Summary
The CodeGPT extension sets process.env.NODE_ENV = 'production' and process.env.__NEXT_PRIVATE_STANDALONE_CONFIG = ... in standalone/server.js. Because all VSCode extensions share the same Extension Host process, these mutations leak into every other extension and any child processes they spawn (e.g. terminal shells, build tools).
Impact
npm install silently skips devDependencies in any shell spawned from VSCode, because npm respects NODE_ENV=production.
Any Node.js tooling that checks NODE_ENV (bundlers, test runners, linters) may behave unexpectedly.
The issue is silent — there is no error message. Users only discover it when builds fail or dependencies are missing.
Root cause
standalone/server.js, lines 6 and 35:
process.env.NODE_ENV = 'production' // line 6
process.env.__NEXT_PRIVATE_STANDALONE_CONFIG = JSON.stringify(nextConfig) // line 35
These write directly to process.env, which is global and shared across the entire Extension Host process. Once set, these values are inherited by all child processes (shells, tasks, other extensions).
Additional concern: developer machine path leak
The __NEXT_PRIVATE_STANDALONE_CONFIG value contains a hardcoded Windows path from the build environment:
"outputFileTracingRoot":"C:\Users\tomas\OneDrive\Desktop\CodeGPT\codegpt-nextjs"
This appears to be the extension developer's local machine path, baked into .next/required-server-files.json at build time and then injected into every user's process.env at runtime.
Steps to reproduce
Install CodeGPT extension (danielsanmedium.dscodegpt v3.17.20)
Restart VSCode
Open any integrated terminal or extension-spawned shell
Run echo $NODE_ENV → outputs production
Run env | grep __NEXT_PRIVATE_STANDALONE_CONFIG → outputs the config JSON with the Windows path
Verified fix
Disabling the CodeGPT extension and restarting VSCode immediately resolves the issue — both NODE_ENV and __NEXT_PRIVATE_STANDALONE_CONFIG are no longer present.
Suggested fix
Instead of mutating process.env in the Extension Host process, set environment variables only for the Next.js server's child process. For example:
// Instead of:
process.env.NODE_ENV = 'production'
// Use child_process.fork/spawn with env option:
const child = fork('./server-entry.js', {
env: { ...process.env, NODE_ENV: 'production', __NEXT_PRIVATE_STANDALONE_CONFIG: ... }
});
Alternatively, if the standalone server must run in-process, save and restore the original values:
const origNodeEnv = process.env.NODE_ENV;
const origConfig = process.env.__NEXT_PRIVATE_STANDALONE_CONFIG;
try {
process.env.NODE_ENV = 'production';
process.env.__NEXT_PRIVATE_STANDALONE_CONFIG = JSON.stringify(nextConfig);
// ... start server ...
} finally {
// Restore (or delete) after server startup
if (origNodeEnv === undefined) delete process.env.NODE_ENV;
else process.env.NODE_ENV = origNodeEnv;
// same for __NEXT_PRIVATE_STANDALONE_CONFIG
}
Environment
macOS (Darwin 25.3.0)
VSCode (Extension Host running as Electron with ELECTRON_RUN_AS_NODE=1)
CodeGPT extension: danielsanmedium.dscodegpt v3.17.20
Affected extension: Claude Code (Anthropic) — its shell commands inherit the polluted process.env
Summary
The CodeGPT extension sets process.env.NODE_ENV = 'production' and process.env.__NEXT_PRIVATE_STANDALONE_CONFIG = ... in standalone/server.js. Because all VSCode extensions share the same Extension Host process, these mutations leak into every other extension and any child processes they spawn (e.g. terminal shells, build tools).
Impact
npm install silently skips devDependencies in any shell spawned from VSCode, because npm respects NODE_ENV=production.
Any Node.js tooling that checks NODE_ENV (bundlers, test runners, linters) may behave unexpectedly.
The issue is silent — there is no error message. Users only discover it when builds fail or dependencies are missing.
Root cause
standalone/server.js, lines 6 and 35:
These write directly to process.env, which is global and shared across the entire Extension Host process. Once set, these values are inherited by all child processes (shells, tasks, other extensions).
Additional concern: developer machine path leak
The __NEXT_PRIVATE_STANDALONE_CONFIG value contains a hardcoded Windows path from the build environment:
"outputFileTracingRoot":"C:\Users\tomas\OneDrive\Desktop\CodeGPT\codegpt-nextjs"
This appears to be the extension developer's local machine path, baked into .next/required-server-files.json at build time and then injected into every user's process.env at runtime.
Steps to reproduce
Install CodeGPT extension (danielsanmedium.dscodegpt v3.17.20)
Restart VSCode
Open any integrated terminal or extension-spawned shell
Run echo $NODE_ENV → outputs production
Run env | grep __NEXT_PRIVATE_STANDALONE_CONFIG → outputs the config JSON with the Windows path
Verified fix
Disabling the CodeGPT extension and restarting VSCode immediately resolves the issue — both NODE_ENV and __NEXT_PRIVATE_STANDALONE_CONFIG are no longer present.
Suggested fix
Instead of mutating process.env in the Extension Host process, set environment variables only for the Next.js server's child process. For example:
// Instead of:
process.env.NODE_ENV = 'production'
// Use child_process.fork/spawn with env option:
const child = fork('./server-entry.js', {
env: { ...process.env, NODE_ENV: 'production', __NEXT_PRIVATE_STANDALONE_CONFIG: ... }
});
Alternatively, if the standalone server must run in-process, save and restore the original values:
const origNodeEnv = process.env.NODE_ENV;
const origConfig = process.env.__NEXT_PRIVATE_STANDALONE_CONFIG;
try {
process.env.NODE_ENV = 'production';
process.env.__NEXT_PRIVATE_STANDALONE_CONFIG = JSON.stringify(nextConfig);
// ... start server ...
} finally {
// Restore (or delete) after server startup
if (origNodeEnv === undefined) delete process.env.NODE_ENV;
else process.env.NODE_ENV = origNodeEnv;
// same for __NEXT_PRIVATE_STANDALONE_CONFIG
}
Environment
macOS (Darwin 25.3.0)
VSCode (Extension Host running as Electron with ELECTRON_RUN_AS_NODE=1)
CodeGPT extension: danielsanmedium.dscodegpt v3.17.20
Affected extension: Claude Code (Anthropic) — its shell commands inherit the polluted process.env