Summary
Two repos that use Yarn fail to install dependencies due to SSL/network errors when Yarn connects through the AWF Squid proxy:
| Repo |
Language |
Error |
| Inquirer.js |
Node.js |
Corepack/Yarn version mismatch + network blocking Yarn binary download |
| prettier |
JavaScript |
RequestError: write EPROTO — Yarn 4 SSL handshake fails through proxy |
Details
prettier (Yarn 4)
Yarn 4's package resolution makes HTTPS connections that fail with SSL protocol errors (EPROTO) when going through the Squid proxy. This appears to be an SSL/TLS interception issue specific to Yarn's HTTP client.
Inquirer.js (Corepack + Yarn)
Uses Corepack to download the correct Yarn version, which requires:
- Network access to download the Yarn binary (blocked)
- Writable filesystem for Corepack cache (limited in AWF container)
Impact
- 2 repos out of 98 (~2%) affected
- Both are popular, widely-used packages
- Other npm-based repos work fine — this is specific to Yarn's SSL behavior
Suggestion
Investigate whether:
- Squid's SSL bump configuration needs adjustment for Yarn's TLS connections
- The Squid CA certificate needs to be injected into Yarn/Corepack's trust store
- Specific Yarn registry domains need allowlisting (e.g.,
repo.yarnpkg.com)
Experiment Context
- gh-aw: v0.45.2, AWF: v0.19.1
- Full report: AWF Build/Test Experiment v3 (Feb 17, 2026)
Summary
Two repos that use Yarn fail to install dependencies due to SSL/network errors when Yarn connects through the AWF Squid proxy:
RequestError: write EPROTO— Yarn 4 SSL handshake fails through proxyDetails
prettier (Yarn 4)
Yarn 4's package resolution makes HTTPS connections that fail with SSL protocol errors (
EPROTO) when going through the Squid proxy. This appears to be an SSL/TLS interception issue specific to Yarn's HTTP client.Inquirer.js (Corepack + Yarn)
Uses Corepack to download the correct Yarn version, which requires:
Impact
Suggestion
Investigate whether:
repo.yarnpkg.com)Experiment Context