@trustify-da/trustify-da-javascript-client 0.2.4-ea-1

package/dist/src/providers/python_pip.js

@@ -0,0 +1,227 @@
+import fs from 'node:fs';
+import { EOL } from 'os';
+import { PackageURL } from 'packageurl-js';
+import Sbom from '../sbom.js';
+import { environmentVariableIsPopulated, getCustom, getCustomPath, invokeCommand } from "../tools.js";
+import Python_controller from './python_controller.js';
+export default { isSupported, validateLockFile, provideComponent, provideStack };
+/** @typedef {{name: string, version: string, dependencies: DependencyEntry[]}} DependencyEntry */
+/**
+ * @type {string} ecosystem for python-pip is 'pip'
+ * @private
+ */
+const ecosystem = 'pip';
+/**
+ * @param {string} manifestName - the subject manifest name-type
+ * @returns {boolean} - return true if `requirements.txt` is the manifest name-type
+ */
+function isSupported(manifestName) {
+    return 'requirements.txt' === manifestName;
+}
+/**
+ * @param {string} manifestDir - the directory where the manifest lies
+ */
+function validateLockFile() { return true; }
+/**
+ * Provide content and content type for python-pip stack analysis.
+ * @param {string} manifest - the manifest path or name
+ * @param {{}} [opts={}] - optional various options to pass along the application
+ * @returns {Provided}
+ */
+function provideStack(manifest, opts = {}) {
+    return {
+        ecosystem,
+        content: createSbomStackAnalysis(manifest, opts),
+        contentType: 'application/vnd.cyclonedx+json'
+    };
+}
+/**
+ * Provide content and content type for python-pip component analysis.
+ * @param {string} manifest - path to requirements.txt for component report
+ * @param {{}} [opts={}] - optional various options to pass along the application
+ * @returns {Provided}
+ */
+function provideComponent(manifest, opts = {}) {
+    return {
+        ecosystem,
+        content: getSbomForComponentAnalysis(manifest, opts),
+        contentType: 'application/vnd.cyclonedx+json'
+    };
+}
+/** @typedef {{name: string, , version: string, dependencies: DependencyEntry[]}} DependencyEntry */
+/**
+ *
+ * @param {PackageURL}source
+ * @param {DependencyEntry} dep
+ * @param {Sbom} sbom
+ * @private
+ */
+function addAllDependencies(source, dep, sbom) {
+    let targetPurl = toPurl(dep["name"], dep["version"]);
+    sbom.addDependency(source, targetPurl);
+    let directDeps = dep["dependencies"];
+    if (directDeps !== undefined && directDeps.length > 0) {
+        directDeps.forEach((dependency) => { addAllDependencies(toPurl(dep["name"], dep["version"]), dependency, sbom); });
+    }
+}
+/**
+ *
+ * @param nameVersion
+ * @return {string}
+ */
+function splitToNameVersion(nameVersion) {
+    let result = [];
+    if (nameVersion.includes("==")) {
+        return nameVersion.split("==");
+    }
+    const regex = /[^\w\s-_]/g;
+    let endIndex = nameVersion.search(regex);
+    if (endIndex === -1) {
+        return [nameVersion.trim()];
+    }
+    result.push(nameVersion.substring(0, endIndex).trim());
+    return result;
+}
+/**
+ *
+ * @param {string} requirementTxtContent
+ * @return {PackageURL []}
+ */
+function getIgnoredDependencies(requirementTxtContent) {
+    let requirementsLines = requirementTxtContent.split(EOL);
+    return requirementsLines
+        .filter(line => line.includes("#exhortignore") || line.includes("# exhortignore"))
+        .map((line) => line.substring(0, line.indexOf("#")).trim())
+        .map((name) => {
+        let nameVersion = splitToNameVersion(name);
+        if (nameVersion.length === 2) {
+            return toPurl(nameVersion[0], nameVersion[1]);
+        }
+        return toPurl(nameVersion[0], undefined);
+    });
+}
+/**
+ *
+ * @param {string} requirementTxtContent content of requirments.txt in string
+ * @param {Sbom} sbom object to filter out from it exhortignore dependencies.
