I've just had a very similar problem, where I couldn't get npm to work behind our proxy server.

我刚刚遇到了一个非常相似的问题，我无法让 npm 在我们的代理服务器后面工作。

My username is of the form "domain\username" - including the slash in the proxy configuration resulted in a forward slash appearing. So entering this:

我的用户名的格式为“域\用户名”——包括代理配置中的斜杠导致出现正斜杠。所以输入这个：

npm config set proxy "http://domain\username:password@servername:port/"

then running this npm config get proxyreturns this: http://domain/username:password@servername:port/

然后运行它npm config get proxy返回这个： http://domain/username:password@servername:port/

Therefore to fix the problem I instead URL encoded the backslash, so entered this:

因此，为了解决这个问题，我改为对反斜杠进行 URL 编码，因此输入了以下内容：

npm config set proxy "http://domain%5Cusername:password@servername:port/"

and with this the proxy access was fixed.

有了这个，代理访问是固定的。

Look for the url of the pacfile in internet explorer lan settings and download the pac file from the URL configured. The pac file is just a javascript file with a function named FindProxyForURLwhich returns different proxy hosts in different scenarios.

pac在 Internet Explorer lan 设置中查找文件的 url并从配置的 URL 下载 pac 文件。pac 文件只是一个 javascript 文件，FindProxyForURL其中有一个名为的函数，它在不同的场景中返回不同的代理主机。

Try to find a host in that pac file which you think is for general web traffic and plug it into .npmrc in C:\Users\<username>\.npmrc

尝试在该 pac 文件中找到一个您认为用于一般网络流量的主机并将其插入 .npmrc 中 C:\Users\<username>\.npmrc

proxy=http://<username>:<pass>@proxyhost:<port>
https-proxy=http://<uname>:<pass>@proxyhost:<port>

Even though you may login with your domain and username on your corporate machine, It is highly possible that the user active directory domain name is not required for the proxy, only the username and password (which may be different than your Active Directory login)

即使您可以在公司机器上使用您的域和用户名登录，很可能代理不需要用户 Active Directory 域名，只需要用 户名和密码（可能与您的 Active Directory 登录名不同）

Don't forget to fiddle with escaping special password characters.

不要忘记摆弄转义特殊密码字符。

Download your .pacfile. Open it in any editor and look for PROXY = "PROXY X.X.X.X:80;. You may have many proxies, copy any of them and run the following terminal commands:

下载您的.pac文件。在任何编辑器中打开它并查找PROXY = "PROXY X.X.X.X:80;. 您可能有许多代理，复制其中任何一个并运行以下终端命令：

npm config set proxy http://X.X.X.X:80
npm config set https-proxy http://X.X.X.X:80

Now you should be able to install any package!

现在您应该可以安装任何软件包了！

I solved this problem this way:

我是这样解决这个问题的：

1) I run this command:

1）我运行这个命令：

npm config set strict-ssl false

npm config set strict-ssl false

2) Then set npm to run with http, instead of https:

2) 然后将 npm 设置为使用 http 而不是 https 运行：

npm config set registry "http://registry.npmjs.org/"

npm config set registry "http://registry.npmjs.org/"

3) Then install your package

3）然后安装你的包

npm install <package name>

npm install <package name>

To expand on @Steve Roberts answer.

扩展@Steve Roberts 的回答。

My username is of the form "domain\username" - including the slash in the proxy configuration resulted in a forward slash appearing. So entering this:

npm config set proxy "http://domain\username:password@servername:port/"

我的用户名的格式为“域\用户名”——包括代理配置中的斜杠导致出现正斜杠。所以输入这个：

npm config set proxy "http://domain\username:password@servername:port/"

I also had to URL encode my domain\userstring, however, I have a space inside my username so I put a +to encode the space URL encoding, but it would get double encoded as %2B(which is the URL encoding for the plus sign, however the URL encoding for a space is %20), so I had to instead do the following:

我还必须对我的domain\user字符串进行 URL 编码，但是，我的用户名中有一个空格，所以我放了一个+来编码空间 URL 编码，但它会被双重编码为%2B（这是加号的 URL 编码，但是 URL空格的编码是%20)，所以我不得不执行以下操作：

npm command

npm 命令

// option one 
// it works for some packages
npm config set http_proxy "http://DOMAIN%5Cuser+name:[email protected]:port"
npm config set proxy "http://DOMAIN%5Cuser+name:[email protected]:port"

