Skip to content

Node must de-duplicate environment variables before calling CreateProcess (and upon env.extend()) #35129

Closed
@asklar

Description

@asklar
  • Version: 12.9.1
  • Platform: x64
  • Subsystem: Windows 10

What steps will reproduce the bug?

yarn sets up some environment variables (like npm_config_cache) and calls execSync. This calls the Win32 API CreateProcess and passes an environment block which is a merge of the existing environment block (i.e. from the calling process) with some additional stuff that includes npm_config_cache among others.

Environment variables in Windows are case-insensitive, but CreateProcess does not seem to sanitize the environment block. This is a problem because if the calling process had set up NPM_CONFIG_CACHE (all caps), then yarn will just set the lowercase variant of the variable, and node will call CreateProcess which will contain the variable twice). This breaks some tools that create dictionaries out of the environment block because they expect to run into each variable exactly once (regardless of casing).

In my case we have a nodejs script that we invoke via yarn, and the nodejs script calls a Windows build utility (msbuild) which crashes when trying to set up options for the compiler when it finds this option twice. We run into this when building in our CI in Azure DevOps pipeline, which sets up NPM_CONFIG_CACHE in the environment.

Related:

How often does it reproduce? Is there a required condition?

100%

What is the expected behavior?

node should de-duplicate variables before passing them to CreateProcess

What do you see instead?

CreateProcess gets an environment block with both variables:
image

Additional information

Metadata

Metadata

Assignees

No one assigned

    Labels

    duplicateIssues and PRs that are duplicates of other issues or PRs.processIssues and PRs related to the process subsystem.windowsIssues and PRs related to the Windows platform.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions