Allow disabling SSL and hash checks when linking the Plugin.


Question.

I get this error when trying to link the plugin to the CLI:

PS C:\Sandbox\SFDX-Data-Move-Utility> sfdx plugins:link
warning package-lock.json found. Your project contains lock files generated by tools other than Yarn. It is advised not to mix package managers in order to avoid resolution inconsistencies caused by unsynchronized lock files. To clear this warning, remove package-lock.json.

(node:5912) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification.

(Use node --trace-warnings ... to show where the warning was created)

error An unexpected error occurred: "https://registry.yarnpkg.com/globby/-/globby-11.0.2.tgz: SSL Error: UNABLE_TO_GET_ISSUER_CERT_LOCALLY".

sfdx-cli: linking plugin sfdmu... !

Error: yarn --non-interactive --mutex=file:C:\Sandbox\SFDX-Data-Move-Utility\yarn.lock

--preferred-cache-folder=C:\Users\1219611\AppData\Local\sfdx\yarn --check-files exited with code 1

PS C:\Sandbox\SFDX-Data-Move-Utility>

I'd like to have the ability to disable the "--check-files" option of yarn when linking a plugin to bypass the SSL errors due to ZScaler on corporate network.


Answer.

We have no control over the sfdx plugin:links command execution and no extended options can be added from our side.

The working solution would be:

  • Perform the following CLI commands:
$ npm config set strict-ssl=false
$ npm config set registry http://registry.npmjs.org/
$ set NODE_TLS_REJECT_UNAUTHORIZED=0
  • Then remove yarn.lock file.

See the discussion here:

https://stackoverflow.com/questions/45884752/npm-err-code-unable-to-get-issuer-cert-locally

Last updated on 29th Jan 2023