OWASP/cve-lite-cli

This release improves the day-to-day developer experience of CVE Lite CLI by introducing a cleaner default console view while preserving the existing detailed output behind a new --verbose flag.

Highlights

• Added a calmer, summary-first default CLI output for faster triage
• Added --verbose mode for full detailed output, including:
  • detailed findings table
  • dependency paths
  • suggested fix plan
  • richer scan context for CI logs
• Improved output readability and visual hierarchy in the terminal
• Updated the README with:
  • refreshed branding assets
  • improved workflow diagram
  • OWASP Juice Shop example
  • clearer guidance for default vs verbose usage

Why this release matters

CVE Lite CLI is built for the moment right before release, when developers want a clear answer and a practical next step without the overhead of a larger platform.

This release makes that workflow easier by default:

• cleaner local output for fast human review
• fuller verbose output when deeper investigation or CI context is needed

Usage

Default summary-first output:

cve-lite .

Full detailed output:

cve-lite . --verbose

Recommended for CI:

cve-lite . --verbose --fail-on high

Scope reminder

CVE Lite CLI remains intentionally focused on JavaScript and TypeScript dependency vulnerability scanning using local lockfile resolution and OSV-backed matching.

It does not aim to replace broader application security platforms or cover areas such as runtime reachability, container scanning, secrets scanning, or IaC scanning.

Thanks

If you test this release on real projects, especially lockfile edge cases or CI workflows, feedback and issues are welcome.