Git and npm Proxy Settings: Configure, Test, and Remove Safely

Set Git and npm proxy scopes deliberately, inspect the effective configuration, protect credentials, test TLS, and remove stale settings cleanly.

Written by the Mexela Editorial Team. Technical guides are reviewed by the Mexela Technical Team under the Mexela Editorial Policy.

Git branch and npm package workflow routed through a secure proxy terminal

Key topics:

PROXY PLANS

Ready to buy proxies for this workflow?

Use the guide below to choose the right proxy type, then start with private proxies for dedicated IPv4 access or shared proxies when price matters more.

Configure a Git proxy with git config --global http.proxy and an npm proxy with npm config set proxy plus https-proxy, then inspect the effective value and its source before testing. Remove stale settings with the matching unset or delete command instead of disabling TLS.

Scope: this tutorial covers Git smart HTTP and npm registry traffic. For application runtime clients, use the curl, Python, and Node.js proxy guide; the Proxy Setup and Developer Guides hub links the wider setup cluster.

Inspect configuration scope before changing it

Git can read system, global, repository, environment, and URL-specific values. npm can read project, user, global, environment, and command-line configuration. A command may work in one terminal and fail in CI because the effective sources differ.

git config --show-origin --get-regexp '^(http|https)[.]'
npm config get proxy
npm config get https-proxy
npm config get registry

Do not paste output containing a credential-bearing URL into a ticket. Record the config source, proxy host label, port, auth method, and sanitized error instead.

Configure a Git proxy for HTTPS remotes

The official Git configuration documentation defines http.proxy, URL-specific http.<url>.* settings, and proxy authentication methods. Start globally only when every repository needs the same route.

git config --global http.proxy http://HOST:PORT
git config --global --get http.proxy
git ls-remote https://github.com/git/git.git HEAD

For a narrower destination, use a URL-specific section rather than routing unrelated remotes. If the proxy requires authentication, prefer a credential manager or an approved runtime prompt. A password inside .gitconfig is readable configuration, not secret storage.

Configure npm proxy and HTTPS proxy values

The official npm configuration reference documents proxy, https-proxy, and the standard proxy environment variables honored by the fetch layer.

npm config set proxy http://HOST:PORT
npm config set https-proxy http://HOST:PORT
npm ping

The https-proxy value often still uses the HTTP URL scheme: that means npm connects to an HTTP proxy and asks it to tunnel the HTTPS registry connection. It does not make registry TLS optional.

Use environment variables for temporary or CI scope

Temporary environment variables can keep machine-wide config unchanged, but CI secret masking and process inheritance still matter. Define only the variables the tool supports, scope them to one job, and unset them afterward.

HTTP_PROXY=http://HOST:PORT
HTTPS_PROXY=http://HOST:PORT
NO_PROXY=localhost,127.0.0.1,.internal.example

On a shared runner, do not write credential-bearing values into echoed shell commands. Use the platform’s protected secret store and confirm redaction with a harmless placeholder before running a real job.

Keep TLS verification enabled

A certificate error is not repaired by setting http.sslVerify=false or strict-ssl=false. Check the device clock, destination hostname, approved enterprise inspection certificate, Git/npm trust store, and whether the proxy created a tunnel. An unknown root must be investigated and distributed through the organization’s normal trust process.

Expected observation: Git reports the intended configuration source, git ls-remote returns one reference, npm ping reaches the configured HTTPS registry, and both operations keep certificate verification enabled. A 407 proves reachability to the proxy but failed authentication.

Remove proxy settings from the same scope

When the route is no longer required, remove proxy settings rather than leaving an unreachable endpoint that breaks future work.

git config --global --unset http.proxy
npm config delete proxy
npm config delete https-proxy

Repeat the inspection commands afterward. If a value remains, it belongs to another scope or environment variable. Search the effective sources; do not create a second contradictory value.

Git and npm troubleshooting sequence

  1. Confirm the remote or registry URL and direct policy.
  2. Inspect the exact source of the effective Git and npm proxy settings.
  3. Resolve and reach the proxy host and port once.
  4. Separate a 407 from a TLS error or destination response.
  5. Compare the two tools; one success and one failure points to client configuration.
  6. Remove obsolete values and repeat one bounded test.

For credential method differences, read username/password versus IP authentication. For timeouts, TLS, and 407 details, use the proxy error diagnostic sequence.

Security limits: never commit proxy credentials to .npmrc, .gitconfig, repository files, lockfiles, CI logs, or images. Do not disable certificate checks to pass a build. Rotate a secret immediately if it entered version control or public logs.

Choose a stable developer egress after both clients pass

Record the developer and CI locations, expected concurrent jobs, authentication model, and transfer volume. If those workflows need a consistent exclusive address for allowlists, compare the requirements with current private proxy options.