From the npm documentation ca

If your corporate proxy is intercepting https connections with its own Self Signed Certificate, this is a must to avoid npm config set strict-ssl false (big no-no).

Basic steps

  1. Get the certificate from your browser (Chromes works well). Export it as Base-64 encoded X.509 (.CER)
  2. Replace new lines with \n
  3. Edit your .npmrc add a line ca[]="-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----"

Issues

I have noticed tha sometimes npm kind of hangs, so I stop (sometimes forcefully) cntlm and restart it.

Anchusin answered 31/8, 2015 at 21:0 Comment(1)
On Windows, an alternative for cntlm is github.com/genotrance/pxAntarctica
M
7

I had run into several issues with this and finally what I did is as follows:

  1. Used Fiddler, with "Automatically Authenticate" selected

  2. In fiddler custom rules, i added 

    if (m_AutoAuth) {oSession["X-AutoAuth"] = "domain\\username:password";}

  3. Finally in npm i set the proxy to http://localhost:8888

This worked fine.

Measly answered 1/9, 2015 at 23:5 Comment(3)
Thanks! Worked like a charm!! My scenario: Username was of "domain/username" format. Password had an "@" in it. Didn't have to do any URL encoding/decoding, etc. at allGamali
Worked perfectly for me. Thank you so much. Just wanted to point out that using "domain\\username:password" can pose a security threat of Identity Theft. Instead using the "(default)" config in the custom rules worked charmingly. Fiddler needs to be running while you use "npm" for this to work.Altdorfer
@Altdorfer Hey there, just wondering how does this actually works?Heraclitean
F
7

You can check Fiddler if NPM is giving Authentication error. It is easy to install and configure. Set Fiddler Rule to Automatically Authenticated.In .npmrc set these properties

registry=http://registry.npmjs.org
proxy=http://127.0.0.1:8888
https-proxy=http://127.0.0.1:8888
http-proxy=http://127.0.0.1:8888
strict-ssl=false

It worked for me :)

Frankish answered 29/4, 2016 at 5:4 Comment(1)
surprisingly, none of the configurations I used for my proxy worked, I used this and open fiddler and I could use it just fine...Capriola
S
7

For anyone struggling behind a corporate firewall, as well as issues with SSL (unable to get local issuer certificate), here are some steps you can try:

Forget about SSL

If you are not concerned about SSL, then you can follow the advice of many previous contributors by setting your proxies and changing the registry to the non-secure version:

npm config set proxy http://username:password@proxyname:port
npm config set https-proxy http://username:password@proxyname:port
npm config set registry http://registry.npmjs.org/

A quick "gotcha" here, my proxy credentials are the same for secured and non-secured requests (notice how I left my protocol as http:// for the https-proxy configuration). This may be the same for you, and it may not.

I want to keep SSL

If you want to keep SSL, and don't want to use strict-ssl=false, then you have more work to do. For me, I am behind a corporate firewall and we are using self-signed certificates, so I receive the error unable to get local issuer certificate. If you are in the same boat as me, then you will need to set the cafile= option in the npm config file. First, you need to create a PEM file which holds information about your self-signed certificates. If you do not know how to do that, here are instructions for a Windows environment without using 3rd party software:

We need to explicitly indicate which certificates should be trusted because we are using self signing certificates. For my example, I navigated to www.google.com using Chrome so I could grab the certificates.

In Chrome, go to Inspect -> Security -> View Certificate. You will see all of the certificates that allow the SSL connection. Notice how these certificates are self signed. The blurred-out part is my company, and we are not a Certified Authority. You can export the full certificate path as a P7B file, or you can export the certificates individually as CER files (base64 encoding). Exporting the full path as P7B doesn't do you much good because you will in-turn need to open this file in a certificate manager and export as individual CER files anyway. In Windows, double-clicking the P7B file will open the Certificate Manager application.

enter image description here

Exporting as CER (Base 64) is really a text file in the following format:

-----BEGIN CERTIFICATE-----
MIIGqzCCBZOgAwIBAgITIwAAABWhFPjwukYhTAADAAAAFTANBgkqhkiG9w0BAQUF
ADBFMRMwEQYKCZImiZPyLGQBGRYDY29tMRYwFAYKCZImiZPyLGQBGRYGaXJ2aW5n
b0pvCkNmjWzaNNUg2hYET+pP5nP75aRu+kPRl9UnlQ....rest of certificate...
-----END CERTIFICATE-----

To create our PEM file, we simply need to stack these certificates on top of each other into a single file and change the extension to .pem. I used notepad to do this.