+ * @param {{Object}} opts - various options and settings for the application
+ * @private
+ */
+function handleIgnoredDependencies(requirementTxtContent, sbom, opts = {}) {
+    let ignoredDeps = getIgnoredDependencies(requirementTxtContent);
+    let matchManifestVersions = getCustom("MATCH_MANIFEST_VERSIONS", "true", opts);
+    if (matchManifestVersions === "true") {
+        const ignoredDepsVersion = ignoredDeps.filter(dep => dep.version !== undefined);
+        sbom.filterIgnoredDepsIncludingVersion(ignoredDepsVersion.map(dep => dep.toString()));
+    }
+    else {
+        // in case of version mismatch, need to parse the name of package from the purl, and remove the package name from sbom according to name only
+        // without version
+        sbom.filterIgnoredDeps(ignoredDeps);
+    }
+}
+/** get python and pip binaries, python3/pip3 get precedence if exists on the system path
+ * @param {object}binaries
+ * @param {{}} [opts={}]
+ */
+function getPythonPipBinaries(binaries, opts) {
+    let python = getCustomPath("python3", opts);
+    let pip = getCustomPath("pip3", opts);
+    try {
+        invokeCommand(python, ['--version']);
+        invokeCommand(pip, ['--version']);
+    }
+    catch (error) {
+        python = getCustomPath("python", opts);
+        pip = getCustomPath("pip", opts);
+        try {
+            invokeCommand(python, ['--version']);
+            invokeCommand(pip, ['--version']);
+        }
+        catch (error) {
+            throw new Error(`Failed checking for python/pip binaries from supplied environment variables`, { cause: error });
+        }
+    }
+    binaries.pip = pip;
+    binaries.python = python;
+}
+/**
+ *
+ * @param binaries
+ * @param opts
+ * @return {string}
+ * @private
+ */
+function handlePythonEnvironment(binaries, opts) {
+    let createVirtualPythonEnv;
+    if (!environmentVariableIsPopulated("TRUSTIFY_DA_PIP_SHOW") && !environmentVariableIsPopulated("TRUSTIFY_DA_PIP_FREEZE")) {
+        getPythonPipBinaries(binaries, opts);
+        createVirtualPythonEnv = getCustom("TRUSTIFY_DA_PYTHON_VIRTUAL_ENV", "false", opts);
+    }
+    // bypass invoking python and pip, as we get all information needed to build the dependency tree from these Environment variables.
+    else {
+        binaries.pip = "pip";
+        binaries.python = "python";
+        createVirtualPythonEnv = "false";
+    }
+    return createVirtualPythonEnv;
+}
+const DEFAULT_PIP_ROOT_COMPONENT_NAME = "default-pip-root";
+const DEFAULT_PIP_ROOT_COMPONENT_VERSION = "0.0.0";
+/**
+ * Create sbom json string out of a manifest path for stack analysis.
+ * @param {string} manifest - path for requirements.txt
+ * @param {{}} [opts={}] - optional various options to pass along the application
+ * @returns {string} the sbom json string content
+ * @private
+ */
+function createSbomStackAnalysis(manifest, opts = {}) {
+    let binaries = {};
+    let createVirtualPythonEnv = handlePythonEnvironment(binaries, opts);
+    let pythonController = new Python_controller(createVirtualPythonEnv === "false", binaries.pip, binaries.python, manifest, opts);
+    let dependencies = pythonController.getDependencies(true);
+    let sbom = new Sbom();
+    const rootPurl = toPurl(DEFAULT_PIP_ROOT_COMPONENT_NAME, DEFAULT_PIP_ROOT_COMPONENT_VERSION);
+    sbom.addRoot(rootPurl);
+    dependencies.forEach(dep => {
+        addAllDependencies(rootPurl, dep, sbom);
+    });
+    let requirementTxtContent = fs.readFileSync(manifest).toString();
+    handleIgnoredDependencies(requirementTxtContent, sbom, opts);
+    // In python there is no root component, then we must remove the dummy root we added, so the sbom json will be accepted by exhort backend
+    // sbom.removeRootComponent()
+    return sbom.getAsJsonString(opts);
+}
+/**
+ * Create a sbom json string out of a manifest content for component analysis
+ * @param {string} manifest - path to requirements.txt
+ * @param {{}} [opts={}] - optional various options to pass along the application
+ * @returns {string} the sbom json string content
+ * @private
+ */
+function getSbomForComponentAnalysis(manifest, opts = {}) {
+    let binaries = {};
