if the rejectUnauthorized option is not given, the default value is determined by the expression
process.env.npm_config_strict_ssl !== 'false'
However, the value of process.env.npm_config_strict_ssl is only ever 'true' or '' (the empty string). It appears that npm will never set this environment variable to 'false', even when you set --strict-ssl=false.
The particular side effect that I am experiencing is that a transitive dependency of my project is using this package to download a binary file as part of a postinstall, and because --strict-ssl=false is not effectively honored in the postinstall, my npm install is failing.
if the
rejectUnauthorizedoption is not given, the default value is determined by the expressionHowever, the value of
process.env.npm_config_strict_sslis only ever'true'or''(the empty string). It appears that npm will never set this environment variable to'false', even when you set--strict-ssl=false.The particular side effect that I am experiencing is that a transitive dependency of my project is using this package to download a binary file as part of a postinstall, and because
--strict-ssl=falseis not effectively honored in the postinstall, mynpm installis failing.