Skip to content

OWASP/cve-lite-cli

v1.17.0 Breaking

This release includes breaking changes for platform teams planning a safe upgrade.

Published 14d Vulnerability Scanning
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

security cve javascript nodejs owasp security-tools

Summary

AI summary

CVE count now displayed across all output modes and npm-shrinkwrap.json support added.

Changes in this release

Feature Low

CVE count now shown alongside package count in all output modes

CVE count now shown alongside package count in all output modes

Source: llm_adapter@2026-05-28

Confidence: high
Feature Low

npm-shrinkwrap.json support added, parsed with precedence over package-lock.json when both present

npm-shrinkwrap.json support added, parsed with precedence over package-lock.json when both present

Source: llm_adapter@2026-05-28

Confidence: high
Bugfix Medium

security-events: write permission added to self-scan CI job so SARIF uploads succeed

security-events: write permission added to self-scan CI job so SARIF uploads succeed

Source: llm_adapter@2026-05-28

Confidence: high
Full changelog

Added

  • CVE count now shown alongside package count in all output modes: terminal summary reads ✗ Found 26 packages (35 CVEs), compact output reads 26 packages · 35 CVEs, verbose quick-take reads 35 CVEs matched overall, and the HTML report gains a dedicated CVEs severity card alongside the Packages card.
  • npm-shrinkwrap.json support: the scanner now detects and parses npm-shrinkwrap.json with correct precedence over package-lock.json when both are present.

Fixed

  • security-events: write permission added to the self-scan CI job so SARIF uploads succeed.

Docs

  • Getting Started page title shortened and added to top nav.
  • Ghost CMS case study added with full Before/After fix journey.
  • Socket CLI comparison expanded with structured sections.
  • README: strengthened hero differentiators, unique combination claim, and OWASP threading; added package manager logos section; added Press section with Help Net Security and Development Curated coverage.
  • Website homepage: added "As seen in" press bar with Help Net Security and Development Curated logos.
  • How It Works: added Vulnerability Data Sources section; removed redundant network-privacy doc.

Validation

  • npm test
  • npm run build
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track OWASP/cve-lite-cli

Get notified when new releases ship.

Sign up free

About OWASP/cve-lite-cli

All releases →

Related context

Beta — feedback welcome: [email protected]