+    let createVirtualPythonEnv = handlePythonEnvironment(binaries, opts);
+    let pythonController = new Python_controller(createVirtualPythonEnv === "false", binaries.pip, binaries.python, manifest, opts);
+    let dependencies = pythonController.getDependencies(false);
+    let sbom = new Sbom();
+    const rootPurl = toPurl(DEFAULT_PIP_ROOT_COMPONENT_NAME, DEFAULT_PIP_ROOT_COMPONENT_VERSION);
+    sbom.addRoot(rootPurl);
+    dependencies.forEach(dep => {
+        sbom.addDependency(rootPurl, toPurl(dep.name, dep.version));
+    });
+    let requirementTxtContent = fs.readFileSync(manifest).toString();
+    handleIgnoredDependencies(requirementTxtContent, sbom, opts);
+    // In python there is no root component, then we must remove the dummy root we added, so the sbom json will be accepted by exhort backend
+    // sbom.removeRootComponent()
+    return sbom.getAsJsonString(opts);
+}
+/**
+ * Returns a PackageUrl For pip dependencies
+ * @param name
+ * @param version
+ * @return {PackageURL}
+ */
+function toPurl(name, version) {
+    return new PackageURL('pypi', undefined, name, version, undefined, undefined);
+}

package/dist/src/sbom.d.ts

@@ -0,0 +1,59 @@
+export default class Sbom {
+    sbomModel: CycloneDxSbom;
+    /**
+     * @param {PackageURL} root - add main/root component for sbom
+     * @return Sbom
+     */
+    addRoot(root: PackageURL): CycloneDxSbom;
+    /**
+     * @return {{{"bom-ref": string, name, purl: string, type, version}}} root component of sbom.
+     */
+    getRoot(): {};
+    /**
+     * This method gets an array of dependencies to be ignored, and remove all of them from sbom
+     * @param {Array} dependencies to be removed from sbom
+     * @return {Sbom} without ignored dependencies
+     */
+    filterIgnoredDeps(deps: any): Sbom;
+    /**
+     * This method gets an array of dependencies with versions( purl string format) to be ignored, and remove all of them from CycloneDx Sbom
+     * @param {Array} dependencies to be removed from sbom
+     * @return {CycloneDxSbom} without ignored dependencies
+     */
+    filterIgnoredDepsIncludingVersion(deps: any): CycloneDxSbom;
+    /**
+     * @param {component} sourceRef current source Component ( Starting from root component by clients)
+     * @param {PackageURL} targetRef current dependency to add to Dependencies list of component sourceRef
+     * @return Sbom
+     */
+    addDependency(sourceRef: component, targetRef: PackageURL, scope: any): CycloneDxSbom;
+    /**
+     * @return String sbom json in a string format
+     */
+    getAsJsonString(opts?: {}): string;
+    /**
+     * This method gets a PackageUrl, and returns a Component of Sbom
+     * @param purl {PackageURL}
+     * @return component
+     */
+    purlToComponent(purl: PackageURL): {
+        "bom-ref": string;
+        name: any;
+        purl: string;
+        type: any;
+        version: any;
+        scope: any;
+    };
+    /** This method gets a component object, and a string name, and checks if the name is a substring of the component' purl.
+     * @param {} component to search in its dependencies
+     * @param {String} name to be checked.
+     *
+     * @return {boolean}
+     */
+    checkIfPackageInsideDependsOnList(component: any, name: string): boolean;
+    /** Removes the root component from the sbom
+     */
+    removeRootComponent(): void;
+    #private;
+}
+import CycloneDxSbom from "./cyclone_dx_sbom.js";

package/dist/src/sbom.js

@@ -0,0 +1,84 @@
+import CycloneDxSbom from "./cyclone_dx_sbom.js";
+export default class Sbom {
+    sbomModel;
+    #startTime;
+    #endTime;
+    constructor() {
+        if (process.env["TRUSTIFY_DA_DEBUG"] === "true") {
+            this.#startTime = new Date();
+            console.log("Starting time to create sbom = " + this.#startTime);
+        }
+        this.sbomModel = new CycloneDxSbom();
+    }
+    /**
+     * @param {PackageURL} root - add main/root component for sbom
+     * @return Sbom
+     */
+    addRoot(root) {
+        return this.sbomModel.addRoot(root);
+    }
+    /**
+     * @return {{{"bom-ref": string, name, purl: string, type, version}}} root component of sbom.
