Pete,
To complement Ann’s advice, you might want to look into a certificate from a provider like LetsEncrypt like one user recently did. (See: SonarQube Azure DevOps issue (Tasks missing, deprecated task error))
You might also try running
npm config set strict-ssl false
Both using self-signed certs and turning off strict SSL come with their own security risks, but it might remain an option.
Colin