Skip to content

OWASP/cve-lite-cli

v1.11.0 Feature

This release adds 2 notable features for engineering teams evaluating rollout.

Published 1mo Vulnerability Scanning
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

security cve javascript nodejs owasp security-tools

Summary

AI summary

npm workspace scans preserve local path context, transitive recommendations respect parent ranges, and analysis shows progress.

Full changelog

Added

  • npm transitive remediation now builds a logical dependency graph from package-lock.json so hoisted packages can be mapped back to their actual parent chain.
  • npm transitive findings can now recommend npm update <parent> when a safe child version is reachable within the current parent dependency range.
  • The CLI now shows progress while analyzing vulnerability findings after advisory details are loaded.

Fixed

  • npm workspace scans now preserve workspace-local package path context for dependency paths and remediation resolution.
  • npm transitive parent upgrade recommendations now respect parent dependency ranges before suggesting a target.
  • npm alias nodes in package locks now keep their alias identity when building the remediation graph.

Changed

  • Release metadata and website references updated for v1.11.0.

Validation

  • npm test
  • npm run build
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track OWASP/cve-lite-cli

Get notified when new releases ship.

Sign up free

About OWASP/cve-lite-cli

All releases →

Related context

Beta — feedback welcome: [email protected]