// option two
// it works best for me
// please notice that I actually used a space 
// instead of URL encode it with '+', '%20 ' OR %2B (plus url encoded)
npm config set http_proxy "http://DOMAIN%5Cuser name:[email protected]:port"
npm config set proxy "http://DOMAIN%5Cuser name:[email protected]:port"

// option two (B) as of 2019-06-01
// no DOMAIN
// instead of URL encode it with '+', '%20 ' OR %2B (plus url encoded)
npm config set http_proxy "http://user name:[email protected]:port"
npm config set proxy "http://user name:[email protected]:port"

troubleshooting npm config

对 npm 配置进行故障排除

I used the npm config listto get the parsed values that I had set above, and that is how I found out about the double encoding. Weird.

我使用npm config list来获取我在上面设置的解析值，这就是我发现双重编码的方式。奇怪的。

Essentially you must figure out the following requirements:

基本上，您必须弄清楚以下要求：

1. Is a DOMAINstring required for authentication
2. Do you need to encode special characters?
   • Spaces and at (@) signs are specially challenging

1. DOMAIN身份验证所需的字符串
2. 您需要对特殊字符进行编码吗？
   • 空格和 (@) 标志特别具有挑战性

Regards.

问候。

WINDOWS ENVIRONMENT VARIABLES (CMD Prompt)

WINDOWS 环境变量（CMD 提示）

Update

更新

Turns out that even with the above configurations, I still had some issues with some packages/scripts that use Request - Simplified HTTP clientinternally to download stuff. So, as the above readme explained, we can specify environment variablesto set the proxy on the command line, and Request will honor those values.

事实证明，即使使用上述配置，我仍然遇到一些使用Request - Simplified HTTP client 在内部下载内容的包/脚本的问题。因此，正如上面的自述文件所解释的，我们可以在命令行上指定环境变量来设置代理，Request 将遵循这些值。

Then, after (and I am reluctant to admit this)several tries (more like days), of trying to set the environment variables I finally succeeded with the following guidelines:

然后，在（我不愿意承认这一点）几次尝试（更像是几天）之后，尝试设置环境变量后，我终于按照以下准则成功了：

rem notice that the value after the = has no quotations
rem    - I believe that if quotations are placed after it, they become
rem    part of the value, you do not want that
rem notice that there is no space before or after the = sign
rem     - if you leave a space before it, you will be declaring a variable 
rem     name that includes such space, you do not want to do that
rem     - if you leave a space after it, you will be including the space
rem     as part of the value, you do not want that either
rem looks like there is no need to URL encode stuff in there
SET HTTP_PROXY=http://DOMAIN\user name:[email protected]:port
SET HTTPS_PROXY=http://DOMAIN\user name:[email protected]:port

cntlm

cntlm

I used the above technique for a few weeks, untill I realized the overhead of updating my password across all the tools that needed the proxy setup.

我使用上述技术几个星期，直到我意识到在需要代理设置的所有工具中更新我的密码的开销。

Besides npm, I also use:

除了 npm，我还使用：

• bower
• vagrant
  • virtual box (running linux)
  • apt-get [linux]
• git
• vscode
• brackets
• atom
• tsd

• 凉亭
• 流浪汉
  • 虚拟盒子（运行 linux）
  • apt-get [linux]
• 混帐
• vscode
• 括号
• 原子
• tsd

cntlm Setup Steps

cntlm 设置步骤

So, I installed cntlm. Setting cntlmis pretty stright forward, you look for the ini file @ C:\Program Files\Cntlm\cntlm.ini

所以，我安装了cntlm。设置cntlm非常直接，你寻找 ini 文件@C:\Program Files\Cntlm\cntlm.ini

1. Open C:\Program Files\Cntlm\cntlm.ini(you may need admin rights)
2. look for Usernameand Domainlines (line 8-9 I think)
   • add your username
   • add your domain

