Description
- Version: 12.9.1
- Platform: x64
- Subsystem: Windows 10
What steps will reproduce the bug?
yarn sets up some environment variables (like npm_config_cache) and calls execSync. This calls the Win32 API CreateProcess and passes an environment block which is a merge of the existing environment block (i.e. from the calling process) with some additional stuff that includes npm_config_cache among others.
Environment variables in Windows are case-insensitive, but CreateProcess does not seem to sanitize the environment block. This is a problem because if the calling process had set up NPM_CONFIG_CACHE (all caps), then yarn will just set the lowercase variant of the variable, and node will call CreateProcess which will contain the variable twice). This breaks some tools that create dictionaries out of the environment block because they expect to run into each variable exactly once (regardless of casing).
In my case we have a nodejs script that we invoke via yarn, and the nodejs script calls a Windows build utility (msbuild) which crashes when trying to set up options for the compiler when it finds this option twice. We run into this when building in our CI in Azure DevOps pipeline, which sets up NPM_CONFIG_CACHE in the environment.
Related:
- https://github.com/actions/virtual-environments/pull/1566/files
- MSBuild should sanitize environment block on startup dotnet/msbuild#5726
How often does it reproduce? Is there a required condition?
100%
What is the expected behavior?
node should de-duplicate variables before passing them to CreateProcess
What do you see instead?
CreateProcess gets an environment block with both variables:
