From 4edee1e191a82f8be0bf0df35bd9f0442870ddb0 Mon Sep 17 00:00:00 2001
From: Geoff Seemueller <28698553+geoffsee@users.noreply.github.com>
Date: Thu, 17 Jul 2025 13:46:23 -0400
Subject: [PATCH] Potential fix for code scanning alert no. 5: Shell command
 built from environment values

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Geoff Seemueller <28698553+geoffsee@users.noreply.github.com>
---
 packages/client/scripts/generate-bevy-bundle.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/client/scripts/generate-bevy-bundle.js b/packages/client/scripts/generate-bevy-bundle.js
index b99b361..8ff4ed9 100644
--- a/packages/client/scripts/generate-bevy-bundle.js
+++ b/packages/client/scripts/generate-bevy-bundle.js
@@ -1,4 +1,4 @@
-import { execSync } from 'node:child_process';
+import { execSync, execFileSync } from 'node:child_process';
 import {
   existsSync,
   readdirSync,
@@ -175,7 +175,7 @@ function optimizeWasmSize() {
 
   if (sizeInMb > 30) {
     logger.info(`WASM size is ${sizeInMb.toFixed(2)}MB, optimizing...`);
-    execSync(`wasm-opt -Oz -o ${wasmPath} ${wasmPath}`, {
+    execFileSync('wasm-opt', ['-Oz', '-o', wasmPath, wasmPath], {
       encoding: 'utf-8',
     });
     logger.info(`✅ WASM size optimized`);