You stack the certificates in reverse order from the certificate path. So above, I would start with *.google.com then paste Websense below it, then Issuing CA 1 etc. This way the certificates are parsed from the top to the bottom searching for the appropriate Root CA. Simply including the Root CA will not work, but we also do not need to include all the certificates. From the above path, I only need to include those certificates that come before the Websense certificate (Issuing CA 1, Policy CA, Root CA).

Once these self signed certs are saved to a PEM file, we are ready to instruct npm to use these certificates as our trusted CA. Simply set the config file and you should be good to go:

npm config set cafile "C:\yourcerts.pem"

Now, with your proxies set (http and https), and the registry set to https://registry.npmjs.org, you should be able to install packages behind a corporate firewall with self-signed certificates without nuking the strict-ssl setting.

Sangraal answered 11/7, 2017 at 19:36 Comment(0)
B
6

You will get the proxy host and port from your server administrator or support.

After that set up

npm config set http_proxy http://username:[email protected]:itsport
npm config set proxy http://username:[email protected]:itsport

If there any special character in password try with % urlencode. Eg:- pound(hash) shuold be replaced by %23.

This worked for me...

Beta answered 7/7, 2015 at 22:0 Comment(0)
G
5

Try this, Set proxy in npm as follows

npm config set proxy "http://<user-name>:<password>@<proxy-url>:<port>"
npm config set https-proxy "http://<user-name>:<password>@<proxy-url>:<port>"
npm config set strict-ssl false
npm config set registry "http://registry.npmjs.org/"
Gallicanism answered 17/10, 2017 at 6:29 Comment(0)
H
4

Just create a file named .npmrc file in a your project folder ,it will avoid proxy setting at system level

#Without password
proxy=http://ipaddress:80
https-proxy=http://ipaddress:80

#With password
proxy=http://<username>:<pass>@proxyhost:<port>
https-proxy=http://<uname>:<pass>@proxyhost:<port>

Comment like this if you don't use the proxy

#proxy=http://ipaddress:80
#https-proxy=http://ipaddress:80

#With password
#proxy=http://<username>:<pass>@proxyhost:<port>
#https-proxy=http://<uname>:<pass>@proxyhost:<port>
Hoopes answered 31/5, 2019 at 14:9 Comment(0)
U
4

None of the existing answers explain how to use npm with a PAC file. Some suggest downloading the PAC file, manually inspecting it, and choosing one of the "PROXY ..." strings. But this doesn't work if the PAC file needs to choose from multiple proxies, or if the PAC file contains complex logic to bypass proxies for certain URLs.

Also, some corporate proxies require NTLM authentication. CNTLM can handle authentication, but doesn't support PAC files.

An alternative is to use Alpaca, which executes the PAC file in a JavaScript VM, and performs NTLM authentication with the resulting proxy.

Urina answered 15/5, 2020 at 3:51 Comment(0)
F
4

PASSWORD is perhaps optional, not needed always.

I know there is been many answers here, but honestly for each org what works may vary. I had this problem and by trial and error, I am able to get the following to work.

Note that there is no password used in this configuration and it still worked just fine.

Directly edit the .npmrc file from C:\Users\your-username\ directory and apply settings below. Remember to open a new command prompt session for the changes to reflect.

proxy=http://http.proxy.xxx.com:8000
registry=http://registry.npmjs.org/
strict-ssl=false

Where xxx is the name of my company. You cannot directly configure your proxy URL here but you can open that file in a text editor and find an appropriate hostname and port number to use.

Here is how it looks, to get an idea:

Foreshow answered 25/4, 2021 at 4:39 Comment(0)
G
2

If you are behind a corporate network with proxy, i just used a ntlm proxy tool and used the port and proxy provided by ntlm, for instnce i used this configuration: 

strict-ssl=false
proxy=http://localhost:3125

I hope this helps.

Greenleaf answered 10/2, 2016 at 14:32 Comment(0)
E
2

Use below command at cmd or GIT Bash or other prompt

$ npm config set proxy "http://192.168.1.101:4128"

$ npm config set https-proxy "http://192.168.1.101:4128"

where 192.168.1.101 is proxy ip and 4128 is port. change according to your proxy settings.