3. On cmd prompt run:

   cd C:\Program Files\Cntlm\
   cntlm -M
   cntlm -H  
   

   • you will be asked for the password:

    cygwin warning:
      MS-DOS style path detected: C:\Program Files\Cntlm\cntlm.ini
      Preferred POSIX equivalent is: /Cntlm/cntlm.ini
      CYGWIN environment variable option "nodosfilewarning" turns off this warning.
      Consult the user's guide for more details about POSIX paths:
        http://cygwin.com/cygwin-ug-net/using.html#using-pathnames
    Password:
   

4. The output you get from cntlm -Hwill look something like:

   PassLM          561DF6AF15D5A5ADG  
   PassNT          A1D651A5F15DFA5AD  
   PassNTLMv2      A1D65F1A65D1ASD51  # Only for user 'user name', domain 'DOMAIN'
   

   • It is recomended that you use PassNTLMv2 so add a #before line PassLMand PassNTor do not use them
5. Paste the output from cntlm -Hon the ini file replacing the lines for PassLM, PassNTand PassNTMLv2, or comment the original lines and add yours.
6. Add your Proxyservers. If you do not know what the proxy server is... Do what I did, I looked for my proxy auto-config file by looking for the AutoConfigURLRegistry key in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings. Navigate to that url and look through the code which happens to be JavaScript.
7. Optionaly you can change the port where cntlm listens to by changing the Listen ####line, where ####is the port number.

1. 打开C:\Program Files\Cntlm\cntlm.ini（您可能需要管理员权限）
2. 查找Username和Domain行（我认为是第 8-9 行）
   • 添加您的用户名
   • 添加您的域

3. 在 cmd 提示符下运行：

   cd C:\Program Files\Cntlm\
   cntlm -M
   cntlm -H  
   

   • 您将被要求输入密码：

    cygwin warning:
      MS-DOS style path detected: C:\Program Files\Cntlm\cntlm.ini
      Preferred POSIX equivalent is: /Cntlm/cntlm.ini
      CYGWIN environment variable option "nodosfilewarning" turns off this warning.
      Consult the user's guide for more details about POSIX paths:
        http://cygwin.com/cygwin-ug-net/using.html#using-pathnames
    Password:
   

4. 您从中获得的输出cntlm -H将类似于：

   PassLM          561DF6AF15D5A5ADG  
   PassNT          A1D651A5F15DFA5AD  
   PassNTLMv2      A1D65F1A65D1ASD51  # Only for user 'user name', domain 'DOMAIN'
   

   • 据recomended您使用PassNTLMv2所以添加#前行PassLM和PassNT或不使用它们
5. 粘贴cntlm -Hini 文件上的输出，替换PassLM,PassNT和的行PassNTMLv2，或注释原始行并添加您的行。
6. 添加您的Proxy服务器。如果你不知道代理服务器是什么......做我所做的，我通过AutoConfigURL在HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings. 导航到该 url 并查看恰好是 JavaScript 的代码。
7. 可选地，您可以通过更改Listen ####行来更改 cntlm 侦听####的端口，其中是端口号。

Setup NPM with cntlm

使用 cntlm 设置 NPM

So, you point npm to your cntml proxy, you can use the ip, I used localhostand the default port for cntlm 3128so my proxy url looks like this

因此，您将 npm 指向您的 cntml 代理，您可以使用我使用的 iplocalhost和 cntlm 的默认端口，3128因此我的代理 url 如下所示

http://localhost:3128

http://localhost:3128

With the proper command:

使用正确的命令：

npm config set proxy http://localhost:3128

npm 配置集代理http://localhost:3128

Is a lot simpler. You setup all your tools with that same url, and you only update the password on one place. Life is so much simpler not.

简单了很多。您使用相同的 url 设置所有工具，并且只在一处更新密码。生活不是那么简单。

Must Setup The npm CA certificate

必须设置 npm CA 证书

From the npm documentation ca

从 npm 文档ca

If your corporate proxy is intercepting https connections with its own Self Signed Certificate, this is a must to avoid npm config set strict-ssl false(big no-no).

如果您的公司代理使用自己的自签名证书拦截 https 连接，则必须避免 npm config set strict-ssl false（大禁忌）。

Basic steps

基本步骤

1. Get the certificate from your browser (Chromes works well). Export it as Base-64 encoded X.509 (.CER)
2. Replace new lines with \n
3. Edit your .npmrcadd a line ca[]="-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----"

1. 从浏览器获取证书（Chrome 运行良好）。将其导出为Base-64 编码的 X.509 (.CER)
2. 将新行替换为 \n
3. 编辑您的.npmrc添加行ca[]="-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----"

Issues

问题

I have noticed tha sometimes npm kind of hangs, so I stop (sometimes forcefully) cntlmand restart it.

