[audit] pnpm projects fail to generate SBOM and audits cannot continue #3253
Description
Describe the bug
PNPM has an issue generating SBOM files when they become very long, as it tries to serialize a single, large blob of JSON.
Internally, jf audit calls /path/to/pnpm ls --depth Infinity --json --long to gather enough information for the bill of materials.
Unfortunately NODE_OPTIONS=--max-old-space-size=8192 doesn't do the trick, and jf audit ignores the NODE_OPTIONS flag anyway.
Current behavior
Audit dies while waiting for pnpm ls --depth Infinity --json --long.
Audit reports error code 41, which again, doesn't really describe anything.
The error log contains "Error: Invalid string length", which isn't very descriptive.
Reproduction steps
Create a relatively complex NPM project and generate a pnpm-lock.yaml with PNPM.
(Hint: We are using the aws-sdk and several packages which depend on one another).
Run jf audit on your project.
Expected behavior
Audit completes; or I can generate my own SBOM and provide it as a command line switch.
JFrog CLI version
2.85.0
Operating system type and version
Ubuntu 25.04 plucky
JFrog Artifactory version
unknown
JFrog Xray version
unknown
Related
pnpm ls command and json printer
https://github.com/pnpm/pnpm/blob/6b18b795b7d4e1b9c780aaf0c49c68da0502a0b2/reviewing/list/src/index.ts#L136
https://github.com/pnpm/pnpm/blob/6b18b795b7d4e1b9c780aaf0c49c68da0502a0b2/reviewing/list/src/renderJson.ts#L50