Advertisement
Advertisement


Using npm behind corporate proxy .pac


Question

I need to download several packages through npm but our corporate proxy configuration is a .pac file (i'm on windows)

I have already tried

npm config set proxy http://mydomain\username:[email protected]:8181/proxy.pac
npm config set https-proxy http://mydomain\username:[email protected]:8181/proxy.pac

or

npm config set proxy http://1.2.3.4:8181/proxy.pac
npm config set https-proxy http://1.2.3.4:8181/proxy.pac

but it doesn't work...

any suggestion? thanks

2018/09/17
1
160
9/17/2018 8:29:54 AM

Accepted Answer

I've just had a very similar problem, where I couldn't get npm to work behind our proxy server.

My username is of the form "domain\username" - including the slash in the proxy configuration resulted in a forward slash appearing. So entering this:

npm config set proxy "http://domain\username:[email protected]:port/"

then running this npm config get proxy returns this: http://domain/username:[email protected]:port/

Therefore to fix the problem I instead URL encoded the backslash, so entered this:

npm config set proxy "http://domain%5Cusername:[email protected]:port/"

and with this the proxy access was fixed.

2016/05/06
205
5/6/2016 2:51:31 PM

Look for the url of the pac file in internet explorer lan settings and download the pac file from the URL configured. The pac file is just a javascript file with a function named FindProxyForURL which returns different proxy hosts in different scenarios.

Try to find a host in that pac file which you think is for general web traffic and plug it into .npmrc in C:\Users\<username>\.npmrc

proxy=http://<username>:<pass>@proxyhost:<port>
https-proxy=http://<uname>:<pass>@proxyhost:<port>

Even though you may login with your domain and username on your corporate machine, It is highly possible that the user active directory domain name is not required for the proxy, only the username and password (which may be different than your Active Directory login)

Don't forget to fiddle with escaping special password characters.

2018/04/23

Download your .pac file. Open it in any editor and look for PROXY = "PROXY X.X.X.X:80;. You may have many proxies, copy any of them and run the following terminal commands:

npm config set proxy http://X.X.X.X:80
npm config set https-proxy http://X.X.X.X:80

Now you should be able to install any package!

2017/05/31

I solved this problem this way:

1) I run this command:

npm config set strict-ssl false

2) Then set npm to run with http, instead of https:

npm config set registry "http://registry.npmjs.org/"

3) Then install your package

npm install <package name>

2016/08/31

To expand on @Steve Roberts answer.

My username is of the form "domain\username" - including the slash in the proxy configuration resulted in a forward slash appearing. So entering this:

npm config set proxy "http://domain\username:[email protected]:port/"

I also had to URL encode my domain\user string, however, I have a space inside my username so I put a + to encode the space URL encoding, but it would get double encoded as %2B (which is the URL encoding for the plus sign, however the URL encoding for a space is %20), so I had to instead do the following:

npm command

// option one 
// it works for some packages
npm config set http_proxy "http://DOMAIN%5Cuser+name:[email protected]:port"
npm config set proxy "http://DOMAIN%5Cuser+name:[email protected]:port"

// option two
// it works best for me
// please notice that I actually used a space 
// instead of URL encode it with '+', '%20 ' OR %2B (plus url encoded)
npm config set http_proxy "http://DOMAIN%5Cuser name:[email protected]:port"
npm config set proxy "http://DOMAIN%5Cuser name:[email protected]:port"

// option two (B) as of 2019-06-01
// no DOMAIN
// instead of URL encode it with '+', '%20 ' OR %2B (plus url encoded)
npm config set http_proxy "http://user name:[email protected]:port"
npm config set proxy "http://user name:[email protected]:port"

troubleshooting npm config

I used the npm config list to get the parsed values that I had set above, and that is how I found out about the double encoding. Weird.

Essentially you must figure out the following requirements:

  1. Is a DOMAIN string required for authentication
  2. Do you need to encode special characters?
    • Spaces and at (@) signs are specially challenging

Regards.

WINDOWS ENVIRONMENT VARIABLES (CMD Prompt)

Update

Turns out that even with the above configurations, I still had some issues with some packages/scripts that use Request - Simplified HTTP client internally to download stuff. So, as the above readme explained, we can specify environment variables to set the proxy on the command line, and Request will honor those values.

