在curl的页面上有关于SSL和证书问题的很好的信息。 我的大部分答案都是基于那里的信息。

使用strict-ssl false是不好的做法，可能会产生问题。我们可以做的是添加由“中间人”证书注入的证书。

如何在Windows上解决这个问题:

Download the CA Certificates from curl based on Mozilla's CA bundle. You can also use curl's "firefox-db2pem.sh" shellscript to convert your local Firefox database. Go to a webpage using https, for example Stackoverflow in Chrome or Internet Explorer Click the lock icon, click View certificates or "Valid" in Chrome Navigate to the Certification path. The top certificate, or the root certificate is the one we want to extract. Click that certificate and then "view certificate" Click the second tab, "Details". Click "Copy to file". Pick the DER format and make note of where you save the file. Pick a suitable filename, like rootcert.cer If you have Git installed you will have openssl.exe. Otherwise, install git for windows at this stage. Most likely the openssl executable will be at C:\Program Files\git\usr\bin\openssl.exe. We will use openssl to convert the file to the PEM format we need for NPM to understand it. Convert the file you saved in step 5 by using this command: openssl x509 -inform DES -in **rootcert**.cer -out outcert.pem -text where rootcert is the filename of the certificate you saved in step 5. Open the outcert.pem in a text-editor smart enough to understand line-endings, so not notepad. Find -----BEGIN CERTIFICATE----- lots of characters -----END CERTIFICATE----- and copy all text between them and also including the BEGIN / END lines Now we will paste that content to the end of the CA Cert bundle made in step 1. So open the cacert.pem in your advanced texteditor. Go to the end of the file and paste the content from previous step to the end of file. (Preserve the empty line below what you just pasted) Copy the saved cabundle.pem to a suitable place. Eg your %userprofile% or ~. Make note of the location of the file. Now we will tell npm/yarn to use the new bundle. In a commandline, write npm config set cafile **C:\Users\username\cacert.pem** where C:\Users\username\cacert.pem is the path from step 10. Optionally: turn on strict-ssl again, npm config set strict-ssl true

唷!我们成功了!现在npm可以理解如何连接了。额外的好处是，您可以告诉curl使用相同的cabundle。pem，它也能理解HTTPs。

我只是有我的份额与npm和代理设置的斗争，因为我不喜欢其他的答案，我喜欢分享我认为这个问题应该如何解决(妥协安全不是一个选项)。

医生怎么说

首先，你必须了解npm中与代理相关的重要设置:

proxy A proxy to use for outgoing http requests. If the HTTP_PROXY or http_proxy environment variables are set, proxy settings will be honored by the underlying request library. https-proxy A proxy to use for outgoing https requests. If the HTTPS_PROXY or https_proxy or HTTP_PROXY or http_proxy environment variables are set, proxy settings will be honored by the underlying request library. noproxy A comma-separated string or an array of domain extensions that a proxy should not be used for. cafile A path to a file containing one or multiple Certificate Authority signing certificates. Similar to the ca setting, but allows for multiple CA's, as well as for the CA information to be stored in a file on disk.

现在，由于代理的默认值，http -proxy是基于环境变量的，建议正确配置这些变量，以便其他工具也可以工作(如curl)。

请注意，对于v6版本的noproxy文档，没有提到任何关于环境变量的内容，而自从v7版本开始，NO_PROXY环境变量就被提到了。我的环境中 没有配置为验证此变量如何工作(如果覆盖小写版本)。

合适的配置

现在我正在配置docker image，它应该在代理后面使用，在Dockerfile中需要这些条目:

COPY certs/PoroxyCertificate.crt /usr/local/share/ca-certificates/
COPY certs/RootCa.crt /usr/local/share/ca-certificates/
RUN update-ca-certificates
# here all tools like curl were working

