Hi @joaomoreno
Latest version 1.55.0 prints this warning:
$ vsce list faustinoaq
(node:28011) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification.
javac-linter @ 1.3.1
This overwrites expected output (I have 3 extensions published, see: https://marketplace.visualstudio.com/publishers/faustinoaq)
My pc setup:
$ node -v
v11.6.0
$ npm -v
6.6.0
$ vsce -V
1.55.0
$ lsb_release -a
LSB Version: n/a
Distributor ID: ManjaroLinux
Description: Manjaro Linux
Release: 18.0.2
Codename: Illyria
Maybe Related? https://github.com/Microsoft/vscode-vsce/issues/320
I don't want to unpublish my packages, I see this warning everytime I use vsce to request some information from microsoft servers.
What does echo NODE_TLS_REJECT_UNAUTHORIZED return?
@joaomoreno Hi, do you mean echo $NODE_TLS_REJECT_UNAUTHORIZED ? :sweat_smile:
I just updated it again to latest version and I still have this issue
$ echo NODE_TLS_REJECT_UNAUTHORIZED
NODE_TLS_REJECT_UNAUTHORIZED
$ echo $NODE_TLS_REJECT_UNAUTHORIZED
$ vsce list faustinoaq
(node:4793) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification.
javac-linter @ 1.3.1
$ node -v
v11.6.0
$ npm -v
6.7.0
$ vsce -V
1.56.0
Also, I tried to setup export NODE_TLS_REJECT_UNAUTHORIZED=1 and even executing NODE_TLS_REJECT_UNAUTHORIZED=1 vsce list faustinoaq and still getting this warning.
Yes I meant that! Well, you get that warning because that is enabled. Try
NODE_TLS_REJECT_UNAUTHORIZED=0 vsce list faustinoaq
Still same warning :sweat_smile:
$ NODE_TLS_REJECT_UNAUTHORIZED=0 vsce list faustinoaq
(node:6214) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification.
javac-linter @ 1.3.1
Maybe NODE_TLS_REJECT_UNAUTHORIZED is hardcoded somewhere else?
Definitely not in VSCE... :thinking:
Hi, I just updated to 1.57.0 and this warning is still showing.
All other functions (publishing, login) work fine :+1:
I can also report that I have this issue.
I'm also experiencing it while doing vsce login or vsce publish
I'm seeing this too when publishing:
Publishing [email protected]...
(node:8379) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification.
DONE Published [email protected]
I don't have this variable set:
$ echo $NODE_TLS_REJECT_UNAUTHORIZED
$
There is nothing in VSCE which sets this variable. No idea what is going on.
You have a dependency on vso-node-api which seems to have this in:

typed-rest-client has the same (looks like a copy of the same function).
Seems like an MS package, but npm says it's deprecated. It's not clear what the status is (or why they'd be doing this, it seems dangerous to be setting it for everyone in the way they are?).
馃
FWIW, looks like it was removed from typed-rest-client here:
https://github.com/Microsoft/typed-rest-client/pull/7
I don't know how that relates to vso-node-api though.
I'm currently working on moving these dependencies forward.
where is this line
NODE_TLS_REJECT_UNAUTHORIZED=0
One of our customers and one team member began hitting this on VSCode 1.40.0 when they attempted to upgrade their WAVE extension. Was this resolved/could this be hitting VSCode RTM as well? Sending the issue to them so they can also follow-up.
Error Message
Unable to update the WAVE extension. (node:10124) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification.
(node:10124) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification. Installing extensions...
Extension 'c8acb7e1-6ab4-44c4-97c4-3c9b466e0ae9.vsix' was successfully installed.
@HenokAddis What extension is that?

Note that this is about VSCE. The problem was found in a dependency of it, so very likely it will be found in a dependency of that WAVE extension, so please give them an issue.
Have you set the NODE_TLS_REJECT_UNAUTHORIZED to int, or the required "0" string...?
Most helpful comment
I'm also experiencing it while doing
vsce loginorvsce publish