[BUG] echo used for piping values to CLI tools adds unwanted trailing newline to environment variables

Resolved 💬 6 comments Opened Feb 27, 2026 by morikawa2021 Closed Mar 27, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

## Bug Description

When Claude Code sets environment variables via CLI tools that read from stdin (e.g., vercel env add), it consistently uses echo to pipe the value. Since
echo appends a trailing newline (\n) by default, the stored value includes this newline character, silently corrupting API keys, tokens, and other
sensitive values.

## Reproduction

Claude Code generates commands like:

```bash
# What Claude Code does (broken)
echo "my-api-key-value" | npx vercel env add SECRET_KEY production
# Stored value: "my-api-key-value\n" ← trailing newline included

Expected Behavior

# Correct approach
printf '%s' 'my-api-key-value' | npx vercel env add SECRET_KEY production
# Stored value: "my-api-key-value" ← no trailing newline

Impact

  • Affected tools: Any CLI that reads values from stdin (vercel env add, gh secret set, fly secrets set, wrangler secret put, etc.)
  • Severity: High — corrupted values cause silent failures that are extremely difficult to diagnose
  • Real-world example: A Firebase VAPID key (NEXT_PUBLIC_FIREBASE_VAPID_KEY) was stored with a trailing \n, causing firebase.messaging().getToken() to silently

fail. FCM push notifications were completely broken in production with no visible error. It took significant debugging effort to trace the root cause to a
two-character \n appended to the key.

  • Frequency: This has occurred 10+ times across multiple projects for the same user, suggesting it is a systematic pattern in the model's behavior, not a

one-off mistake.

Suggested Fix

When generating shell commands that pipe values to stdin, prefer printf '%s' over echo:

┌────────────────────┬───────────────────────────┐
│ Current (broken) │ Correct │
├────────────────────┼───────────────────────────┤
│ echo "value" | cmd │ printf '%s' 'value' | cmd │
├────────────────────┼───────────────────────────┤
│ echo "$VAR" | cmd │ printf '%s' "$VAR" | cmd │
└────────────────────┴───────────────────────────┘

This applies broadly to any command that reads secrets/config from stdin, not just Vercel.

Environment

  • Claude Code CLI
  • macOS (zsh)
  • Vercel CLI, but tool-agnostic issue

What Should Happen?

When piping values to CLI tools that read from stdin (e.g., vercel env add, gh secret set),
Claude Code should use printf '%s' instead of echo to avoid appending a trailing newline (\n)
to the stored value.

Current behavior (broken):
echo "my-api-key" | npx vercel env add KEY production
→ stored value: "my-api-key\n"

Expected behavior:
printf '%s' 'my-api-key' | npx vercel env add KEY production
→ stored value: "my-api-key"

Error Messages/Logs

Steps to Reproduce

  1. Ask Claude Code to set a Vercel environment variable, e.g.:

"Set NEXT_PUBLIC_FIREBASE_VAPID_KEY=BJZ6EkoDVPzJSIP75V1ezxaivi5SulQllbk1GtZidgacd9NXoBJ4Zmh8PhROfJ4XHJsz1hR-TRneusw5ezvYOwo on Vercel production"

  1. Claude Code generates:

echo "BJZ6Eko..." | npx vercel env add NEXT_PUBLIC_FIREBASE_VAPID_KEY production

  1. Verify the stored value:

npx vercel env pull /tmp/check.txt && grep VAPID /tmp/check.txt | od -c | tail -3
→ trailing \n is visible in the hex dump

  1. The value is now corrupted. In this case, Firebase getToken() silently fails

because the VAPID key contains a trailing newline.

Claude Model

Opus

Is this a regression?

No, this never worked

Last Working Version

_No response_

Claude Code Version

2.1.61

Platform

Anthropic API

Operating System

macOS

Terminal/Shell

Cursor

Additional Information

_No response_

View original on GitHub ↗

This issue has 6 comments on GitHub. Read the full discussion on GitHub ↗