Check NPM Config Strict SSL

Description

The NPM_CONFIG_STRICT_SSL environment variable is used to control strict SSL certificate validation behavior in npm. This policy ensures that certificate validation isn’t disabled for npm via the NPM_CONFIG_STRICT_SSL environmnet variable.

Kyverno policy

Refer to the Nirmata curated policies - check-npm-config-strict-ssl.

Resource example

Below is an example of a Dockerfile enforcing this policy.

FROM node:latest

ENV NPM_CONFIG_STRICT_SSL=false

RUN echo "Hello world"