For most operating system there is a system trust store to keep the root CA certificates. In Linux that is managed by OpenSSL; in macOS it’s Keychain; in Windows it’s the system trust store managed by CertMgr. In many corporation, the system trust stores of computers are managed by Group Policy or some similar product. This way new root certificate can be deployed by administrator centrally. Currently if I want NPM to trust internal Git source with HTTPS protocol, I need the
cafile option, and I need to duplicate the eitire trust store because this option overrides default trust store. It would be awesome if NPM automatically trust the root CA certificates in system trust store.
I found a related topic in support forum, so I think this is a common use-case.