pnpm install throw Error UNABLE_TO_VERIFY_LEAF_SIGNATURE, but npm install is ok

[Beace]

pnpm version:

6.31.0

Code to reproduce the issue:

$ export https_proxy=http://127.0.0.1:9090 // I used proxyman to catch http(s) request
$ npm config set strict-ssl false

package.json

{
  "name": "test-pnpm",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "keywords": [],
  "author": "",
  "license": "ISC",
  "dependencies": {
    "@babel/traverse": "7.17.10"
  }
}

run npm install is fine, but pnpm install --registry=https://registry.npmjs.org throw Error

$ pnpm install --registry=http://registry.npmjs.org
WARN  GET https://registry.npmjs.org/@babel/traverse/-/traverse-7.17.10.tgz error (UNABLE_TO_VERIFY_LEAF_SIGNATURE). Will retry in 10 seconds. 2 retries left.
 WARN  GET https://registry.npmjs.org/@babel%2Fcode-frame error (UNABLE_TO_VERIFY_LEAF_SIGNATURE). Will retry in 10 seconds. 2 retries left.

Expected behavior:

install success.

Actual behavior:

install failed.there is a screenshot.

Additional information:

• node -v prints: v16.0.0
• macOS

[lvjiaxuan]

+1

[ghost]

I'm facing the same issue, any news on the subject ?

[toxsick]

Having the same issue when installing a package from a private gitlab registry (cert should be ok though)

[ayblanchet]

Having the same issue, It's work with npm but not with pnpm.
I have no certificate and strict-ssl to false. Is there a workaround?

[Alsan]

same issue.

platform: linux
node: v16.19.0
pnpm: 7.27.0

[zkochan]

try to run:

NODE_TLS_REJECT_UNAUTHORIZED=0 pnpm install

[zkochan]

I don't understand why it doesn't work because when strict-ssl is set to false, we don't rejectUnauthorized:

https://github.com/pnpm/components/blob/20a4aadfa2b7bc5f5ce2febff648277470d20966/network/proxy-agent/proxy-agent.ts#L116
https://github.com/pnpm/components/blob/20a4aadfa2b7bc5f5ce2febff648277470d20966/network/agent/agent.ts#L63

Maybe this is the issue:

TooTallNate/proxy-agents#89

[zkochan]

Try 7.27.1

[Alsan]

Almost done, but not for external binaries.

[zkochan]

but this error happens in a script. I don't think we have control over how the scripts fetch. Does it work with npm or yarn?

[Alsan]

yes, both npm and yarn works as expected.

[zkochan]

I am not sure what is the issue. I see the warning in the output about NODE_TLS_REJECT_UNAUTHORIZED set to 0 and I see this: https://github.com/npm/minipass-fetch/blob/813e6d77e6b2279d650309dd8d8325bba229a38a/lib/request.js#L87

[Alsan]

I've add this env setting when running the pnpm install command as @zkochan said. I'll try to remove this flag to see will it help later today.

[Alsan]

checked, and tried to export proxy settings as environment before run pnpm install, didn't help.

export http_proxy=http://127.0.0.1:4000
export https_proxy=$http_proxy
export HTTP_PROXY=$http_proxy
export HTTPS_PROXY=$http_proxy
pnpm install --loglevel verbose