npm install not working behind corporate firewall

[BasieP]

I have troubles installing the npm package behind a corporate firewall due to the download of an executeable included in the post-install of the npm package.

Right now this is how my output looks like:

d:\Workspace\myproj>npm install cypress --save-dev

> cypress@1.0.1 postinstall d:\Workspace\myproj\node_modules\cypress
> node index.js --exec install

Installing Cypress (version: 1.0.1)

 V  Downloaded Cypress
 ×  Unzipping Cypress
   → Cypress Version: 1.0.1
    Finishing Installation
The Cypress App could not be unzipped.

Search for an existing issue or open a GitHub issue at

https://github.com/cypress-io/cypress/issues
----------

Error: end of central directory record signature not found
----------

Probably the downloaded file (zip i guess) gets replaced by a html page of my proxy.
therefore the download is successfull, but the unzip fails

I'm hoping for some way to resolve this for all our big banks, goverments and other companies where we don't blindly trust executables download off the internet.

I don't know much about the logic behind Cypress, but i noticed the CLI is binary, so if that is the problem, please split the package into 2 different NPM packages.
I won't be needing the CLI anyway.

[RandallKent]

@BasieP - Have you tried the Direct Download? That should hopefully get you up and running while the community looks into this issue further.

[tgelu]

+1 :( the link to direct download is blocked behind my organisation's firewall

[MarcLoupias]

@tgelu is your organization using something like JFrog Artifactory or do they allow direct download from the npm registry ?

When sysadmins blocks downloads from the outside world the solution is to use something like artifactory to act like a proxy with an appropriate network config for that "proxy". That way they can control what it is goin on on their network instead of letting anybody doing everything.

For example when you run npm install cypress the artifactory will download from the internet and when it will be available your npm client will download it from your local network and not from the internet.

I am pretty sure it is possible to configure artifactory to act the same way with external downloads fired from npm installation scripts.

So npm install cypress will download cypress package from your artifactory and when cypress will try to download from https://download.cypress.io/xxxxx it will download from artifactory also.

I will have to fix this issue also but later. For now the direct download is available to me so i have what i need to convince my hierarchy to heavily use cypress :-)

I don't think the bug label is appropriate here. At best you (cypress.io) could embark everything in the cypress package (every platform and arch available) but the direct download package is a 500mo stuff which seems too heavy for the npm registry.

[IcodeNet]

Guys this seems the same problem that people are having with chromedriver behind corporate networks.
In particular the issue has to do with the usage of https: in the download link
The solution for chrome driver is to be able to specify and alternate location for the download through the npm config.
So if cypress while installing was checking npm connfig for a "cypress-cdnurl" and that url was local to the network then there woud not be an issue.
For completness what I do with Chromedriver is set in my npm config file
...chromedriver_cdnurl=http://someServer/chromedriver ..

[bahmutov]

You could do this already via CYPRESS_INSTALL_BINARY environment variable that can be any URL

…

Sent from my iPhone

On Oct 22, 2017, at 12:11, Byron Thanopoulos ***@***.***> wrote: Guys this seems the same problem that people are having with chromedriver behind corporate networks. In particular the issue has to do with the usage of https: in the download link The solution for chrome driver is to be able to specify and alternate location for the download through the npm config. So if cypress while installing was checking npm connfig for a "cypress-cdnurl" and that url was local to the network then there woud not be an issue. For completness what I do with Chromedriver is set in my npm config file ...chromedriver_cdnurl=http://someServer/chromedriver .. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

[IcodeNet]

For completeness based on @bahmutov very helpful hint what you need to do
(if your network blocks downloads or mess with certificates so that you cannot download from https://)
is the following:
Download and store somewhere on your network the cypress.zip file.
Then expose this file through a URL under https://
Then set either in your environment variables a
CYPRESS_BINARY_VERSION=https://someserver/cypress.zip

This is very important as the code that installs cypress has a function that checks if the alternative location for the binary starts with /^https:/

You can also pass at the command prompt the same
>set CYPRESS_BINARY_VERSION=https://someserver/cypress.zip&& npm i cypress -D

Ideally this should not be the case as the ceremony is greater than it should.
IMHO I think any local path could do such as C:\dev\cypress.zip
this way it would be easier to install behind proxies or networks that block zip downloads and point to a local folder. Especially useful for CI servers

[bahmutov]

Good suggestion @IcodeNet and set CYPRESS_BINARY_VERSION=/some/path/to/cypress.zip environment variable ~~~already supports file path~~~. So if your proxy does not allow whitelisting https://download.cypress.io domain you could download cypress.zip for your platform and provide direct filepath on the test worker machine.

