You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
yarn sets up some environment variables (like npm_config_cache) and calls execSync. This calls the Win32 API CreateProcess and passes an environment block which is a merge of the existing environment block (i.e. from the calling process) with some additional stuff that includes npm_config_cache among others.
Environment variables in Windows are case-insensitive, but CreateProcess does not sanitize the environment block. This is a problem because if the calling process had set up NPM_CONFIG_CACHE (all caps), then yarn will just set the lowercase variant of the variable, and node will call CreateProcess which will contain the variable twice.
This breaks some tools that create dictionaries out of the environment block because they expect to run into each variable exactly once (regardless of casing).
In my case we have a nodejs script that we invoke via yarn, and the nodejs script calls a Windows build utility (msbuild) which crashes when trying to set up options for the compiler when it finds this option twice. We run into this when building in our CI in Azure DevOps pipeline, which sets up NPM_CONFIG_CACHE in the environment.
What is the current behavior?
when yarn spawns the nodejs script, it does so using an environment block that contains two copies of an environment variable, with different casing. This is illegal.
What is the expected behavior?
Yarn should sanitize the env block it passes
Steps to Reproduce
in cmd:
set NPM_CONFIG_CACHE=foobar
in package.json add this script:
"test": "echo console.log(process.env) | node -"
run yarn test and see that there are two copies of npm_config_cache in the new process environment block:
Environment
Node Version: 12.9.1
Yarn v1 Version: 1.22.4
OS and version: Windows 10 19041
The text was updated successfully, but these errors were encountered:
Bug description
yarn sets up some environment variables (like npm_config_cache) and calls execSync. This calls the Win32 API CreateProcess and passes an environment block which is a merge of the existing environment block (i.e. from the calling process) with some additional stuff that includes npm_config_cache among others.
Environment variables in Windows are case-insensitive, but CreateProcess does not sanitize the environment block. This is a problem because if the calling process had set up NPM_CONFIG_CACHE (all caps), then yarn will just set the lowercase variant of the variable, and node will call CreateProcess which will contain the variable twice.
This breaks some tools that create dictionaries out of the environment block because they expect to run into each variable exactly once (regardless of casing).
In my case we have a nodejs script that we invoke via yarn, and the nodejs script calls a Windows build utility (msbuild) which crashes when trying to set up options for the compiler when it finds this option twice. We run into this when building in our CI in Azure DevOps pipeline, which sets up NPM_CONFIG_CACHE in the environment.
Related:
Command
What is the current behavior?
when yarn spawns the nodejs script, it does so using an environment block that contains two copies of an environment variable, with different casing. This is illegal.
What is the expected behavior?
Yarn should sanitize the env block it passes
Steps to Reproduce
in cmd:
set NPM_CONFIG_CACHE=foobar
in package.json add this script:
"test": "echo console.log(process.env) | node -"
run
yarn test
and see that there are two copies of npm_config_cache in the new process environment block:Environment
1.22.4
The text was updated successfully, but these errors were encountered: