Skip to content

[BUG] NPM 11.5.1 overrides protocol to https for registry URLs #8541

New issue
New issue
Closed
Closed
[BUG] NPM 11.5.1 overrides protocol to https for registry URLs#8541
Labels
Bugthing that needs fixingNeeds Triageneeds review for next steps
@Ma27

Description

@Ma27
Ma27
opened on Aug 30, 2025

Is there an existing issue for this?

  • I have searched the existing issues

This issue exists in the latest npm version

  • I am using the latest npm

Current Behavior

$ npm config set registry http://localhost # the registry doesn't need to exist
$ npm config set loglevel silly
$ npm ci # on an arbitrary repository

will give logs like this:

npm http cache reactjs@https://localhost/reactjs/-/reactjs-1.0.0.tgz 0ms (cache hit)

Please note the https.

Expected Behavior

When specifying http:// instead of https:// and there's no redirect on the registry endpoint, npm shouldn't override to https.

This in fact works correctly with NPM 10.9.2, i.e. the nodejs bundled with 22.17.1.

Steps To Reproduce

See above.

Environment

  • npm: 11.5.1 / 11.5.2
  • Node.js: 24.5.0 / 24.7.0
  • OS Name: NixOS 25.05
  • System Model Name: Framework 13" Intel 11th Gen
  • npm config:
; "user" config from /home/ma27/.npmrc

loglevel = "silly"
registry = "http://localhost"

; node bin location = /nix/store/cx0r35l6bwqixfyycxnk36wvlwpdypzg-nodejs-24.5.0/bin/node
; node version = v24.5.0
; npm local prefix = /home/ma27/Projects/authentik/website
; npm version = 11.5.2
; cwd = /home/ma27/Projects/authentik/website
; HOME = /home/ma27
; Run `npm config ls -l` to show all defaults.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Bugthing that needs fixingNeeds Triageneeds review for next steps

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions