Skip to content

OWASP/cve-lite-cli

v1.2.0 Breaking

This release includes 1 breaking change for platform teams planning a safe upgrade.

Published 2mo Vulnerability Scanning
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

security cve javascript nodejs owasp security-tools

Summary

AI summary

Removed built-in npm cache setup from the reusable GitHub Action to improve reliability.

Full changelog

Added

  • reusable first-party GitHub Action for running CVE Lite CLI in GitHub Actions
  • workflow integration guidance for package scripts, opt-in postinstall usage, git hooks, CI, and scheduled advisory DB refreshes
  • multi-column README table of contents for easier navigation

Changed

  • removed built-in npm cache setup from the reusable GitHub Action to improve reliability in external repositories
  • README now includes GitHub Action usage examples and clearer top-level navigation
  • network and privacy documentation now reflects the current offline workflow and advisory DB operational model

Example GitHub Action usage

- uses: sonukapoor/[email protected]
  with:
    verbose: "true"
    fail-on: high

Breaking Changes

  • Removed built-in npm cache setup from the reusable GitHub Action
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track OWASP/cve-lite-cli

Get notified when new releases ship.

Sign up free

About OWASP/cve-lite-cli

All releases →

Related context

Beta — feedback welcome: [email protected]