+     */
+    getRoot() {
+        return this.sbomModel.getRoot();
+    }
+    /**
+     * This method gets an array of dependencies to be ignored, and remove all of them from sbom
+     * @param {Array} dependencies to be removed from sbom
+     * @return {Sbom} without ignored dependencies
+     */
+    filterIgnoredDeps(deps) {
+        return this.sbomModel.filterIgnoredDeps(deps);
+    }
+    /**
+     * This method gets an array of dependencies with versions( purl string format) to be ignored, and remove all of them from CycloneDx Sbom
+     * @param {Array} dependencies to be removed from sbom
+     * @return {CycloneDxSbom} without ignored dependencies
+     */
+    filterIgnoredDepsIncludingVersion(deps) {
+        return this.sbomModel.filterIgnoredDepsIncludingVersion(deps);
+    }
+    /**
+     * @param {component} sourceRef current source Component ( Starting from root component by clients)
+     * @param {PackageURL} targetRef current dependency to add to Dependencies list of component sourceRef
+     * @return Sbom
+     */
+    addDependency(sourceRef, targetRef, scope) {
+        return this.sbomModel.addDependency(sourceRef, targetRef, scope);
+    }
+    /**
+     * @return String sbom json in a string format
+     */
+    getAsJsonString(opts = {}) {
+        if (process.env["TRUSTIFY_DA_DEBUG"] === "true") {
+            this.#endTime = new Date();
+            console.log("Ending time to create sbom = " + this.#endTime);
+            let time = (this.#endTime - this.#startTime) / 1000;
+            console.log("Total time in seconds to create sbom = " + time);
+        }
+        return this.sbomModel.getAsJsonString(opts);
+    }
+    /**
+     * This method gets a PackageUrl, and returns a Component of Sbom
+     * @param purl {PackageURL}
+     * @return component
+     */
+    purlToComponent(purl) {
+        return this.sbomModel.purlToComponent(purl);
+    }
+    /** This method gets a component object, and a string name, and checks if the name is a substring of the component' purl.
+     * @param {} component to search in its dependencies
+     * @param {String} name to be checked.
+     *
+     * @return {boolean}
+     */
+    checkIfPackageInsideDependsOnList(component, name) {
+        return this.sbomModel.checkIfPackageInsideDependsOnList(component, name);
+    }
+    /** Removes the root component from the sbom
+     */
+    removeRootComponent() {
+        return this.sbomModel.removeRootComponent();
+    }
+}

package/dist/src/tools.d.ts

@@ -0,0 +1,74 @@
+/// <reference types="node" />
+/// <reference types="packageurl-js/src/package-url" />
+/**
+ *
+ * @param {string} key to log its value from environment variables and from opts, if it exists
+ * @param {{}} [opts={}] different options of application, if key in it, log it.
+ * @param {string }defValue default value of key in case there is no option and environment variable values for key
+ */
+export function logValueFromObjects(key: string, opts?: {} | undefined, defValue: string): void;
+/**
+ * Utility function will return the value for key from the environment variables,
+ * if not present will return the value for key from the opts objects only if it's a string,
+ * if not present, or not string will return the default value supplied which default to null.
+ * @param {string} key the key to look for in the environment variables and the opts object
+ * @param {string|null} [def=null] the value to return if nothing else found
+ * @param {{}} [opts={}] the options object to look for the key in if not found in environment
+ * @returns {string|null} the value of the key found in the environment, options object, or the
+ * 		default supplied
+ */
+export function getCustom(key: string, def?: string | null | undefined, opts?: {} | undefined): string | null;
+/**
+ * Utility function for looking up custom variable for a binary path.
+ * Will look in the environment variables (1) or in opts (2) for a key with TRUSTIFY_DA_x_PATH, x is an
+ * uppercase version of passed name to look for. The name will also be returned if nothing else was
+ * found.
+ * @param name the binary name to look for, will be returned as value in nothing else found
+ * @param {{}} [opts={}] the options object to look for the key in if not found in environment
+ * @returns {string|null} the value of the key found in the environment, options object, or the
+ * 		original name supplied
+ */
+export function getCustomPath(name: any, opts?: {} | undefined): string | null;
+/**
+ * Utility function for determining whether wrappers for build tools such as gradlew/mvnw should be
+ * preferred over invoking the binary directly.