Eft answered 19/7, 2016 at 10:50 Comment(0)
H
2

You must use "npm config set http-proxy"

use:

npm config set http-proxy http://1.2.3.4:8181
npm config set https-proxy http://1.2.3.4:8181
Hat answered 7/6, 2017 at 20:24 Comment(0)
R
2

Try this, it was the only that worked for me:

npm --proxy http://:@proxyhost: --https-proxy http://:@proxyhost: --strict-ssl false install -g package

Pay atention to the option --strict-ssl false

Good luck.

Rete answered 6/7, 2017 at 12:58 Comment(0)
S
2

The NPM proxy setup mentioned in the accepted answer solve the problem, but as you can see in this npm issue, some dependencies uses GIT and that makes the git proxy setup needed, and can be done as follow:

git config --global http.proxy http://username:password@host:port
git config --global https.proxy http://username:password@host:port

The NPM proxy setup mentioned:

npm config set proxy "http://username:password@host:port"
npm config set https-proxy "http://username:password@host:port"
npm config set strict-ssl false
npm config set registry "http://registry.npmjs.org/"
Strikebound answered 14/8, 2018 at 15:8 Comment(1)
Setting strict-ssl to false is a bad idea as you will not know if your secure communication has been compromised.Coucal
T
1

At work we use ZScaler as our proxy. The only way I was able to get npm to work was to use Cntlm.

See this answer:

NPM behind NTLM proxy

Torrence answered 1/4, 2016 at 18:5 Comment(0)
V
1

OS: Windows 7

Steps which worked for me:

  1. npm config get proxy

  2. npm config get https-proxy

  3. Comments: I executed this command to know my proxy settings
    npm config rm proxy

  4. npm config rm https-proxy
  5. npm config set registry=http://registry.npmjs.org/
  6. npm install
Vicarious answered 3/2, 2017 at 16:57 Comment(0)
C
1

Because I still have problems with setting proxy settings at work and turning them off at home, I have scripted and publish npm-corpo-proxy.sh. In every corpo the password has to be changed often and must contain special chars, which must be encoded before feeding npm config (the same for backash form domain\user).

Chesser answered 25/6, 2018 at 13:27 Comment(0)
F
1

From a little search on google the first thing I tried was this

npm config set registry http://registry.npmjs.org/
npm config set proxy "your proxy"
npm config set https-proxy "your proxy"

But still npm seemed to lose connection when trying to do "npm install"s. then I ran this line in command prompt and now I can use npm install 

set NODE_TLS_REJECT_UNAUTHORIZED=0
Frady answered 24/7, 2018 at 8:5 Comment(0)
I
1

I could not make it work with the CNTLM. I tried following all the information posted above, but the proxy still did not authorize the connection. With Fiddler, you just have to install it and check the Automatically Authenticated option. But to work, I had to remove the .npmrc file from my user folder, and set the environment variables as indicated here, with these values:

set npm_config_https-proxy="http://127.0.0.1:8888"

set npm_config_registry="http://registry.npmjs.org/"
Ipswich answered 18/9, 2018 at 15:24 Comment(0)
J
1

Many answers and most of them are the same. My problem was, it is working fine when I am connected to the VPN of my company or working in my office, but it fails when I am using public internet connection.

When you set the proxy (and/or https-proxy) option and you temporarily like to disable it for whatever reason, then run

npm --noproxy "registry.npmjs.org" install <package>
Jedda answered 8/9, 2023 at 5:58 Comment(0)
F
0

I had a similar issue and I tried all the workarounds above but none of them worked for me ( I was using special characters (like '@' symbol) in my password and I also needed to add domain name).

Apart from that I was bit apprehensive to add my password as plain text. It turned-out the easiest solution to overcome all these challenges was to use some sort of reverse proxy (like Fiddler).

I have already detailed the configuration steps in this answer in SO.

Fodder answered 13/10, 2015 at 23:58 Comment(0)
V
0

Adding the lines below in the .typingsrc file helped me.

{
    "rejectUnauthorized": false,
    "registryURL" :"http://api.typings.org/"
 }
Vagabond answered 29/7, 2016 at 8:43 Comment(0)
G
0

I ran into similar issue and found out that my npm config file ( .npmrc) is having wrong registry entry. commented it out and re ran npm install. it worked.

Golfer answered 1/2, 2017 at 16:57 Comment(0)
M
0

Don't Forget to use URL Encoding for password.

Suppose ur username ="xyz" pwd ="abc#11"

then your C:\Users<username>.npmrc should be like

proxy= http://domainname%5Cxyz:abc%2311@servername:port

servername : It can be obtained from the pac file of your internet explorer.

Manometer answered 28/10, 2020 at 5:40 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.