fix(mdm): resolve smoke test & go-lint

Author: shubham-stepsecurity

.github/workflows/go.yml

@@ -12,17 +12,15 @@ permissions:
 jobs:
   lint:
     name: Lint
-    runs-on: ubuntu-latest
+    runs-on: macos-latest
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-go@v5
         with:
-          go-version: "1.24"
+          go-version-file: go.mod
       - uses: golangci/golangci-lint-action@v6
         with:
           version: latest
-        env:
-          GOOS: darwin
 
   test:
     name: Test
@@ -31,7 +29,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-go@v5
         with:
-          go-version: "1.24"
+          go-version-file: go.mod
       - run: make test
 
   smoke:
@@ -42,5 +40,5 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-go@v5
         with:
-          go-version: "1.24"
+          go-version-file: go.mod
       - run: make smoke

go.mod

@@ -1,3 +1,3 @@
 module github.com/step-security/dev-machine-guard
 
-go 1.25.3
+go 1.24

internal/detector/nodescan.go

@@ -5,6 +5,7 @@ import (
 	"encoding/base64"
 	"os"
 	"path/filepath"
+	"strconv"
 	"strings"
 	"time"
 
@@ -13,7 +14,18 @@ import (
 	"github.com/step-security/dev-machine-guard/internal/progress"
 )
 
-const maxProjectScanBytes = 500 * 1024 * 1024 // 500MB total limit
+const defaultMaxProjectScanBytes = 500 * 1024 * 1024 // 500MB total limit
+
+// getMaxProjectScanBytes returns the size limit, overridable via
+// STEPSEC_MAX_NODE_SCAN_BYTES environment variable.
+func getMaxProjectScanBytes() int64 {
+	if v := os.Getenv("STEPSEC_MAX_NODE_SCAN_BYTES"); v != "" {
+		if n, err := strconv.ParseInt(v, 10, 64); err == nil && n > 0 {
+			return n
+		}
+	}
+	return defaultMaxProjectScanBytes
+}
 
 // NodeScanner performs enterprise-mode node scanning (raw output, base64 encoded).
 type NodeScanner struct {
@@ -148,10 +160,11 @@ func (s *NodeScanner) scanPnpmGlobal(ctx context.Context) (model.NodeScanResult,
 }
 
 // ScanProjects finds package.json files and runs the appropriate package manager list command.
-// Logs each found project and respects the 500MB size limit.
+// Logs each found project and respects the size limit (default 500MB, override via STEPSEC_MAX_NODE_SCAN_BYTES).
 func (s *NodeScanner) ScanProjects(ctx context.Context, searchDirs []string) []model.NodeScanResult {
 	var results []model.NodeScanResult
 	totalSize := int64(0)
+	maxBytes := getMaxProjectScanBytes()
 	count := 0
 
 	for _, dir := range searchDirs {
@@ -176,8 +189,8 @@ func (s *NodeScanner) ScanProjects(ctx context.Context, searchDirs []string) []m
 				s.log.Progress("  Reached maximum of %d projects, stopping search", maxNodeProjects)
 				return filepath.SkipAll
 			}
-			if totalSize > maxProjectScanBytes {
-				s.log.Progress("  Reached data size limit (%d bytes collected, limit: %d bytes)", totalSize, maxProjectScanBytes)
+			if totalSize > maxBytes {
+				s.log.Progress("  Reached data size limit (%d bytes collected, limit: %d bytes)", totalSize, maxBytes)
 				s.log.Progress("  Skipping remaining projects (prioritized by most recently modified)")
 				return filepath.SkipAll
 			}
@@ -196,8 +209,8 @@ func (s *NodeScanner) ScanProjects(ctx context.Context, searchDirs []string) []m
 			r := s.scanProject(ctx, projectDir)
 			resultSize := int64(len(r.RawStdoutBase64)) + int64(len(r.RawStderrBase64))
 
-			if totalSize+resultSize > maxProjectScanBytes {
-				s.log.Progress("  Reached data size limit (%d bytes collected, limit: %d bytes)", totalSize, maxProjectScanBytes)
+			if totalSize+resultSize > maxBytes {
+				s.log.Progress("  Reached data size limit (%d bytes collected, limit: %d bytes)", totalSize, maxBytes)
 				s.log.Progress("  Skipping remaining projects (prioritized by most recently modified)")
 				return filepath.SkipAll
 			}