[BUG] bun install fails with 503 on private GitHub Packages (sandbox proxy rejects redirect with Authorization header)
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
In the Claude Code web sandbox VM, bun install consistently fails with HTTP 503
when resolving private packages from GitHub Packages (npm.pkg.github.com).
The same bun install succeeds outside the sandbox (local machine, GitHub Actions)
with the exact same repo, lockfile, and GH_REGISTRY_TOKEN. npm install works
fine inside the sandbox. The failure is specific to Bun + the sandbox egress proxy.
Diagnosis inside the sandbox, using only curl:
A. curl -H "Authorization: Bearer $TOKEN" <metadata-url> → HTTP 200
B. curl <signed-redirect-url-from-A> → HTTP 200 (tarball downloads)
C. curl -H "Authorization: Bearer $TOKEN" <signed-redirect-url> → HTTP 503
Bun fails at step C: it reaches the signed redirect URL onpkg-npm.githubusercontent.com but still carries the Authorization header from
the original request. The sandbox proxy (cert issuerO=Anthropic; CN=sandbox-egress-production TLS Inspection CA) returns 503 for
that combination, even though the signed URL alone works fine. Outside the
sandbox this combination does not 503.
What Should Happen?
bun install should complete successfully in the Claude Code sandbox, matching
the behavior on user machines and GitHub Actions. Either:
- the egress proxy should not return 503 when a request carries both a SAS
token in the query string and an Authorization header, or
- Bun's behavior in this environment should converge with npm/curl (which
strip Authorization on cross-origin redirects and succeed).
Error Messages/Logs
$ bun install
bun install v1.3.11 (af24e281)
error: GET https://npm.pkg.github.com/download/@<scope>/<pkg>/<version>/<sha> - 503
# With a newer bun (1.3.13) the error URL is the post-redirect one:
error: GET https://pkg-npm.githubusercontent.com/npmregistryv2prod/blobs/.../<pkg>/<version>/<uuid>?se=...&sig=...&... - 503
Steps to Reproduce
- Start a Claude Code web session on any repo that consumes a private package
from GitHub Packages (@<scope>:registry=https://npm.pkg.github.com).
- Ensure
GH_REGISTRY_TOKEN(or equivalent PAT withread:packages) is set. - Configure Bun scope auth (repo-level
bunfig.tomlor global~/.bunfig.toml):
[install.scopes]
"@<scope>" = { url = "https://npm.pkg.github.com", token = "$GH_REGISTRY_TOKEN" }
- Run
bun install→ fails with HTTP 503 on the tarball redirect. - Confirm it's environment-specific:
npm install --legacy-peer-deps → succeeds
Same bun install on local / GH Actions → succeeds
- Isolate the proxy behavior with curl (no Bun involved):
REDIRECT=$(curl -sS -o /dev/null -w "%{redirect_url}" \
-H "Authorization: Bearer $GH_REGISTRY_TOKEN" \
"https://npm.pkg.github.com/download/@<scope>/<pkg>/<version>/<sha>")
curl -sS -o /dev/null -w "%{http_code}\n" "$REDIRECT"
→ 200
curl -sS -o /dev/null -w "%{http_code}\n" \
-H "Authorization: Bearer $GH_REGISTRY_TOKEN" "$REDIRECT"
→ 503 ← reproduces the 503 Bun hits
Claude Model
Opus
Is this a regression?
No, this never worked
Last Working Version
_No response_
Claude Code Version
2.1.116 (Claude Code)
Platform
Anthropic API
Operating System
Other Linux
Terminal/Shell
Non-interactive/CI environment
Additional Information
- Tested Bun versions: 1.3.11 (shipped in sandbox) and 1.3.13 (latest stable,
downloaded from GitHub releases). Both reproduce.
BUN_OPTIONS=--smolis set by the sandbox; unrelated to this bug (it breaks
bun upgrade argument parsing but not install).
- Fully reproducible workaround (requires NO Claude Code changes):
cat > ~/.npmrc <<EOF
@<scope>:registry=https://npm.pkg.github.com
//npm.pkg.github.com/:_authToken=$GH_REGISTRY_TOKEN
package-lock=false
legacy-peer-deps=true
EOF
npm install
- Suspected root cause: the sandbox egress proxy returns 503 when the same request
carries both a SAS token in the query string (GitHub's signed CDN URL) and an
Authorization: Bearer header. Bun 1.3.11/1.3.13 forwards the scope's
Authorization header across the cross-origin redirect; curl and npm strip it
and therefore succeed. Outside the sandbox the combination doesn't 503, so
users and CI never see the bug.
- Possible fixes (non-exhaustive):
(a) Don't 503 on that header combination in the egress proxy.
(b) Document this limitation and ship a ~/.npmrc + ~/.bunfig.toml
pre-populated from GH_REGISTRY_TOKEN as part of the sandbox base image.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