Edited: file path support has not been released yet, watch #701

[bahmutov]

Please watch cypress-io/cypress-documentation#121 where I will document CYPRESS_BINARY_VERSION variable

[BasieP]

it works nice with the CYPRESS_BINARY_VERSION variable, but there is still the bug of it only working with https
we have an internal nexus on http (not secure) and the CYPRESS_BINARY_VERSION variable doesn't work on http sites....
can that be fixed? i can make a PR if needed

[RandallKent]

@BasieP - PRs are always welcome! 😄

[simonatorw]

This is the only thing preventing me from using this really nice software. For the time being, I'm stuck with the crappy alternatives :(

[brian-mann]

@simonatorw @BasieP is this still the case? There's a problem with http ? We fixed that in 1.1.4 https://docs.cypress.io/guides/references/changelog.html#1-1-4

[BasieP]

Gonne test it in new year.. Should work i've seen the fix :)

…

On 20 Dec 2017 6:00 pm, "Brian Mann" ***@***.***> wrote: @simonatorw <https://github.com/simonatorw> @BasieP <https://github.com/basiep> is this still the case? There's a problem with http ? We fixed that in 1.1.4 https://docs.cypress.io/ guides/references/changelog.html#1-1-4 — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#733 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/Ab6pPXloGrwHY2uYbPiMHvKgxfxpTG_7ks5tCT0hgaJpZM4P2iAY> .

[simonatorw]

Hello, thx for your reply. I was able to overcome the problem with the env var solution. Thx. Is it possible to have npm just fetch the zip by default? Wouldn't that solve the problem without setting the env var? As you say, the custom path won't be saved in package.json so someone else cannot do a new npm i and be able to install cleanly.

[TimoPot]

why not place the cypress.zip file in the GitHub project?
My company does not block zip file downloads from GitHub.
CYPRESS_BINARY_VERSION can then point to the zip file on GitHub.

[chris-kobrzak]

In Cypress version 3+ you will need to unset CYPRESS_BINARY_VERSION and use CYPRESS_INSTALL_BINARY instead.

[TimoPot]

Thank you @chris-kobrzak. True but that does not solve my issue

[brian-mann]

@TimoPot you can download the binary and host yourself if you'd like. That would be the easiest way to get it inside your network.

[cypress-bot]

The code for this is done in cypress-io/cypress#3531, but has yet to be released.
We'll update this issue and reference the changelog when it's released.

[Hatzman91]

Any indication when it will be released?
We'd really like to include it for our new project :)

[jennifer-shehane]

Soon. We have been working on the release - had to pause to fix some potential regressions in the release. 🤞

[cypress-bot]

Released in 3.3.0.

[tomasbjerre]

I made a tool to help deal with these platform specific binaries, and not being able to download behind firewall, se comment here: #5141 (comment)

[zwfang]

CYPRESS_INSTALL_BINARY=3.8.2 npm install cypress@3.8.2

Fix my issue.

[mobsean]

Under Windows and behind corp. proxy I downloaded the zip manually and saved it to C:\dev.
Then I did this:
npm config set CYPRESS_INSTALL_BINARY "C:\dev\cypress.zip"
and then
npm install -D cypress

[jennifer-shehane]

This issue will be closed to further comment as the exact issue here was resolved and tested.

If you're experiencing a bug similar to this in Cypress, please open a new issue with a fully reproducible example that we can run. There may be a specific edge case with the issue that we need more detail to fix.