This release adds 3 notable features for engineering teams evaluating rollout.
✓ No known CVEs patched in this version
Topics
Summary
AI summaryFirst public release of CVE Lite CLI — a fast, developer‑friendly vulnerability scanner for JavaScript and TypeScript projects.
Full changelog
CVE Lite CLI v1.0.2
First public release of CVE Lite CLI — a fast, developer-friendly vulnerability scanner for JavaScript and TypeScript projects.
CVE Lite CLI is built for the moment right before release, when you want a clear answer, practical remediation guidance, and a tool you can actually afford to use.
Highlights
- Fast, low-friction local developer workflow
- Practical remediation guidance instead of raw advisory dumps
- Visibility into direct vs transitive dependencies
- Prioritized fixes and a suggested fix plan
- Support for npm, pnpm, and Yarn lockfiles
- SARIF and JSON output for CI and automation
- Lightweight, security-conscious dependency footprint
- Free and easy to use
What it helps with
CVE Lite CLI scans your project dependencies for known vulnerabilities and presents the results in a way that is useful for developers, not just security dashboards. The goal is to make it easy to understand what matters, what to fix first, and where the risk is coming from.
Typical use cases
- Local checks before shipping a release
- CI validation in pull requests or pipelines
- Quick security reviews of JavaScript and TypeScript projects
- Exporting findings for automation or security workflows
Feedback
This is the first public release, and feedback is very welcome.
Please open an issue if you find bugs, have feature requests, or want to suggest improvements.
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About OWASP/cve-lite-cli
All releases →Related context
Related tools
Beta — feedback welcome: [email protected]