The CERT_SIGNATURE_FAILURE error occurs when npm cannot verify the SSL certificate of the npm registry due to missing or invalid certificates in your trust store. This typically happens with firewalls, proxies, antivirus software, or outdated Node.js versions.
When npm installs packages, it verifies the SSL certificate of the npm registry using your system's certificate store. The CERT_SIGNATURE_FAILURE error means that npm encountered a certificate whose signature cannot be verified—either because the certificate chain is incomplete, the signing authority is not trusted, or the certificate itself is invalid. This is a security check to prevent man-in-the-middle attacks. The error commonly occurs in corporate environments where firewalls or antivirus software intercept SSL connections, organizations using self-signed certificates, or when using private npm registries.
The most reliable fix is upgrading to the latest stable version of Node.js, which includes an updated npm client with improved certificate handling.
node --version
npm --version
# On macOS with Homebrew:
brew upgrade node
# On Windows with Chocolatey:
choco upgrade nodejs
# On Linux, use nvm:
nvm install node
node --version
npm --versionIf upgrading didn't work, tell npm to use Node.js's CA store instead of npm's built-in certificates.
npm config set ca=""
npm installIf it works, you're done. If not, proceed to the next step.
If you're behind a corporate firewall, you need to add your organization's CA certificate to npm.
# Set the certificate file path
npm config set cafile /path/to/your/certificate.crt
# Alternatively, use the NODE_EXTRA_CA_CERTS environment variable:
export NODE_EXTRA_CA_CERTS=/path/to/your/certificate.crt
# On Windows (PowerShell):
$env:NODE_EXTRA_CA_CERTS="C:\path\to\certificate.crt"
npm installMany corporate security tools intercept SSL connections, causing certificate verification failures. Temporarily disable SSL inspection to test if that's the cause.
Common offenders:
- ESET antivirus (disable SSL/TLS Inspector in settings)
- Kaspersky antivirus (disable Web Anti-Virus SSL scanning)
- Carbon Black Cloud Sensor
- Zscaler or similar proxy software
Temporarily disable these tools, run npm install, then re-enable them. If npm works without them, work with your IT team to add npm.js.org to the SSL inspection whitelist.
Only use this as a temporary workaround while you resolve the underlying certificate issue. This reduces security.
npm install --strict-ssl=false
# Or set it globally (NOT RECOMMENDED for production)
npm config set strict-ssl false
npm install
npm config set strict-ssl true
# Alternative: use environment variable
NODE_TLS_REJECT_UNAUTHORIZED=0 npm installWarning: After using these commands, you lose protection against man-in-the-middle attacks. This should only be temporary.
The CERT_SIGNATURE_FAILURE error is fundamentally a certificate trust issue. The proper long-term solution is to identify what's intercepting the certificate chain (usually corporate security software) and work with your IT team to whitelist npm.js.org, registry.npmjs.org, and related CDNs in your firewall/proxy/antivirus software. For private npm registries, ensure the certificate is valid and signed by a trusted CA, or add the root CA certificate to your system's trust store and configure npm to use it via NODE_EXTRA_CA_CERTS.
npm ERR! code E401 npm ERR! 401 Unauthorized - Token has expired
Token has expired - npm authentication failure
npm ERR! code EAI_NODATA npm ERR! errno EAI_NODATA npm ERR! getaddrinfo EAI_NODATA registry.npmjs.org
How to fix "npm ERR! code EAI_NODATA - getaddrinfo EAI_NODATA"
npm ERR! code EMPTYPACKAGE npm ERR! Package contains no files
How to fix 'npm ERR! code EMPTYPACKAGE' - Package contains no files
npm ERR! code EWORKSPACEMISSING npm ERR! Workspace does not exist: packages/missing
How to fix "npm ERR! code EWORKSPACEMISSING - Workspace does not exist" error
npm ERR! code EADDRNOTAVAIL npm ERR! errno EADDRNOTAVAIL npm ERR! Address not available
How to fix "npm ERR! code EADDRNOTAVAIL - Address not available" error