fix: Support unset strictSSL setting

src/types.ts

@@ -22,7 +22,7 @@ export type NpmConfig = {
    */
   registry?: string;
   registries?: Registry[];
-  strictSSL?: boolean | string | null;
+  strictSSL?: boolean | null;
   packageLock?: boolean | string | null;
   packages?: { [key: string]: string | number };
   legacyPeerDeps?: boolean | string | null;

src/utils.ts

@@ -59,7 +59,6 @@ export async function setUpNpmConfig(
     fund: false,
     noproxy: 'registry.npmjs.org',
     'package-lock': false,
-    'strict-ssl': true,
     registry: getDefaultRegistry(),
     'update-notifier': false,
   };
@@ -129,9 +128,9 @@ export function getNpmConfig(runnerConfig: NpmConfigContainer) {
   if (runnerConfig.npm === undefined) {
     return {};
   }
-  const cfg: { [key: string]: string | boolean | null } = {
+  const cfg: { [key: string]: string | boolean | null | undefined } = {
     registry: runnerConfig.npm.registry || getDefaultRegistry(),
-    'strict-ssl': runnerConfig.npm.strictSSL !== false,
+    'strict-ssl': runnerConfig.npm.strictSSL,
     // Setting to false to avoid dealing with the generated file.
     'package-lock': runnerConfig.npm.packageLock === true,
     'legacy-peer-deps':

tests/unit/src/__snapshots__/utils.spec.ts.snap

@@ -111,7 +111,7 @@ exports[`utils .prepareNpmEnv should use default registry 1`] = `
     "package-lock": false,
     "registry": "https://registry.npmjs.org",
     "save": false,
-    "strict-ssl": true,
+    "strict-ssl": undefined,
     "update-notifier": false,
   },
 ]
@@ -133,7 +133,7 @@ exports[`utils .prepareNpmEnv should use env var for registry 1`] = `
     "package-lock": false,
     "registry": "npmland.io",
     "save": false,
-    "strict-ssl": true,
+    "strict-ssl": undefined,
     "update-notifier": false,
   },
 ]
@@ -179,7 +179,7 @@ exports[`utils .prepareNpmEnv should use true as the default value for strictSSL
     "package-lock": false,
     "registry": "https://registry.npmjs.org",
     "save": false,
-    "strict-ssl": true,
+    "strict-ssl": undefined,
     "update-notifier": false,
   },
 ]
@@ -201,7 +201,7 @@ exports[`utils .prepareNpmEnv should use true as the default value for strictSSL
     "package-lock": false,
     "registry": "https://registry.npmjs.org",
     "save": false,
-    "strict-ssl": true,
+    "strict-ssl": undefined,
     "update-notifier": false,
   },
 ]
@@ -223,7 +223,7 @@ exports[`utils .prepareNpmEnv should use user registry 1`] = `
     "package-lock": false,
     "registry": "registryland.io",
     "save": false,
-    "strict-ssl": true,
+    "strict-ssl": undefined,
     "update-notifier": false,
   },
 ]

tests/unit/src/utils.spec.ts

@@ -56,9 +56,9 @@ describe('utils', function () {
       expect(npmConfig).toHaveProperty('package-lock');
     });
 
-    it('should set strictSSL to true by default', function () {
+    it('should set strictSSL to undefined if not set', function () {
       const npmConfig = getNpmConfig(emptyConfig);
-      expect(npmConfig).toHaveProperty('strict-ssl', true);
+      expect(npmConfig).toHaveProperty('strict-ssl', undefined);
     });
 
     it('should set strictSSL from runner config', function () {
@@ -74,10 +74,6 @@ describe('utils', function () {
       runnerConfig.npm.strictSSL = true;
       npmConfig = getNpmConfig(runnerConfig);
       expect(npmConfig).toHaveProperty('strict-ssl', true);
-
-      runnerConfig.npm.strictSSL = 'truthy?';
-      npmConfig = getNpmConfig(runnerConfig);
-      expect(npmConfig).toHaveProperty('strict-ssl', true);
     });
 
     it('should set packageLock to false by default', function () {