+ * @param {string} name - binary for which to search for its wrapper
+ * @param {{}} opts - the options object to look for the key in if not found in environment
+ * @returns {boolean} whether to prefer the wrapper if exists or not
+ */
+export function getWrapperPreference(name: string, opts?: {}): boolean;
+export function environmentVariableIsPopulated(envVariableName: any): boolean;
+/**
+ * Utility function for handling spaces in paths on Windows
+ * @param {string} path - path to be checked if contains spaces
+ * @return {string} a path with all spaces escaped or manipulated so it will be able to be part
+ *                  of commands that will be invoked without errors in os' shell.
+ */
+export function handleSpacesInPath(path: string): string;
+/**
+ * Utility function for creating Purl String
+ * @param name the name of the artifact, can include a namespace(group) or not - namespace/artifactName.
+ * @param version the version of the artifact
+ * @returns {PackageURL|null} PackageUrl Object ready to be used in SBOM
+ */
+export function toPurl(type: any, name: any, version: any): PackageURL | null;
+/**
+ * Utility function for creating Purl Object from a Purl String
+ * @param strPurl the Purl String
+ * @returns {PackageURL|null} PackageUrl Object ready to be used in SBOM
+ */
+export function toPurlFromString(strPurl: any): PackageURL | null;
+/**
+ *
+ * @param {string} cwd - directory for which to find the root of the git repository.
+ */
+export function getGitRootDir(cwd: string): string | undefined;
+/** this method invokes command string in a process in a synchronous way.
+ * @param {string} bin - the command to be invoked
+ * @param {Array<string>} args - the args to pass to the binary
+ * @param {import('child_process').ExecFileOptionsWithStringEncoding} [opts={}]
+ * @returns {string}
+ */
+export function invokeCommand(bin: string, args: Array<string>, opts?: import("child_process").ExecFileOptionsWithStringEncoding | undefined): string;
+export const RegexNotToBeLogged: RegExp;
+import { PackageURL } from "packageurl-js";

package/dist/src/tools.js

@@ -0,0 +1,159 @@
+import { execFileSync } from "child_process";
+import { EOL } from "os";
+import { PackageURL } from "packageurl-js";
+export const RegexNotToBeLogged = /TRUSTIFY_DA_.*_TOKEN|ex-.*-token/;
+/**
+ *
+ * @param {string} key to log its value from environment variables and from opts, if it exists
+ * @param {{}} [opts={}] different options of application, if key in it, log it.
+ * @param {string }defValue default value of key in case there is no option and environment variable values for key
+ */
+export function logValueFromObjects(key, opts, defValue) {
+    if (key in opts) {
+        console.log(`value of option with key ${key} = ${opts[key]} ${EOL}`);
+    }
+    else {
+        console.log(`key ${key} doesn't exists on opts object ${EOL}`);
+    }
+    if (key in process.env) {
+        console.log(`value of environment variable ${key} = ${process.env[key]} ${EOL}`);
+    }
+    else {
+        console.log(`environment variable ${key} doesn't exists ${EOL}`);
+    }
+    console.log(`default value for ${key} = ${defValue} ${EOL}`);
+}
+/**
+ * Utility function will return the value for key from the environment variables,
+ * if not present will return the value for key from the opts objects only if it's a string,
+ * if not present, or not string will return the default value supplied which default to null.
+ * @param {string} key the key to look for in the environment variables and the opts object
+ * @param {string|null} [def=null] the value to return if nothing else found
+ * @param {{}} [opts={}] the options object to look for the key in if not found in environment
+ * @returns {string|null} the value of the key found in the environment, options object, or the
+ * 		default supplied
+ */
+export function getCustom(key, def = null, opts = {}) {
+    if (process.env["TRUSTIFY_DA_DEBUG"] === "true" && !key.match(RegexNotToBeLogged)) {
+        logValueFromObjects(key, opts, def);
+    }
+    return key in process.env ? process.env[key] : key in opts && typeof opts[key] === 'string' ? opts[key] : def;
+}
+/**
+ * Utility function for looking up custom variable for a binary path.
+ * Will look in the environment variables (1) or in opts (2) for a key with TRUSTIFY_DA_x_PATH, x is an
+ * uppercase version of passed name to look for. The name will also be returned if nothing else was
+ * found.
