The "unable to verify the first certificate" error occurs when npm cannot verify the SSL certificate chain. This typically means an intermediate certificate is missing from the chain sent by the server.
This error indicates a problem with SSL certificate chain verification. When a server presents its certificate, it should also send any intermediate certificates needed to chain back to a trusted root CA. If these intermediates are missing, npm cannot verify the chain even if the root CA is trusted. This often happens with misconfigured proxies, load balancers, or CDNs that don't send the complete certificate chain. The "first certificate" refers to the server's leaf certificate that cannot be verified.
View what certificates are being sent:
openssl s_client -connect registry.npmjs.org:443 -showcerts 2>/dev/nullYou should see multiple certificates. If only one, the chain is incomplete.
Get missing intermediate certs:
1. Visit the site in a browser
2. Export the full certificate chain
3. Or find intermediates on the CA's website
4. Save as intermediate.pem
Point npm to the complete certificate chain:
# Create combined cert file
cat intermediate.pem root.pem > full-chain.pem
# Configure npm
npm config set cafile /path/to/full-chain.pemAdd extra certificates via environment:
export NODE_EXTRA_CA_CERTS=/path/to/intermediate.pem
npm installAdd to shell profile for persistence.
Ensure system has latest intermediate CAs:
# Ubuntu/Debian
sudo apt update && sudo apt install ca-certificates
sudo update-ca-certificates
# macOS
brew upgrade ca-certificatesIf caused by corporate proxy:
1. Report the incomplete certificate chain
2. Ask them to configure proper cert chain
3. Request the full chain file as workaround
This issue is common when organizations deploy SSL inspection without properly configuring intermediate certificates. Tools like SSL Labs (ssllabs.com/ssltest) can diagnose server-side chain issues. In Kubernetes, ensure ingress controllers and service meshes send complete chains. For Docker builds, use multi-stage builds that include proper CA configuration.
npm notice access token expired or revoked. Please try logging in again.
Token has expired - npm authentication failure
npm ERR! code EAI_AGAIN
How to fix "EAI_AGAIN" in npm
npm error code E403 npm error 403 Forbidden - PUT https://registry.npmjs.org/<package>
How to fix 'E403 Forbidden' error in npm
npm ERR! code EUSAGE npm ERR! Usage error
How to fix "npm ERR! code EUSAGE" in Node.js projects
npm ERR! code E401 npm ERR! 401 Unauthorized
How to fix "E401 Unauthorized" in npm