Skip to content

OWASP/cve-lite-cli

v1.8.0 Breaking

This release includes breaking changes for platform teams planning a safe upgrade.

Published 1mo Vulnerability Scanning
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

security cve javascript nodejs owasp security-tools

Affected surfaces

deps

Summary

AI summary

Added usage-aware dependency analysis with new --usage and --only-used flags.

Full changelog

Added

  • Usage-aware dependency analysis phase 1: The CLI now statically analyzes project source code to detect if vulnerable dependencies are actually imported and reachable.
  • Added --usage and --only-used flags. Used findings bubble to the top, and --only-used aggressively filters out unreachable/unused dependencies to eliminate noise.
  • CLI tables now feature a dedicated Usage column indicating import counts or unused status, color-coded red and green.
  • Migrated the breaking change annotation into its own dedicated Breaking? column with a symbol in the fix plan tables.

Validation

  • npm test
  • npm run build
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track OWASP/cve-lite-cli

Get notified when new releases ship.

Sign up free

About OWASP/cve-lite-cli

All releases →

Related context

Beta — feedback welcome: [email protected]