CA support for SSL connection to NPM registries

[Trebh]

In a corporate environment this is often mandatory for connection to private NPM registries.

.npmrc config reference:
https://docs.npmjs.com/cli/v8/using-npm/config#ca

When acting as a NPM replacement, it should be possible to configure Bun with this option

[bswan0002]

+ cafile support please :)

[viceice]

Bun should support OpenSSL SSL_CERT_FILE environment variables like NodeJS (with --use-openssl-ca option) to allow configuring custom root ca certificates via ENV

[bswan0002]

Bun should support OpenSSL SSL_CERT_FILE environment variables like NodeJS (with --use-openssl-ca option) to allow configuring custom root ca certificates via ENV

Nope, Bun PM not respecting those ENV variables when running bun install.

[viceice]

I know, that's why I said it should. 😉

[tutturen]

The lack of this option makes it impossible to start using bun in our organization, because we can't install packages from our private registry.

[dengelma]

Are there any updates on this issue?

[BeGj]

Can anyone try this workaround for bun install?

set env NODE_TLS_REJECT_UNAUTHORIZED=0. It got supported after this merge request and it kind of works like a temporary workaround when using JOSE and fetching JWKS public certificate.

Might not be good enough temp workaround for prod, but it enables you to do some internal testing at least.

[agrison]

Waiting also for a solution to configure the cafile from within the .bunfile.toml config file, but in the meantime NODE_TLS_REJECT_UNAUTHORIZED=0 bun install is working fine.

[admmasters]

Waiting also for a solution to configure the cafile from within the .bunfile.toml config file, but in the meantime NODE_TLS_REJECT_UNAUTHORIZED=0 bun install is working fine.

This doesn't seem to be working for our private registry.

 package "@types/express" not found <private-artifactory-url>/artifactory/api/npm/@types%2fexpress 404

[ryanc16]

This alone is a deal breaker for adoption in corporate/enterprise environments.

[lirc571]

Related to #7124

The latest version does load /etc/ssl/certs/ca-certificates.crt on Ubuntu without any special configuration. I've been using it this way for a few months without problems.

[cirospaciari]

We dont support yet the options --ca and --cafile but we support now NODE_EXTRA_CA_CERTS

[taorepoara]

but we support now NODE_EXTRA_CA_CERTS

This works fine with Base64 certificate but not with DER certificate.

For those who have the problem here is a solution to convert the cer file: https://serverfault.com/a/992717