Vscode-vsce: Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED

Created on 7 Feb 2019  路  17Comments  路  Source: microsoft/vscode-vsce

Hi @joaomoreno

Latest version 1.55.0 prints this warning:

$ vsce list faustinoaq
(node:28011) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification.
javac-linter @ 1.3.1

This overwrites expected output (I have 3 extensions published, see: https://marketplace.visualstudio.com/publishers/faustinoaq)

My pc setup:

$ node -v
v11.6.0
$ npm -v
6.6.0
$ vsce -V
1.55.0
$ lsb_release -a
LSB Version:    n/a
Distributor ID: ManjaroLinux
Description:    Manjaro Linux
Release:        18.0.2
Codename:       Illyria

Maybe Related? https://github.com/Microsoft/vscode-vsce/issues/320

I don't want to unpublish my packages, I see this warning everytime I use vsce to request some information from microsoft servers.

bug

Most helpful comment

I'm also experiencing it while doing vsce login or vsce publish

All 17 comments

What does echo NODE_TLS_REJECT_UNAUTHORIZED return?

@joaomoreno Hi, do you mean echo $NODE_TLS_REJECT_UNAUTHORIZED ? :sweat_smile:

I just updated it again to latest version and I still have this issue

$ echo NODE_TLS_REJECT_UNAUTHORIZED
NODE_TLS_REJECT_UNAUTHORIZED
$ echo $NODE_TLS_REJECT_UNAUTHORIZED

$ vsce list faustinoaq    
(node:4793) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification.
javac-linter @ 1.3.1
$ node -v
v11.6.0
$ npm -v
6.7.0
$ vsce -V
1.56.0

Also, I tried to setup export NODE_TLS_REJECT_UNAUTHORIZED=1 and even executing NODE_TLS_REJECT_UNAUTHORIZED=1 vsce list faustinoaq and still getting this warning.

Yes I meant that! Well, you get that warning because that is enabled. Try

NODE_TLS_REJECT_UNAUTHORIZED=0 vsce list faustinoaq

Still same warning :sweat_smile:

$ NODE_TLS_REJECT_UNAUTHORIZED=0 vsce list faustinoaq
(node:6214) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification.
javac-linter @ 1.3.1

Maybe NODE_TLS_REJECT_UNAUTHORIZED is hardcoded somewhere else?

Definitely not in VSCE... :thinking:

Hi, I just updated to 1.57.0 and this warning is still showing.

All other functions (publishing, login) work fine :+1:

I can also report that I have this issue.

I'm also experiencing it while doing vsce login or vsce publish

I'm seeing this too when publishing:

Publishing [email protected]...
(node:8379) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification.
 DONE  Published [email protected]

I don't have this variable set:

$ echo $NODE_TLS_REJECT_UNAUTHORIZED

$ 

There is nothing in VSCE which sets this variable. No idea what is going on.

You have a dependency on vso-node-api which seems to have this in:

Screenshot 2019-05-02 at 18 32 17

typed-rest-client has the same (looks like a copy of the same function).

Seems like an MS package, but npm says it's deprecated. It's not clear what the status is (or why they'd be doing this, it seems dangerous to be setting it for everyone in the way they are?).

馃

FWIW, looks like it was removed from typed-rest-client here:

https://github.com/Microsoft/typed-rest-client/pull/7

I don't know how that relates to vso-node-api though.

I'm currently working on moving these dependencies forward.

where is this line
NODE_TLS_REJECT_UNAUTHORIZED=0

One of our customers and one team member began hitting this on VSCode 1.40.0 when they attempted to upgrade their WAVE extension. Was this resolved/could this be hitting VSCode RTM as well? Sending the issue to them so they can also follow-up.

Error Message

Unable to update the WAVE extension. (node:10124) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification.
(node:10124) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification. Installing extensions...
Extension 'c8acb7e1-6ab4-44c4-97c4-3c9b466e0ae9.vsix' was successfully installed.

@HenokAddis What extension is that?

image

Note that this is about VSCE. The problem was found in a dependency of it, so very likely it will be found in a dependency of that WAVE extension, so please give them an issue.

Have you set the NODE_TLS_REJECT_UNAUTHORIZED to int, or the required "0" string...?

Was this page helpful?
0 / 5 - 0 ratings