Skip to content

Can't install Node from Claude Code Remote Session #2090

New issue
New issue
Open
#2091
Open
Can't install Node from Claude Code Remote Session#2090
#2091
@wagenet

Description

@wagenet
wagenet
opened on Jan 12, 2026

Problem Summary

Volta fails to download Node.js versions when operating behind an HTTP proxy that uses JWT tokens embedded in the proxy URL for authentication. The proxy authentication format uses a JWT string as the username portion of the proxy URL (e.g., http://hostname:jwt_TOKEN@ip:port), which Volta's HTTP client appears unable to parse or utilize correctly.

Environment

  • Volta Version: 2.0.2
  • OS: Linux 4.4.0 (Docker container)
  • Environment: Claude Code remote development environment (sandboxed container)
  • Node.js: Attempting to download v24.12.0
  • Network: All outbound traffic required to go through authenticated proxy

Proxy Configuration

The environment sets standard proxy environment variables:

HTTP_PROXY=http://container_container_01LfogxyhvahjfF1k772vbVn--claude_code_remote--vapid-bare-windy-slices:jwt_eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6Iks3dlRfYUVsdXIySGdsYVJ0QWJ0UThDWDU4dFFqODZIRjJlX1VsSzZkNEEifQ.eyJpc3MiOiJhbnRocm9waWMtZWdyZXNzLWNvbnRyb2wiLCJvcmdhbml6YXRpb25fdXVpZCI6ImE5YzZjZWQwLTJjMGMtNDUwOS1iOGM3LWI3ZjFiMmZlYzZjNCIsImlhdCI6MTc2ODI1NjIwMSwiZXhwIjoxNzY4MjcwNjAxLCJhbGxvd2VkX2hvc3RzIjoibm9kZWpzLm9yZyx3d3cubm9kZWpzLm9yZyx2b2x0YS5zaCxnZXQudm9sdGEuc2gsLi4uIiwiaXNfaGlwYWFfcmVndWxhdGVkIjoiZmFsc2UiLCJpc19hbnRfaGlwaSI6ImZhbHNlIiwidXNlX2VncmVzc19nYXRld2F5IjoiZmFsc2UiLCJzZXNzaW9uX2lkIjoic2Vzc2lvbl8wMUMxdHJLb3UzYmdqMjk3QkdCUHl2Y00iLCJjb250YWluZXJfaWQiOiJjb250YWluZXJfMDFMZm9neHlodmFoamZGMWs3NzJ2YlZuLS1jbGF1ZGVfY29kZV9yZW1vdGUtLXZhcGlkLWJhcmUtd2luZHktc2xpY2VzIn0.nUenUN-SCvRl5g18SweRv83A6LOYYuncY9ww795XsTkReQa3fabGW1dAgKJDuwoMqeGGgUNAJvf9TOWFk7th6A@21.0.0.121:15004

HTTPS_PROXY=http://container_container_01LfogxyhvahjfF1k772vbVn--claude_code_remote--vapid-bare-windy-slices:jwt_eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6Iks3dlRfYUVsdXIySGdsYVJ0QWJ0UThDWDU4dFFqODZIRjJlX1VsSzZkNEEifQ.eyJpc3MiOiJhbnRocm9waWMtZWdyZXNzLWNvbnRyb2wiLCJvcmdhbml6YXRpb25fdXVpZCI6ImE5YzZjZWQwLTJjMGMtNDUwOS1iOGM3LWI3ZjFiMmZlYzZjNCIsImlhdCI6MTc2ODI1NjIwMSwiZXhwIjoxNzY4MjcwNjAxLCJhbGxvd2VkX2hvc3RzIjoibm9kZWpzLm9yZyx3d3cubm9kZWpzLm9yZyx2b2x0YS5zaCxnZXQudm9sdGEuc2gsLi4uIiwiaXNfaGlwYWFfcmVndWxhdGVkIjoiZmFsc2UiLCJpc19hbnRfaGlwaSI6ImZhbHNlIiwidXNlX2VncmVzc19nYXRld2F5IjoiZmFsc2UiLCJzZXNzaW9uX2lkIjoic2Vzc2lvbl8wMUMxdHJLb3UzYmdqMjk3QkdCUHl2Y00iLCJjb250YWluZXJfaWQiOiJjb250YWluZXJfMDFMZm9neHlodmFoamZGMWs3NzJ2YlZuLS1jbGF1ZGVfY29kZV9yZW1vdGUtLXZhcGlkLWJhcmUtd2luZHktc2xpY2VzIn0.nUenUN-SCvRl5g18SweRv83A6LOYYuncY9ww795XsTkReQa3fabGW1dAgKJDuwoMqeGGgUNAJvf9TOWFk7th6A@21.0.0.121:15004

Proxy URL Format:

http://[hostname]:[jwt_token]@[ip]:[port]

Where the JWT token (starting with jwt_) is used as the "username" portion of the proxy URL for authentication.

