-1

I installed the project I use ReactJs on my computer via GitHub, but when I use the npm install command for dependencies, I get python-related errors even though my project is not related to python.

Project

Errors

The error log shows a file occured while trying to download node-v16.14.2-headers.tar.gz from https://nodejs.org :

npm ERR! gyp http GET https://nodejs.org/download/release/v16.14.2/node-v16.14.2-headers.tar.gz
npm ERR! gyp WARN install got an error, rolling back install
npm ERR! gyp verb command remove [ '16.14.2' ]
npm ERR! gyp verb remove using node-gyp dir: C:\Users\oguzhan.duran\AppData\Local\node-gyp\Cache
npm ERR! gyp verb remove removing target version: 16.14.2
npm ERR! gyp verb remove removing development files for version: 16.14.2
npm ERR! gyp ERR! configure error
npm ERR! gyp ERR! stack FetchError: request to https://nodejs.org/download/release/v16.14.2/node-v16.14.2-headers.tar.gz failed, reason: self signed certificate in certificate chain
npm ERR! gyp ERR! stack     at ClientRequest.<anonymous> (C:\Users\oguzhan.duran\Desktop\case-app\node_modules\minipass-fetch\lib\index.js:110:14)
npm ERR! gyp ERR! stack     at ClientRequest.emit (node:events:526:28)
npm ERR! gyp ERR! stack     at TLSSocket.socketErrorListener (node:_http_client:442:9)
npm ERR! gyp ERR! stack     at TLSSocket.emit (node:events:538:35)
npm ERR! gyp ERR! stack     at emitErrorNT (node:internal/streams/destroy:157:8)
npm ERR! gyp ERR! stack     at emitErrorCloseNT (node:internal/streams/destroy:122:3)
npm ERR! gyp ERR! stack     at processTicksAndRejections (node:internal/process/task_queues:83:21)```
Panagiotis Kanavos
  • 120,703
  • 13
  • 188
  • 236
oguzduran
  • 34
  • 1
  • 6
  • What does npm have to do with cloning Github projects or Python? `npm` is the Node.js Package Manager. Python doesn't have projects anyway. Can you run `python` from the command line in the first place? – Panagiotis Kanavos Apr 07 '22 at 06:49
  • I get error after npm install and this error is related to python. – oguzduran Apr 07 '22 at 06:53
  • npm install is for node.js (javascript) projects and not for python. You will get errors ofcourse if you use cross language commands. – Ritik Banger Apr 07 '22 at 06:58
  • If you read the errors you link to you'll see that Python was located. There was an error trying to download something else due to an invalid certificate – Panagiotis Kanavos Apr 07 '22 at 07:09
  • You are correct in what you said, I updated the question, can you check it again? – oguzduran Apr 07 '22 at 07:11
  • Are you using Fiddler perhaps? The error complains that a self-signed certificate was found while trying to download `https://nodejs.org/download/release/v16.14.2/node-v16.14.2-headers.tar.gz`. I seriously doubt `nodejs.org` would use a self-signed certificate. Fiddler does though. So do some hastily-configured SSL proxies – Panagiotis Kanavos Apr 07 '22 at 07:13
  • Please don't post just links to projects and remote files. The relevant information should be in *the question itself*. StackOverflow is a Q&A site. A question should be able to stand on its own, otherwise it's of no use to anyone else. – Panagiotis Kanavos Apr 07 '22 at 07:14
  • When I go to `https://nodejs.org/download/release/v16.14.2/` I see the site has a valid certificate signed by Sertigo. There's a misconfigured HTTPS proxy between your machine and the site. Perhaps it's Fiddler or a similar debugging proxy running on your machine - Fiddler can act as an HTTPS proxy to allow decryption and inspection of HTTPS traffic. It does so by using its own self-signed certificate. The HTTPS inspection dialog box warns that enabling this will raise errors in applications that enforce certificate validation. – Panagiotis Kanavos Apr 07 '22 at 07:25
  • I think it might be related, I am currently working with my work computer and connected to my work network – oguzduran Apr 07 '22 at 07:28
  • It may also be a misconfigures HTTPS proxy on campus, or captive portal at a cafe - the cafe's router intercepts your first call to display its login screen. A "cheap" cafe owner may not want to pay for a valid certificate – Panagiotis Kanavos Apr 07 '22 at 07:29
  • `my work network` then tell the admin they have a **serious** problem- or you do. The whole point of HTTPS is to prevent Man-in-the-Middle attacks. That's what this warning says right now - someone's in the middle. Either your network is compromised, or a proxy was misconfigured and ended up removing the MitM protection. How are you going to tell between errors caused by the proxy vs errors caused by an actual attack now? In Active Directory, certificates generated by the domain are trusted so something is definitely wrong one way or another – Panagiotis Kanavos Apr 07 '22 at 07:32
  • Never mind that HTTPS inspecting proxies are a risk themselves. The proxy is intercepting and inspecting if not logging even your logins to GMail or any company cloud services, including passwords and authentication tokens. Never mind the privacy issues – Panagiotis Kanavos Apr 07 '22 at 07:35
  • Try this, open powershell/command prompt as admin and run `npm install -g windows-build-tools` and try then again. – Jeremy John Apr 07 '22 at 11:07

1 Answers1

1

In our case the issue was because of using node-sass behind an enterprise proxy. We could not manage to get node trusting the proxy's certificates so we decided to switch from

node-sass (https://www.npmjs.com/package/sass)

to

sass (Dart Sass, https://sass-lang.com/dart-sass)

which solved the issue for us. Node-Sass does require some downloads which dart sass does not. Dart Sass nearly seems to be a 1 to 1 replacement to node-sass, and as far as we have seen bigger frameworks (like Angular, React, etc.) already switched to it.

Maybe this might help...

Timon
  • 11
  • 2