Invalid SC2016 for xargs sh -c '$PWD'

[tioteath]

For bugs

• Rule Id (if any, e.g. SC1000): SC2016
• My shellcheck version (shellcheck --version or 'online'): online
• [x] I tried on shellcheck.net and verified that this is still a problem on the latest commit
• [ ] It's not reproducible on shellcheck.net, but I think that's because it's an OS, configuration or encoding issue

For new checks and feature suggestions

• [x] shellcheck.net (i.e. the latest commit) currently gives no useful warnings about this
• [ ] I searched through https://github.com/koalaman/shellcheck/issues and didn't find anything related

Here's a snippet or screenshot that shows the problem:

#!/bin/sh

fswatch . --recursive --utc-time --one-per-batch --insensitive --allow-overflow --print0 --monitor=poll_monitor | xargs -0 -I{} --no-run-if-empty /bin/sh -c 'export ACTUAL_PWD=${PWD}'

Here's what shellcheck currently says:

Line 3  SC2016: Expressions don't expand in single quotes, use double quotes for that.

Here's what I wanted or expected to see:

Expressions get expanded in the fork of sh, hence single quotes.

[Akianonymus]

+1

[pmenzel]

Same issue with bash -c 'some bash commands'

[dimo414]

IMO this finding is correct, and should be suppressed if no variable expansion is intended. Callers could just as easily want eager variable expansion, and single-quotes + a suppression makes it clear the author intended to lazily evaluate the variables in the subprocess' environment.

There is an allowlist for commands that often expect single-quoted variables, but I worry xargs would be too heavy-handed a command to include in that list.

[nwithers-ecr]

Here is something similar that I am doing

xargs -I{} bash -c 'k3d kubeconfig get {} > $HOME/.kube/config.d/k3d-{}.yaml'

but rather than not displaying SC2016 (we can always turn it off), it seems to me these expressions should be reporting SC2086