OWASP/cve-lite-cli

v1.0.6 Feature

This release adds 3 notable features for engineering teams evaluating rollout.

Published 2mo Vulnerability Scanning

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

security cve javascript nodejs owasp security-tools

Affected surfaces

deps

Summary

AI summary

Added parent upgrade guidance for transitive vulnerabilities and improved remediation output.

Full changelog

What's new

CVE Lite CLI now provides better guidance for transitive vulnerabilities.

When a vulnerable package is nested under another dependency, the tool preserves the full dependency path and, when it can determine one reliably, recommends the parent package upgrade to make.

Highlights

added parent upgrade guidance for transitive vulnerabilities
preserved full dependency path output in verbose mode
improved compact output with more actionable remediation guidance
updated README wording to reflect the new behavior

Example

Before:

project -> express-jwt -> jsonwebtoken

After:

project -> express-jwt -> jsonwebtoken
Recommended parent upgrade: express-jwt 0.1.0 -> 6.0.0

Notes

This is best-effort guidance. When a reliable parent upgrade cannot be determined, CVE Lite CLI falls back to the existing generic remediation wording.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track OWASP/cve-lite-cli

Get notified when new releases ship.

About OWASP/cve-lite-cli

All releases →