Expected Behavior

Volta should:

  1. Read the HTTPS_PROXY environment variable
  2. Parse the proxy URL to extract the authentication credentials (JWT token)
  3. Make an HTTPS CONNECT request to the proxy with proper authentication
  4. Successfully download Node.js from https://nodejs.org/dist/v24.12.0/node-v24.12.0-linux-x64.tar.gz

Actual Behavior

Volta fails with a proxy authentication error:

Volta error: Could not download node@24.12.0
from https://nodejs.org/dist/v24.12.0/node-v24.12.0-linux-x64.tar.gz

Please verify your internet connection and ensure the correct version is specified.

Error cause: Proxy CONNECT error: 401 Unauthorized

Error Log (~/.volta/log/volta-error-*.log):

Could not download node@24.12.0
from https://nodejs.org/dist/v24.12.0/node-v24.12.0-linux-x64.tar.gz

Please verify your internet connection and ensure the correct version is specified.

Error cause: Proxy CONNECT error: 401 Unauthorized

Error cause: Proxy CONNECT error: 401 Unauthorized

Reproduction Steps

  1. Set up an authenticated HTTP proxy that requires credentials in the URL format: http://username:password@host:port
  2. Set HTTPS_PROXY environment variable with authentication credentials
  3. Run volta install node@24.12.0
  4. Observe 401 Unauthorized error from proxy

Comparison with Other Tools

Tools that work correctly with this proxy setup:

1. curl

$ curl -I https://nodejs.org/dist/v24.12.0/node-v24.12.0-linux-x64.tar.gz
HTTP/1.1 200 OK
HTTP/2 200

✅ Successfully authenticates with proxy and reaches nodejs.org

2. pnpm

$ pnpm install
# Successfully downloads packages through the proxy

✅ Correctly handles proxy authentication

3. apt-get

$ apt-get update && apt-get install -y gh
# Successfully installs packages through the proxy

✅ Proxy authentication works

❌ Only Volta fails with this proxy configuration.

Technical Analysis

The proxy requires authentication before it will forward requests. The authentication flow is:

  1. Client (Volta) initiates HTTPS CONNECT to proxy
  2. Proxy requires authentication (extracts from proxy URL)
  3. If auth succeeds, proxy checks if destination host is in allowed list
  4. Proxy forwards request to destination

What appears to be happening:

  • Volta is not extracting or sending the JWT token from the HTTPS_PROXY URL
  • The proxy rejects the unauthenticated CONNECT request with 401
  • Volta never reaches nodejs.org

Evidence that nodejs.org is accessible:

$ curl -I https://nodejs.org/dist/v24.12.0/node-v24.12.0-linux-x64.tar.gz
HTTP/2 200
content-type: application/gzip
content-length: 56374272

The target URL is valid and accessible through the proxy when proper authentication is provided.

Additional Information

Package.json volta configuration:

{
  "volta": {
    "node": "24.12.0",
    "pnpm": "10.26.0"
  }
}

Environment variables set:

VOLTA_HOME=$HOME/.volta
PATH=$VOLTA_HOME/bin:$PATH
VOLTA_FEATURE_PNPM=1

Proxy details:

  • Proxy host: 21.0.0.121:15004
  • Authentication: JWT token in proxy URL
  • Protocol: HTTP proxy for HTTPS requests (CONNECT method)
  • The JWT token contains an allowed_hosts list that includes nodejs.org, www.nodejs.org, volta.sh, and get.volta.sh

Suggested Fix

Volta's HTTP client should:

  1. Properly parse proxy URLs that contain authentication credentials in the format http://user:pass@host:port
  2. Extract the credentials (even if they're long JWT strings)
  3. Include proper Proxy-Authorization headers when making CONNECT requests
  4. Support authentication credentials that contain special characters (like dots and underscores in JWT tokens)

Workaround

Currently, users must either:

  1. Use system-installed Node.js/pnpm instead of Volta
  2. Disable proxy requirements (not possible in secure environments)
  3. Use a different Node.js version manager that supports authenticated proxies

Impact

This issue prevents Volta from being used in:

  • Corporate environments with authenticated proxies
  • Cloud development environments (like Claude Code, GitHub Codespaces, etc.)
  • CI/CD systems behind authenticated proxies
  • Any secure/sandboxed environment that requires proxy authentication

Request

Please add support for authenticated HTTP proxies, particularly those using the standard http://username:password@host:port format, where credentials may be long strings (like JWT tokens) containing special characters.

Related Information

  • Volta correctly reads and uses HTTPS_PROXY for determining proxy host/port
  • The failure occurs specifically during proxy authentication
  • Other Rust-based tools (like cargo) handle similar proxy configurations correctly
  • This may be related to the HTTP client library used by Volta (likely reqwest or similar)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions