This error occurs when npm can't verify the SSL certificate when cloning a Git dependency. Usually caused by corporate proxies, self-signed certificates, or outdated CA certificates.
When npm tries to clone a Git dependency over HTTPS, it verifies the server's SSL certificate. This error means the certificate couldn't be verified—either because a corporate proxy is intercepting the connection, the certificate is self-signed, or the system's certificate store is outdated. This is extremely common in corporate environments where security proxies inspect HTTPS traffic by injecting their own certificates. It can also occur with private Git servers that use self-signed certificates. The error often shows specific details like "unable to get local issuer certificate" or "certificate verify failed."
First, determine if this is a corporate proxy issue:
# Test direct git access
git clone https://github.com/user/repo.git
# Check what certificate is being served
openssl s_client -connect github.com:443 -servername github.comIf the certificate issuer looks like your company (not DigiCert or similar), it's likely a corporate proxy.
If your company uses SSL inspection, get the CA certificate from IT and configure Node.js to trust it:
# Set environment variable to add extra CA certificates
export NODE_EXTRA_CA_CERTS=/path/to/corporate-ca.pem
# Make it permanent in your shell profile
echo 'export NODE_EXTRA_CA_CERTS=/path/to/corporate-ca.pem' >> ~/.bashrcFor Windows:
set NODE_EXTRA_CA_CERTS=C:\path\to\corporate-ca.pemTell Git to trust the certificate:
# For specific repository
git config http.sslCAInfo /path/to/corporate-ca.pem
# Or globally
git config --global http.sslCAInfo /path/to/corporate-ca.pemOn Windows, use the native certificate store:
git config --global http.sslBackend schannelIf you're behind a corporate proxy:
npm config set proxy http://proxy.company.com:8080
npm config set https-proxy http://proxy.company.com:8080After configuring certificates:
rm -rf node_modules package-lock.json
npm cache clean --force
npm installNever Disable SSL in Production: Disabling SSL verification (npm config set strict-ssl false or git config http.sslVerify false) opens you to man-in-the-middle attacks. Only use these temporarily to diagnose issues, never in CI/CD or production.
NODE_EXTRA_CA_CERTS vs cafile: NODE_EXTRA_CA_CERTS adds to the existing trusted certificates, while npm config set cafile replaces them. Always prefer NODE_EXTRA_CA_CERTS.
Getting Corporate Certificates:
1. Ask your IT department for the CA certificate in PEM format
2. Export from browser: visit any HTTPS site, view certificate, export the root CA
3. On Windows, export from certmgr.msc
Certificate Format: The certificate must be in PEM format (starts with -----BEGIN CERTIFICATE-----). Convert from other formats:
openssl x509 -inform der -in certificate.cer -out certificate.pemnpm notice access token expired or revoked. Please try logging in again.
Token has expired - npm authentication failure
npm ERR! code EAI_AGAIN
How to fix "EAI_AGAIN" in npm
npm error code E403 npm error 403 Forbidden - PUT https://registry.npmjs.org/<package>
How to fix 'E403 Forbidden' error in npm
npm ERR! code EUSAGE npm ERR! Usage error
How to fix "npm ERR! code EUSAGE" in Node.js projects
npm ERR! code E401 npm ERR! 401 Unauthorized
How to fix "E401 Unauthorized" in npm