git://behind a firewall

The Git protocol is often blocked by corporate firewalls, which becomes a problem the moment your dependency manager — NPM, Bower — wants to clone something over git:// for speed. If you can't get port 9418 opened, you can tell Git to rewrite those URLs to HTTPS instead:

git config --global url.https://.insteadOf git://

That puts a global rewrite rule in your ~/.gitconfig. Anything that tries to clone git://github.com/foo/bar.git will quietly become https://github.com/foo/bar.git — no changes needed in package.json, bower.json, or anywhere else. The git-config docs cover the full list of url.<base>.insteadOf patterns if you want finer control.

Update: May 2026

Luckily, the unauthenticated git:// protocol is mostly gone from the public web. GitHub shut it down in 2022. GitLab and the other major hosts have only ever exposed SSH and HTTPS. The protocol itself still ships with Git, so a self-hosted daemon on port 9418 can still serve repos, but anywhere you'd realistically clone from in 2026, it's not on offer. The command above is still the right fix, just for a different reason: the protocol it routes around isn't reachable anymore.

And it deserved to go! The old protocol had no encryption, no server authentication, no integrity check — anyone sitting between you and the server could rewrite the bytes on their way to your machine — code you're going to run.

If you hit fatal: remote error: The unauthenticated git protocol on port 9418 is no longer supported in a CI run or a dependency install, that's the deprecation surfacing. Run the rewrite rule and old git:// URLs in submodules, lockfiles, and Actions configs start resolving again.

Restored from the Wayback Machine after seeing it still get's hits. Update section added.