Get MacOS System certificates into Node.js.
Node uses a statically compiled, manually updated, hardcoded list of certificate authorities, rather than relying on the system's trust store... Read more
This is most of the time ok, but there are cases where you might for example want to use TLS in development with self signed certificates for which you have a root certificate in your local store. Eg: mkcert
This package is intended to fetch Root CAs from MacOS "SystemRootCertificates.keychain" and the user's keychain into Node.js.
Install with
npm install --save mac-ca
And then use it as follows:
require('mac-ca').addToGlobalAgent();
//or
require('mac-ca/register');
You can also do:
node --require mac-ca/register app.js
If called in other operative systems the method will just do nothing.
After require('mac-ca').addToGlobalAgent() MacOs' Root CAs are found, deduplicated and installed to https.globalAgent.options.ca so they are automatically used for all requests with Node.js' https module and any higher-level library like axios, node-fetch or request.
For use in other places, these certificates are also available via .get() method.
let ca = require("mac-ca");
let forge = require("node-forge");
for (let pem of ca.get()) console.log(pem);
You can also specify the format as follows:
ca.get({ format: ca.Format.der });
Available values for format are:
| Constant | Value | Meaning |
|---|---|---|
| der2.der | 0 | DER-format (binary, Node's Buffer) |
| der2.pem | 1 | PEM-format (text, Base64-encoded) |
| der2.txt | 2 | PEM-format plus some info as text |
| der2.asn1 | 3 | ASN.1-parsed certificate |
| * | * | Certificate in node-forge format (RSA only) |
Other options for get:
keychain (defaults to all): it could be all, current or SystemRootCertificates.unique (defaults to true): exclude duplicated certificates found.excludeBundled (defaults to true): exclude certificates found in node.js's tls.rootCertificates.Uses node-forge and is heavily inspired by Stas Ukolov's win-ca.
See also OpenSSL::Win::Root.
FAQs
Get Mac OS Root certificates
The npm package mac-ca receives a total of 37,521 weekly downloads. As such, mac-ca popularity was classified as popular.
We found that mac-ca demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.
Security News
Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.
Security News
Node.js has paused its bug bounty program after funding ended, removing payouts for vulnerability reports but keeping its security process unchanged.