我注意到有时 npm 会挂起，所以我停止（有时强行）cntlm并重新启动它。

I had run into several issues with this and finally what I did is as follows:

我遇到了几个问题，最后我做了如下：

1. Used Fiddler, with "Automatically Authenticate" selected

2. In fiddler custom rules, i added

   if (m_AutoAuth) {oSession["X-AutoAuth"] = "domain\username:password";}
   

3. Finally in npm i set the proxy to http://localhost:8888

1. 使用 Fiddler，选择了“自动验证”

2. 在提琴手自定义规则中，我添加了

   if (m_AutoAuth) {oSession["X-AutoAuth"] = "domain\username:password";}
   

3. 最后在 npm 中，我将代理设置为http://localhost:8888

This worked fine.

这工作得很好。

For anyone struggling behind a corporate firewall, as well as issues with SSL (unable to get local issuer certificate), here are some steps you can try:

对于在企业防火墙后面苦苦挣扎以及 SSL 问题（无法获得本地颁发者证书）的任何人，您可以尝试以下步骤：

Forget about SSL

忘记 SSL

If you are not concerned about SSL, then you can follow the advice of many previous contributors by setting your proxies and changing the registry to the non-secure version:

如果您不关心 SSL，那么您可以通过设置代理并将注册表更改为非安全版本来遵循许多以前贡献者的建议：

npm config set proxy http://username:password@proxyname:port
npm config set https-proxy http://username:password@proxyname:port
npm config set registry http://registry.npmjs.org/

A quick "gotcha" here, my proxy credentials are the same for secured and non-secured requests (notice how I left my protocol as http://for the https-proxyconfiguration). This may be the same for you, and it may not.

这里有一个快速的“问题”，我的代理凭据对于安全和非安全请求是相同的（注意我如何将我的协议保留为http://用于https 代理配置）。这对你来说可能是一样的，也可能不是。

I want to keep SSL

我想保留 SSL

If you want to keep SSL, and don't want to use strict-ssl=false, then you have more work to do. For me, I am behind a corporate firewall and we are using self-signed certificates, so I receive the error unable to get local issuer certificate. If you are in the same boat as me, then you will need to set the cafile=option in the npm config file. First, you need to create a PEM file which holds information about your self-signed certificates. If you do not know how to do that, here are instructions for a Windows environment without using 3rd party software:

如果您想保留 SSL，并且不想使用strict-ssl=false，那么您还有更多工作要做。对我来说，我在公司防火墙后面，我们使用的是自签名证书，所以我收到了错误unable to get local issuer certificate。如果你和我在同一条船上，那么你需要cafile=在 npm 配置文件中设置该选项。首先，您需要创建一个 PEM 文件，其中包含有关您的自签名证书的信息。如果您不知道如何操作，以下是不使用 3rd 方软件的 Windows 环境的说明：

We need to explicitly indicate which certificates should be trusted because we are using self signing certificates. For my example, I navigated to www.google.com using Chrome so I could grab the certificates.

我们需要明确指出哪些证书应该被信任，因为我们使用的是自签名证书。对于我的示例，我使用 Chrome 导航到 www.google.com，以便我可以获取证书。

In Chrome, go to Inspect -> Security -> View Certificate. You will see all of the certificates that allow the SSL connection. Notice how these certificates are self signed. The blurred-out part is my company, and we are not a Certified Authority. You can export the full certificate path as a P7B file, or you can export the certificates individually as CER files (base64 encoding). Exporting the full path as P7B doesn't do you much good because you will in-turn need to open this file in a certificate manager and export as individual CER files anyway. In Windows, double-clicking the P7B file will open the Certificate Manager application.

