varlock version
0.1.4
Steps to reproduce
- Launch a process via varlock:
varlock run -- node supervisor.js
- Inside
supervisor.js (or a shell script spawned by it), call varlock again:
varlock run --path ~/.config/ -- sh -c 'echo $MY_VAR'
- The nested
varlock run fails:
Error: Cannot find module '/home/user/run'
What is expected?
Nested varlock run calls should work correctly regardless of how the parent process was launched.
What is actually happening?
The initial varlock run sets PKG_EXECPATH=/path/to/varlock in the child process environment. This is a Node.js SEA (Single Executable Application) convention — when set, it tells Node.js that the binary was packaged as a single executable.
When a nested varlock run is invoked, the varlock binary (which is a Node.js SEA) sees PKG_EXECPATH already set and misinterprets its own argv. Instead of treating run as a subcommand, it tries to resolve it as a Node module path relative to the working directory, producing:
Error: Cannot find module '/home/user/run'
Workaround
Unset PKG_EXECPATH before any nested varlock call:
unset PKG_EXECPATH
varlock run --path ~/.config/ -- node worker.js
Suggested fix
varlock should unset PKG_EXECPATH (or delete it from process.env) early in its own startup, before argument parsing. The binary knows it is a SEA — it does not need this env var to persist, and it should not leak it to child processes.
Alternatively, varlock could strip PKG_EXECPATH from the child process environment in varlock run so it does not propagate.
System Info
- OS: Ubuntu 24.04 (aarch64)
- Node: v22.14.0 (embedded in varlock SEA)
- varlock: 0.1.4
- Install:
~/.varlock/bin/varlock
Context
Discovered in a long-running supervisor process launched via varlock run -- node supervisor.js. When the supervisor spawns helper scripts that also invoke varlock run to probe for configured secrets, all nested varlock calls fail silently (stderr is suppressed with 2>/dev/null in production), causing downstream processes to never start.
varlock version
0.1.4
Steps to reproduce
supervisor.js(or a shell script spawned by it), call varlock again:varlock runfails:What is expected?
Nested
varlock runcalls should work correctly regardless of how the parent process was launched.What is actually happening?
The initial
varlock runsetsPKG_EXECPATH=/path/to/varlockin the child process environment. This is a Node.js SEA (Single Executable Application) convention — when set, it tells Node.js that the binary was packaged as a single executable.When a nested
varlock runis invoked, the varlock binary (which is a Node.js SEA) seesPKG_EXECPATHalready set and misinterprets its ownargv. Instead of treatingrunas a subcommand, it tries to resolve it as a Node module path relative to the working directory, producing:Workaround
Unset
PKG_EXECPATHbefore any nested varlock call:Suggested fix
varlock should
unset PKG_EXECPATH(or delete it fromprocess.env) early in its own startup, before argument parsing. The binary knows it is a SEA — it does not need this env var to persist, and it should not leak it to child processes.Alternatively, varlock could strip
PKG_EXECPATHfrom the child process environment invarlock runso it does not propagate.System Info
~/.varlock/bin/varlockContext
Discovered in a long-running supervisor process launched via
varlock run -- node supervisor.js. When the supervisor spawns helper scripts that also invokevarlock runto probe for configured secrets, all nested varlock calls fail silently (stderr is suppressed with2>/dev/nullin production), causing downstream processes to never start.