---
title: "Check NPM Config Strict SSL"
diataxis: reference
applies_to:
  product: "kyverno"
audience: ["platform-engineer","devsecops"]
last_updated: 2026-03-25
url: https://docs.nirmata.io/docs/policy-sets/dockerfile_best_practices/check-npm-config-strict-ssl/
---


### Description

The `NPM_CONFIG_STRICT_SSL` environment variable is used to control strict SSL certificate validation behavior in npm. This policy ensures that certificate validation isn't disabled for npm via the `NPM_CONFIG_STRICT_SSL` environmnet variable.

### Kyverno policy

Refer to the Nirmata curated policies - [check-npm-config-strict-ssl](https://github.com/nirmata/kyverno-policies/blob/main/dockerfile-best-practices/check-npm-config-strict-ssl/check-npm-config-strict-ssl.yaml).

### Resource example

Below is an example of a Dockerfile enforcing this policy.

```bash
FROM node:latest

ENV NPM_CONFIG_STRICT_SSL=false

RUN echo "Hello world"
```text