CA support for SSL connection to NPM registries

oven-sh / bun

Incredibly fast JavaScript runtime, bundler, test runner, and package manager – all in one

https://bun.sh

Other

73.13k stars 2.68k forks source link

CA support for SSL connection to NPM registries #271

Open Trebh opened 2 years ago

Trebh commented 2 years ago

In a corporate environment this is often mandatory for connection to private NPM registries.

.npmrc config reference: https://docs.npmjs.com/cli/v8/using-npm/config#ca

When acting as a NPM replacement, it should be possible to configure Bun with this option

bswan0002 commented 1 year ago

+ cafile support please :)

viceice commented 1 year ago

Bun should support OpenSSL SSL_CERT_FILE environment variables like NodeJS (with --use-openssl-ca option) to allow configuring custom root ca certificates via ENV

bswan0002 commented 1 year ago

Bun should support OpenSSL SSL_CERT_FILE environment variables like NodeJS (with --use-openssl-ca option) to allow configuring custom root ca certificates via ENV

Nope, Bun PM not respecting those ENV variables when running bun install.

viceice commented 1 year ago

I know, that's why I said it should. 😉

tutturen commented 1 year ago

The lack of this option makes it impossible to start using bun in our organization, because we can't install packages from our private registry.

dengelma commented 11 months ago

Are there any updates on this issue?

BeGj commented 10 months ago

Can anyone try this workaround for bun install?

set env NODE_TLS_REJECT_UNAUTHORIZED=0. It got supported after this merge request and it kind of works like a temporary workaround when using JOSE and fetching JWKS public certificate.

Might not be good enough temp workaround for prod, but it enables you to do some internal testing at least.

agrison commented 9 months ago

Waiting also for a solution to configure the cafile from within the .bunfile.toml config file, but in the meantime NODE_TLS_REJECT_UNAUTHORIZED=0 bun install is working fine.

admmasters commented 9 months ago

Waiting also for a solution to configure the cafile from within the .bunfile.toml config file, but in the meantime NODE_TLS_REJECT_UNAUTHORIZED=0 bun install is working fine.

This doesn't seem to be working for our private registry.

 package "@types/express" not found <private-artifactory-url>/artifactory/api/npm/@types%2fexpress 404

ryanc16 commented 8 months ago

This alone is a deal breaker for adoption in corporate/enterprise environments.

lirc571 commented 5 months ago

Related to #7124

The latest version does load /etc/ssl/certs/ca-certificates.crt on Ubuntu without any special configuration. I've been using it this way for a few months without problems.

cirospaciari commented 1 month ago

We dont support yet the options --ca and --cafile but we support now NODE_EXTRA_CA_CERTS

taorepoara commented 3 weeks ago

but we support now NODE_EXTRA_CA_CERTS

This works fine with Base64 certificate but not with DER certificate.

For those who have the problem here is a solution to convert the cer file: https://serverfault.com/a/992717