d642203991
process.exit() terminates before pipe buffers drain, truncating output at 64KB when piped through another Node.js process on macOS. Affects scan-orchestrator (SARIF output) and supply-chain-recheck-cli. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
37 lines
1.2 KiB
JavaScript
37 lines
1.2 KiB
JavaScript
#!/usr/bin/env node
|
|
// CLI wrapper for supply-chain-recheck scanner
|
|
// Usage: node supply-chain-recheck-cli.mjs <target-path>
|
|
// Outputs JSON to stdout. Exit codes: 0=ok, 1=warning, 2=block, 3=error
|
|
|
|
import { resolve } from 'node:path';
|
|
import { existsSync } from 'node:fs';
|
|
import { resetCounter } from './lib/output.mjs';
|
|
import { scan } from './supply-chain-recheck.mjs';
|
|
import { riskScore, verdict } from './lib/severity.mjs';
|
|
|
|
const target = process.argv[2];
|
|
if (!target) {
|
|
console.error('Usage: node supply-chain-recheck-cli.mjs <target-path>');
|
|
process.exit(3);
|
|
}
|
|
|
|
const targetPath = resolve(target);
|
|
if (!existsSync(targetPath)) {
|
|
console.error(`Target path does not exist: ${targetPath}`);
|
|
process.exit(3);
|
|
}
|
|
|
|
resetCounter();
|
|
const result = await scan(targetPath, { files: [] });
|
|
|
|
// Add aggregate info matching orchestrator format
|
|
const counts = result.counts;
|
|
const score = riskScore(counts);
|
|
const verd = verdict(counts);
|
|
result.aggregate = { risk_score: score, verdict: verd };
|
|
|
|
process.stdout.write(JSON.stringify(result, null, 2) + '\n');
|
|
|
|
if (verd === 'BLOCK') process.exitCode = 2;
|
|
else if (verd === 'WARNING') process.exitCode = 1;
|
|
else process.exitCode = 0;
|