Then, after (and I am reluctant to admit this) several tries (more like days), of trying to set the environment variables I finally succeeded with the following guidelines:

rem notice that the value after the = has no quotations
rem    - I believe that if quotations are placed after it, they become
rem    part of the value, you do not want that
rem notice that there is no space before or after the = sign
rem     - if you leave a space before it, you will be declaring a variable 
rem     name that includes such space, you do not want to do that
rem     - if you leave a space after it, you will be including the space
rem     as part of the value, you do not want that either
rem looks like there is no need to URL encode stuff in there
SET HTTP_PROXY=http://DOMAIN\user name:[email protected]:port
SET HTTPS_PROXY=http://DOMAIN\user name:[email protected]:port

cntlm

I used the above technique for a few weeks, untill I realized the overhead of updating my password across all the tools that needed the proxy setup.

Besides npm, I also use:

  • bower
  • vagrant
    • virtual box (running linux)
    • apt-get [linux]
  • git
  • vscode
  • brackets
  • atom
  • tsd

cntlm Setup Steps

So, I installed cntlm. Setting cntlm is pretty stright forward, you look for the ini file @ C:\Program Files\Cntlm\cntlm.ini

  1. Open C:\Program Files\Cntlm\cntlm.ini (you may need admin rights)
  2. look for Username and Domain lines (line 8-9 I think)
    • add your username
    • add your domain
  3. On cmd prompt run:

    cd C:\Program Files\Cntlm\
    cntlm -M
    cntlm -H  
    
    • you will be asked for the password:
     cygwin warning:
       MS-DOS style path detected: C:\Program Files\Cntlm\cntlm.ini
       Preferred POSIX equivalent is: /Cntlm/cntlm.ini
       CYGWIN environment variable option "nodosfilewarning" turns off this warning.
       Consult the user's guide for more details about POSIX paths:
         http://cygwin.com/cygwin-ug-net/using.html#using-pathnames
     Password:
    
  4. The output you get from cntlm -H will look something like:

    PassLM          561DF6AF15D5A5ADG  
    PassNT          A1D651A5F15DFA5AD  
    PassNTLMv2      A1D65F1A65D1ASD51  # Only for user 'user name', domain 'DOMAIN'
    
    • It is recomended that you use PassNTLMv2 so add a # before line PassLM and PassNT or do not use them
  5. Paste the output from cntlm -H on the ini file replacing the lines for PassLM, PassNT and PassNTMLv2, or comment the original lines and add yours.
  6. Add your Proxy servers. If you do not know what the proxy server is... Do what I did, I looked for my proxy auto-config file by looking for the AutoConfigURL Registry key in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings. Navigate to that url and look through the code which happens to be JavaScript.
  7. Optionaly you can change the port where cntlm listens to by changing the Listen #### line, where #### is the port number.

Setup NPM with cntlm

So, you point npm to your cntml proxy, you can use the ip, I used localhost and the default port for cntlm 3128 so my proxy url looks like this

http://localhost:3128

With the proper command:

npm config set proxy http://localhost:3128

Is a lot simpler. You setup all your tools with that same url, and you only update the password on one place. Life is so much simpler not.

Must Setup The npm CA certificate

From the npm documentation ca

If your corporate proxy is intercepting https connections with its own Self Signed Certificate, this is a must to avoid npm config set strict-ssl false (big no-no).

Basic steps

  1. Get the certificate from your browser (Chromes works well). Export it as Base-64 encoded X.509 (.CER)
  2. Replace new lines with \n
  3. Edit your .npmrc add a line ca[]="-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----"

Issues

I have noticed tha sometimes npm kind of hangs, so I stop (sometimes forcefully) cntlm and restart it.

2019/12/30

I had run into several issues with this and finally what I did is as follows:

  1. Used Fiddler, with "Automatically Authenticate" selected
  2. In fiddler custom rules, i added

    if (m_AutoAuth) {oSession["X-AutoAuth"] = "domain\\username:password";}
    
  3. Finally in npm i set the proxy to http://localhost:8888

This worked fine.

2015/09/01