OWASP/cve-lite-cli

v1.18.1 Feature

This release adds 2 notable features for engineering teams evaluating rollout.

Published 7d Vulnerability Scanning

✓ No known CVEs patched

✓ No known CVEs patched in this version

Topics

security cve javascript nodejs owasp security-tools

Affected surfaces

crypto_tls deps

Summary

AI summary

Corporate SSL proxy support added with per‑scan or persistent CA cert flag.

Type	Severity	Summary	CVE
Feature	Medium	Adds corporate SSL proxy support via `--ca-cert` flag and persistent config. Adds corporate SSL proxy support via `--ca-cert` flag and persistent config. Source: llm_adapter@2026-05-28 Confidence: high	—
Feature	Medium	Adds workspace‑scoped direct fix commands for monorepo projects across npm, pnpm, yarn, and bun. Adds workspace‑scoped direct fix commands for monorepo projects across npm, pnpm, yarn, and bun. Source: llm_adapter@2026-05-28 Confidence: high	—
Refactor	Low	Extracts fix execution logic into `src/utils/fix-runner.ts`. Extracts fix execution logic into `src/utils/fix-runner.ts`. Source: llm_adapter@2026-05-28 Confidence: high	—
Refactor	Low	Extracts `pluralize` utility to `src/utils/string.ts`, removing repeated count ternaries. Extracts `pluralize` utility to `src/utils/string.ts`, removing repeated count ternaries. Source: llm_adapter@2026-05-28 Confidence: high	—

Full changelog

Corporate SSL proxy support: --ca-cert <path> flag passes a PEM CA certificate for a single scan or advisory sync; cve-lite config set ca-cert <path> saves the path persistently in ~/.cve-lite-cli/config.json so every future invocation uses it automatically; cve-lite config show and cve-lite config unset ca-cert manage the saved value. Cert is validated as a readable PEM file before saving. GitHub Action gains a matching ca-cert input.
Workspace-scoped direct fix commands for monorepos: when scanning an npm, pnpm, yarn, or bun workspace project, direct dependency upgrade commands now include the appropriate workspace flag (npm install -w <workspace>, pnpm add --filter ./path, yarn workspace <name> add, bun add --filter <name>) so the install targets the correct workspace scope rather than the project root.

Extracted all fix execution logic from src/index.ts into src/utils/fix-runner.ts: applyFixesIfRequested, FixExecutionResult, printFixModeSummary join the previously extracted buildFixCommandParts, runInstallCommand, and commandLabelForPackageManager.
Extracted pluralize utility to src/utils/string.ts, eliminating repeated count ternaries across 9 files.

New Corporate SSL Proxy guide covering one-time config setup, per-invocation flag, cert export from IT/keychain/browser, and air-gapped advisory sync fallback.
CLI reference updated with Network/SSL section and config subcommand docs.
Troubleshooting page updated with SSL certificate errors entry.
Expanded CONTRIBUTING.md with code quality standards and file-size guidelines.
Astro pnpm monorepo case study with verified baseline scan and CVE Lite vs pnpm audit comparison.
Added Medium dedicated review and Hexaxia Labs integration post to press page, README, and homepage.
Refreshed homepage press bar with new outlets and "View all press coverage" link.
Turborepo case study added with verified baseline scan of a pnpm lockfile snapshot (examples/turborepo/, 1,776 packages, 13 findings at revision c85d410), including CVE Lite CLI vs pnpm audit comparison.
Examples readme, docs sidebar, and README updated to reference the Turborepo fixture and case study.

@Ayush7614 — Astro case study, Turborepo case study, and homepage press bar refresh
@Kushaal-k — fix-runner extraction refactor
@MohammadYusif — pluralize utility extraction

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Track OWASP/cve-lite-cli

Get notified when new releases ship.

About OWASP/cve-lite-cli