SSL Pinning

req.js

const { Agent } = require("https"),
  request = require("request");

const FINGERPRINTSET = [
  "C3:07:56:2C:08:A5:E1:2E:41:20:10:7A:02:87:86:C3:72:49:45:BF",
];

const req = request(
  {
    url: "https://www.duckduckgo.com/",
    agent: new Agent({ maxCachedSessions: 0 }), // disable caching
    strictSSL: true, // validate ssl certificate
  },
  (err, response, body) => (err ? err : body)
);

req.on("socket", (socket) => {
  socket.on("secureConnect", () => {
    const { fingerprint } = socket.getPeerCertificate();
    if (!FINGERPRINTSET.includes(fingerprint)) {
      // Abort
      req.abort();
      throw new Error("Fingerprint does not match");
    }
    // Insert logic here
    console.info("Yay, fingerprint matches");
  });
});

To get a fingerprint

echo -n | openssl s_client -connect duckduckgo.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > cert.pem
openssl x509 -noout -in cert.pem -fingerprint