This release adds 1 notable feature for engineering teams evaluating rollout.
✓ No known CVEs patched in this version
Topics
Summary
AI summaryMulti-folder scan for monorepos without a root lockfile and fixed pre‑release version parsing in the update check.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Feature | Medium |
Adds multi-folder scan for monorepos without a root lockfile. Adds multi-folder scan for monorepos without a root lockfile. Source: llm_adapter@2026-06-02 Confidence: high |
— |
| Bugfix | Medium |
Fixes `isNewer` update check to correctly parse pre-release version strings. Fixes `isNewer` update check to correctly parse pre-release version strings. Source: llm_adapter@2026-06-02 Confidence: high |
— |
Full changelog
Added
- Multi-folder scan for monorepos without a root lockfile: when
cve-lite .is run from a directory with no lockfile but two or more lockfiles in subfolders, the scanner automatically switches to multi-folder mode. Each subfolder is scanned independently, findings and fix commands are grouped per subfolder in terminal output, a single HTML report is generated with collapsible per-folder sections, and--jsonoutput includes asubfolderfield on each finding.
Fixed
isNewerupdate check now correctly parses pre-release version strings (e.g.1.19.0-alpha.1) so alpha users do not see a false downgrade prompt.
Validation
- npm test
- npm run build
Contributors
Thank you to everyone who contributed to this release: @ModalityZ
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About OWASP/cve-lite-cli
All releases →Related context
Related tools
Beta — feedback welcome: [email protected]