[BUG] echo used for piping values to CLI tools adds unwanted trailing newline to environment variables
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
## Bug Description
When Claude Code sets environment variables via CLI tools that read from stdin (e.g., vercel env add), it consistently uses echo to pipe the value. Since
echo appends a trailing newline (\n) by default, the stored value includes this newline character, silently corrupting API keys, tokens, and other
sensitive values.
## Reproduction
Claude Code generates commands like:
```bash
# What Claude Code does (broken)
echo "my-api-key-value" | npx vercel env add SECRET_KEY production
# Stored value: "my-api-key-value\n" ← trailing newline included
Expected Behavior
# Correct approach
printf '%s' 'my-api-key-value' | npx vercel env add SECRET_KEY production
# Stored value: "my-api-key-value" ← no trailing newline
Impact
- Affected tools: Any CLI that reads values from stdin (vercel env add, gh secret set, fly secrets set, wrangler secret put, etc.)
- Severity: High — corrupted values cause silent failures that are extremely difficult to diagnose
- Real-world example: A Firebase VAPID key (NEXT_PUBLIC_FIREBASE_VAPID_KEY) was stored with a trailing \n, causing firebase.messaging().getToken() to silently
fail. FCM push notifications were completely broken in production with no visible error. It took significant debugging effort to trace the root cause to a
two-character \n appended to the key.
- Frequency: This has occurred 10+ times across multiple projects for the same user, suggesting it is a systematic pattern in the model's behavior, not a
one-off mistake.
Suggested Fix
When generating shell commands that pipe values to stdin, prefer printf '%s' over echo:
┌────────────────────┬───────────────────────────┐
│ Current (broken) │ Correct │
├────────────────────┼───────────────────────────┤
│ echo "value" | cmd │ printf '%s' 'value' | cmd │
├────────────────────┼───────────────────────────┤
│ echo "$VAR" | cmd │ printf '%s' "$VAR" | cmd │
└────────────────────┴───────────────────────────┘
This applies broadly to any command that reads secrets/config from stdin, not just Vercel.
Environment
- Claude Code CLI
- macOS (zsh)
- Vercel CLI, but tool-agnostic issue
What Should Happen?
When piping values to CLI tools that read from stdin (e.g., vercel env add, gh secret set),
Claude Code should use printf '%s' instead of echo to avoid appending a trailing newline (\n)
to the stored value.
Current behavior (broken):
echo "my-api-key" | npx vercel env add KEY production
→ stored value: "my-api-key\n"
Expected behavior:
printf '%s' 'my-api-key' | npx vercel env add KEY production
→ stored value: "my-api-key"
Error Messages/Logs
Steps to Reproduce
- Ask Claude Code to set a Vercel environment variable, e.g.:
"Set NEXT_PUBLIC_FIREBASE_VAPID_KEY=BJZ6EkoDVPzJSIP75V1ezxaivi5SulQllbk1GtZidgacd9NXoBJ4Zmh8PhROfJ4XHJsz1hR-TRneusw5ezvYOwo on Vercel production"
- Claude Code generates:
echo "BJZ6Eko..." | npx vercel env add NEXT_PUBLIC_FIREBASE_VAPID_KEY production
- Verify the stored value:
npx vercel env pull /tmp/check.txt && grep VAPID /tmp/check.txt | od -c | tail -3
→ trailing \n is visible in the hex dump
- The value is now corrupted. In this case, Firebase getToken() silently fails
because the VAPID key contains a trailing newline.
Claude Model
Opus
Is this a regression?
No, this never worked
Last Working Version
_No response_
Claude Code Version
2.1.61
Platform
Anthropic API
Operating System
macOS
Terminal/Shell
Cursor
Additional Information
_No response_
This issue has 6 comments on GitHub. Read the full discussion on GitHub ↗