You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Essentially, I need to set my http_proxy environment variable in order to connect to the internet via our proxy server to install modules via npm.
I recently noticed that for a specific module there was a build/config.gypi file that appears to actually contain my proxy environment settings, which seems to be a security issue.
Just wanted to follow this up here since this issue may have not been related to the original module where I had opened an issue. More information can be found there:
Depends on whether it's harmful. node-gyp doesn't store the http_proxy environment variable, it stores the npm_config_* variables (from .npmrc and the command line) that npm passes to node-gyp. That's used to pass additional build options so that can't be removed.
We could filter specific variables but that might still break some add-ons. You don't normally redistribute config.gypi so I don't really see the harm in leaving it as-is.
Essentially, I need to set my http_proxy environment variable in order to connect to the internet via our proxy server to install modules via npm.
I recently noticed that for a specific module there was a
build/config.gypi
file that appears to actually contain my proxy environment settings, which seems to be a security issue.Just wanted to follow this up here since this issue may have not been related to the original module where I had opened an issue. More information can be found there:
websockets/ws#400
The text was updated successfully, but these errors were encountered: