if the rejectUnauthorized option is not given, the default value is determined by the expression
process.env.npm_config_strict_ssl !== 'false'
However, the value of process.env.npm_config_strict_ssl is only ever 'true' or '' (the empty string). It appears that npm will never set this environment variable to 'false', even when you set --strict-ssl=false.
The particular side effect that I am experiencing is that a transitive dependency of my project is using this package to download a binary file as part of a postinstall, and because --strict-ssl=false is not effectively honored in the postinstall, my npm install is failing.
if the
rejectUnauthorized
option is not given, the default value is determined by the expressionHowever, the value of
process.env.npm_config_strict_ssl
is only ever'true'
or''
(the empty string). It appears that npm will never set this environment variable to'false'
, even when you set--strict-ssl=false
.The particular side effect that I am experiencing is that a transitive dependency of my project is using this package to download a binary file as part of a postinstall, and because
--strict-ssl=false
is not effectively honored in the postinstall, mynpm install
is failing.