在 Chrome 中，转到检查 -> 安全 -> 查看证书。您将看到所有允许 SSL 连接的证书。注意这些证书是如何自签名的。模糊的部分是我的公司，我们不是认证机构。您可以将完整的证书路径导出为 P7B 文件，也可以将证书单独导出为 CER 文件（base64 编码）。将完整路径导出为 P7B 对您没有多大好处，因为您反过来需要在证书管理器中打开此文件并导出为单独的 CER 文件。在 Windows 中，双击 P7B 文件将打开证书管理器应用程序。

Exporting as CER (Base 64) is really a text file in the following format:

导出为 CER (Base 64) 实际上是以下格式的文本文件：

-----BEGIN CERTIFICATE-----
MIIGqzCCBZOgAwIBAgITIwAAABWhFPjwukYhTAADAAAAFTANBgkqhkiG9w0BAQUF
ADBFMRMwEQYKCZImiZPyLGQBGRYDY29tMRYwFAYKCZImiZPyLGQBGRYGaXJ2aW5n
b0pvCkNmjWzaNNUg2hYET+pP5nP75aRu+kPRl9UnlQ....rest of certificate...
-----END CERTIFICATE-----

To create our PEM file, we simply need to stack these certificates on top of each other into a single file and change the extension to .pem. I used notepad to do this.

要创建我们的 PEM 文件，我们只需要将这些证书相互叠加到一个文件中，并将扩展名更改为 .pem。我用记事本来做到这一点。

You stack the certificates in reverse order from the certificate path. So above, I would start with *.google.com then paste Websense below it, then Issuing CA 1 etc. This way the certificates are parsed from the top to the bottom searching for the appropriate Root CA. Simply including the Root CA will not work, but we also do not need to include all the certificates. From the above path, I only need to include those certificates that come before the Websense certificate (Issuing CA 1, Policy CA, Root CA).

您可以按照与证书路径相反的顺序堆叠证书。所以在上面，我会从 *.google.com 开始，然后在它下面粘贴 Websense，然后颁发 CA 1 等。这样，证书从顶部到底部进行解析，以搜索适当的根 CA。简单地包含根 CA 是行不通的，但我们也不需要包含所有证书。从上面的路径来看，我只需要包含 Websense 证书之前的那些证书（颁发 CA 1、策略 CA、根 CA）。

Once these self signed certs are saved to a PEM file, we are ready to instruct npm to use these certificates as our trusted CA. Simply set the config file and you should be good to go:

一旦这些自签名证书被保存到 PEM 文件中，我们就可以指示 npm 使用这些证书作为我们信任的 CA。只需设置配置文件，您就可以开始了：

npm config set cafile "C:\yourcerts.pem"

Now, with your proxies set (http and https), and the registry set to https://registry.npmjs.org, you should be able to install packages behind a corporate firewall with self-signed certificates without nuking the strict-sslsetting.

现在，通过设置代理（http 和 https），并将注册表设置为https://registry.npmjs.org，您应该能够使用自签名证书在企业防火墙后面安装软件包，而无需破坏strict-ssl设置。

You can check Fiddler if NPM is giving Authentication error. It is easy to install and configure. Set Fiddler Rule to Automatically Authenticated.In .npmrc set these properties

如果 NPM 出现身份验证错误，您可以检查 Fiddler。它易于安装和配置。将 Fiddler Rule 设置为 Automatically Authenticated。在 .npmrc 中设置这些属性

registry=http://registry.npmjs.org
proxy=http://127.0.0.1:8888
https-proxy=http://127.0.0.1:8888
http-proxy=http://127.0.0.1:8888
strict-ssl=false

It worked for me :)

它对我有用:)

Try this, Set proxy in npm as follows

试试这个，在 npm 中设置代理如下

npm config set proxy "http://<user-name>:<password>@<proxy-url>:<port>"
npm config set https-proxy "http://<user-name>:<password>@<proxy-url>:<port>"
npm config set strict-ssl false
npm config set registry "http://registry.npmjs.org/"

You will get the proxy host and port from your server administrator or support.

您将从服务器管理员或支持人员处获得代理主机和端口。

After that set up

设置好之后

npm config set http_proxy http://username:[email protected]:itsport
npm config set proxy http://username:[email protected]:itsport

If there any special character in password try with % urlencode. Eg:- pound(hash) shuold be replaced by %23.

如果密码中有任何特殊字符，请尝试使用 % urlencode。例如：- pound(hash) 应该被 %23 替换。

This worked for me...

这对我有用...