RUN  ["/bin/bash", "-c", "set -o pipefail && curl -sSL https://deb.nodesource.com/setup_14.x  |  bash -"]
RUN apt-get -y update && apt-get install -y nodejs
RUN npm config set cafile /etc/ssl/certs/ca-certificates.crt -g

有趣的是，我需要两个证书文件。还。crt是所有公司服务器的自签名证书和PoroxyCertificate。crt包含该证书，但它还有一个额外的中间SubCA证书。代理响应长度为3的证书链。

现在update-ca-certificates扫描目录/usr/local/share/ca-certificates/寻找新的证书，并更新/etc/ssl/certs/ca-certificates。CRT将包含比那些自定义证书更多的内容。

提供这个/etc/ssl/certs/ca-certificates。CRT到NPM配置文件解决了使用代理时证书的所有问题。

重要提示

npm v6的证书错误经常会导致npm ERR!最大调用堆栈大小超过了什么是非常令人困惑的(我甚至故意破坏证书来验证这个问题)，日志文件包含如下内容:

RangeError: Maximum call stack size exceeded
    at isDepOptional (/usr/lib/node_modules/npm/lib/install/deps.js:417:24)
    at failedDependency (/usr/lib/node_modules/npm/lib/install/deps.js:441:9)
    at failedDependency (/usr/lib/node_modules/npm/lib/install/deps.js:457:9)
    at failedDependency (/usr/lib/node_modules/npm/lib/install/deps.js:457:9)
    at failedDependency (/usr/lib/node_modules/npm/lib/install/deps.js:457:9)
    at failedDependency (/usr/lib/node_modules/npm/lib/install/deps.js:457:9)
    at failedDependency (/usr/lib/node_modules/npm/lib/install/deps.js:457:9)
    at failedDependency (/usr/lib/node_modules/npm/lib/install/deps.js:457:9)
    at failedDependency (/usr/lib/node_modules/npm/lib/install/deps.js:457:9)
    at failedDependency (/usr/lib/node_modules/npm/lib/install/deps.js:457:9)
    at failedDependency (/usr/lib/node_modules/npm/lib/install/deps.js:457:9)
    at failedDependency (/usr/lib/node_modules/npm/lib/install/deps.js:457:9)
    at failedDependency (/usr/lib/node_modules/npm/lib/install/deps.js:457:9)
    at failedDependency (/usr/lib/node_modules/npm/lib/install/deps.js:457:9)
    at failedDependency (/usr/lib/node_modules/npm/lib/install/deps.js:457:9)
    at failedDependency (/usr/lib/node_modules/npm/lib/install/deps.js:457:9)

我发现了一些关于这方面的问题，但这不会在v6中被修复。

在我的情况下，我忘记在配置文件中设置“http://”(可以在C: \Users \ [USERNAME] \ .npmrc中找到)代理地址。所以我们不需要

proxy=http://[IPADDRESS]:[PORTNUMBER]
https-proxy=http://[IPADDRESS]:[PORTNUMBER]

我有

proxy=[IPADDRESS]:[PORTNUMBER]
https-proxy=[IPADDRESS]:[PORTNUMBER]

这当然没有工作，但错误消息也没有多大帮助…

这对我来说在Windows中是有效的:

npm config set proxy http://domain%5Cuser:pass@host:port

如果您不在任何域中，请使用:

npm config set proxy http://user:pass@host:port

如果您的密码包含特殊字符，如“，@，:等，请将它们替换为URL编码值。例如“->%22，@->%40，:->%3A。%5C用于字符\。

在最后捆绑了不同的答案后，@Kayvar回答的前四行帮助我解决了这个问题:

npm config set registry http://registry.npmjs.org/
npm config set proxy http://myusername:mypassword@proxy.us.somecompany:8080
npm config set https-proxy http://myusername:mypassword@proxy.us.somecompany:8080
npm config set strict-ssl false

npm config set proxy <http://...>:<port_number>
npm config set registry http://registry.npmjs.org/

这解决了我的问题。