+ * @param name the binary name to look for, will be returned as value in nothing else found
+ * @param {{}} [opts={}] the options object to look for the key in if not found in environment
+ * @returns {string|null} the value of the key found in the environment, options object, or the
+ * 		original name supplied
+ */
+export function getCustomPath(name, opts = {}) {
+    return getCustom(`TRUSTIFY_DA_${name.toUpperCase()}_PATH`, name, opts);
+}
+/**
+ * Utility function for determining whether wrappers for build tools such as gradlew/mvnw should be
+ * preferred over invoking the binary directly.
+ * @param {string} name - binary for which to search for its wrapper
+ * @param {{}} opts - the options object to look for the key in if not found in environment
+ * @returns {boolean} whether to prefer the wrapper if exists or not
+ */
+export function getWrapperPreference(name, opts = {}) {
+    return getCustom(`TRUSTIFY_DA_PREFER_${name.toUpperCase()}W`, 'true', opts) === 'true';
+}
+export function environmentVariableIsPopulated(envVariableName) {
+    return envVariableName in process.env && process.env[envVariableName].trim() !== "";
+}
+/**
+ * Utility function for handling spaces in paths on Windows
+ * @param {string} path - path to be checked if contains spaces
+ * @return {string} a path with all spaces escaped or manipulated so it will be able to be part
+ *                  of commands that will be invoked without errors in os' shell.
+ */
+export function handleSpacesInPath(path) {
+    let transformedPath = path;
+    // if operating system is windows
+    if (hasSpaces(path)) {
+        transformedPath = `"${path}"`;
+    }
+    return transformedPath;
+}
+/**
+ *
+ * @param {string} path the path to check if contains spaces
+ * @return {boolean} returns true if path contains spaces
+ * @private
+ */
+function hasSpaces(path) {
+    return path.trim().includes(" ");
+}
+/**
+ * Utility function for creating Purl String
+ * @param name the name of the artifact, can include a namespace(group) or not - namespace/artifactName.
+ * @param version the version of the artifact
+ * @returns {PackageURL|null} PackageUrl Object ready to be used in SBOM
+ */
+export function toPurl(type, name, version) {
+    let parts = name.split("/");
+    var purlNs, purlName;
+    if (parts.length === 2) {
+        purlNs = parts[0];
+        purlName = parts[1];
+    }
+    else {
+        purlName = parts[0];
+    }
+    return new PackageURL(type, purlNs, purlName, version, undefined, undefined);
+}
+/**
+ * Utility function for creating Purl Object from a Purl String
+ * @param strPurl the Purl String
+ * @returns {PackageURL|null} PackageUrl Object ready to be used in SBOM
+ */
+export function toPurlFromString(strPurl) {
+    return PackageURL.fromString(strPurl);
+}
+/**
+ *
+ * @param {string} cwd - directory for which to find the root of the git repository.
+ */
+export function getGitRootDir(cwd) {
+    try {
+        const root = invokeCommand('git', ['rev-parse', '--show-toplevel'], { cwd: cwd });
+        return root.toString().trim();
+    }
+    catch (error) {
+        return undefined;
+    }
+}
+/** this method invokes command string in a process in a synchronous way.
+ * @param {string} bin - the command to be invoked
+ * @param {Array<string>} args - the args to pass to the binary
+ * @param {import('child_process').ExecFileOptionsWithStringEncoding} [opts={}]
+ * @returns {string}
+ */
+export function invokeCommand(bin, args, opts = {}) {
+    // .bat and .cmd files can't be executed in windows with execFileSync without {shell: true}, so we
+    // special case them here to keep the amount of escaping we need to do to a minimum.
+    // https://nodejs.org/docs/latest-v20.x/api/child_process.html#spawning-bat-and-cmd-files-on-windows
+    // https://github.com/nodejs/node/issues/52681#issuecomment-2076426887
+    if (process.platform === 'win32') {
+        opts = { ...opts, shell: true };
+        args = args.map(arg => handleSpacesInPath(arg));
+        bin = handleSpacesInPath(bin);
+    }
+    opts = {
+        ...opts,
+        env: {
+            ...process.env,
+            PATH: process.env.PATH
+        }
+    };
+    // Add maxBuffer option to handle large outputs
+    opts = {
+        ...opts,
+        maxBuffer: 10 * 1024 * 1024 // 10MB buffer
+    };
+    return execFileSync(bin, args, { ...{ stdio: 'pipe', encoding: 'utf-8' }, ...opts });
+}