fix(scanners): use process.exitCode instead of process.exit() after stdout.write

process.exit() terminates before pipe buffers drain, truncating output
at 64KB when piped through another Node.js process on macOS. Affects
scan-orchestrator (SARIF output) and supply-chain-recheck-cli.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

plugins/llm-security/scanners/scan-orchestrator.mjs

@@ -271,10 +271,11 @@ async function main() {
     `[deep-scan] Duration: ${totalDuration}ms\n`
   );
 
-  // Exit code based on verdict
-  if (agg.verdict === 'BLOCK') process.exit(2);
-  if (agg.verdict === 'WARNING') process.exit(1);
-  process.exit(0);
+  // Exit code based on verdict — use exitCode instead of exit() to allow
+  // stdout pipe buffers to drain fully (process.exit() truncates >64KB on macOS)
+  if (agg.verdict === 'BLOCK') process.exitCode = 2;
+  else if (agg.verdict === 'WARNING') process.exitCode = 1;
+  else process.exitCode = 0;
 }
 
 main().catch(err => {

plugins/llm-security/scanners/supply-chain-recheck-cli.mjs

@@ -32,6 +32,6 @@ result.aggregate = { risk_score: score, verdict: verd };
 
 process.stdout.write(JSON.stringify(result, null, 2) + '\n');
 
-if (verd === 'BLOCK') process.exit(2);
-if (verd === 'WARNING') process.exit(1);
-process.exit(0);
+if (verd === 'BLOCK') process.exitCode = 2;
+else if (verd === 'WARNING') process.exitCode = 1;
+else process.exitCode = 0;