Cypress binary download request using `cafile` unnecessarily

[narehart]

Current behavior

Starting from 11.0.0 Cypress uses the cafile value defined in .npmrc which I guess is a sane default but I have a unique use case where I need to download my npm packages through Artifactory but there is no repository in Artifactory for the binaries so Cypress is requesting binaries from https://download.cypress.io with the ca when attempting to install >=11.0.0 which results in an unable to get local issuer certificate error.

The only way I could get around this was to set CYPRESS_INSTALL_BINARY=0 in my .npmrc and then add a "cypress:install": "CYPRESS_INSTALL_BINARY=11.0.0 npm_config_cafile='./non/existent/path.pem' cypress install", script to my package.json and call this before every other cypress script, e.g., cypress:run, cypress:watch.

Setting npm_config_cafile to a non-existent path seems to be the only way to force the binary request to not use the cafile config.

Alternatively I could add a proxy for the download that would accept the cafile but I don't want to throw infrastructure at what should be a configuration issue.

Would it be possible to add a unique environment variable to explicitly toggle ca usage? Maybe a CYPRESS_CAFILE that would take priority over npm_config_cafile and could be set to 0 to disable ca usage altogether?

Debug logs

Exit code: 1
Command: node index.js --exec install
Arguments: 
Directory: /node_modules/cypress
Output:
Installing Cypress (version: 11.0.0)

[STARTED] Task without title.
[FAILED] The Cypress App could not be downloaded.
[FAILED] 
[FAILED] Does your workplace require a proxy to be used to access the Internet? If so, you must configure the HTTP_PROXY environment variable before downloading Cypress. Read more: https://on.cypress.io/proxy-configuration
[FAILED] 
[FAILED] Otherwise, please check network connectivity and try again:
[FAILED] 
[FAILED] ----------
[FAILED] 
[FAILED] URL: https://download.cypress.io/desktop/11.0.0?platform=darwin&arch=x64
[FAILED] Error: unable to get local issuer certificate
[FAILED] 
[FAILED] ----------
[FAILED] 
[FAILED] Platform: darwin-x64 (23.5.0)
[FAILED] Cypress Version: 11.0.0
The Cypress App could not be downloaded.

Does your workplace require a proxy to be used to access the Internet? If so, you must configure the HTTP_PROXY environment variable before downloading Cypress. Read more: https://on.cypress.io/proxy-configuration

Otherwise, please check network connectivity and try again:

----------

URL: https://download.cypress.io/desktop/11.0.0?platform=darwin&arch=x64
Error: unable to get local issuer certificate

----------

Platform: darwin-x64 (23.5.0)

Cypress Version

11.0.0

Node version

18.12.0

Package Manager

yarn

Package Manager Version

1.22.19

Operating system

Mac

Operating System Version

14.5

Other

No response

[jennifer-shehane]

Relevant PR here in 11.0: #24493

Communication with the Cypress Dashboard will now verify CAs and reject any unauthorized calls. If you use a self-signed CA you will need to set npm_config_ca, npm_config_cafile, or NODE_EXTRA_CA_CERTS. Addresses #23980.

[narehart]

But I don't want to use the CA for the binary download. I only need it to install the package itself. And there is no way for me to unset npm_config_cafile before cli/lib/tasks/download.js attempts the download unless I download the binary as a separate step as initially described.