pub const MAX_FILE_SIZE: u64 = _; // 10_485_760u64Expand description
Maximum size, in bytes, of a single file the scanner will read into memory.
cc-audit inspects untrusted third-party artifacts, so an attacker fully controls file sizes. Reading an arbitrarily large file unconditionally lets a single multi-GB file exhaust memory and OOM-kill the scan (a DoS that can fail the security gate open). Files above this cap are refused before any allocation. 10 MiB is far above any legitimate Claude Code artifact (skills, hooks, MCP configs, lockfiles) while bounding worst-case memory.
See issue #143 (CWE-400 Uncontrolled Resource Consumption, CWE-770 Allocation of Resources Without Limits).