Try running npm install to a custom registry with an invalid SSL certificate. How can the CLI team reproduce the problem? npm ERR network npm ERR network If you are behind a proxy, please make sure that the npm ERR network 'proxy' config is set properly. npm ERR network In most cases you are behind a proxy or have bad network settings.
The corporate root CA is trusted locally (Windows and Mac keychain etc) but for npm we add a custom certificate bundle via npm config set cafile … and strict-ssl=false as a workaround. npm ERR code ENOTFOUND npm ERR syscall getaddrinfo npm ERR network This is a problem related to network connectivity. Setting strict-ssl=false should workaround this. We know our custom registry has an invalid SSL certificate. The registry is protected using a self-signed root CA certificate. We're using an internal registry via npm config set registry which is behind a corporate proxy. Running npm install on throws UNABLE_TO_VERIFY_LEAF_SIGNATURE
Config file parsing and storing is handled by a dependency, and making it preserve comments is tricky, but given that the file format supports comments (unlike the JSON used by our friend package.json), the CLI shouldn’t be stomping on those values. It’s not easy to make it so that editing the config preserves the existing formatting and comments in the config files, but that doesn’t mean it shouldn’t be done.
The CLI would need a new option to tell npm config to modify the per-package configuration, but beyond that, the existing code should make it pretty clear how to add the new type of editing. npm config set and npm config set -g only allow you to edit two of those four kinds of files I agree that if npm is going to support per-package configuration, it should be configurable via the CLI. npmrc at ”$(pwd)/.npmrc”, a per-user file at ”$HOME/.npmrc” (what calls “the global config”), a global file installed at ”$(npm -g prefix)/etc/npmrc”, and a special “ npmrc” bundled into the CLI package itself (used to ensure that things stay installed in the correct places on Windows).
npmrc files evaluated by npm's configuration framework: a per-package.
There's even more going on in this issue than there appears at first: