Skip to content

OWASP/cve-lite-cli

v1.8.0-pre-owasp-transfer Maintenance

This release keeps dependencies and maintenance posture current for teams operating this tool.

Published 1mo Vulnerability Scanning
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

security cve javascript nodejs owasp security-tools

Summary

AI summary

Minor fixes and improvements.

Full changelog

This is a non-functional milestone release created to mark the project state prior to its transition into OWASP.

CVE Lite CLI has been accepted as an OWASP Incubator Project and will continue development under the OWASP GitHub organization:

https://github.com/OWASP/CVE-Lite-CLI

This release captures the original independent development history of the project before transfer, including:

  • local-first JavaScript/TypeScript lockfile scanning
  • OSV-based vulnerability matching
  • npm, pnpm, and Yarn lockfile support
  • direct vs transitive vulnerability classification
  • fixed-version hints where available
  • top-priority fixes and suggested remediation planning
  • JSON and SARIF output
  • CI-friendly fail-on severity support
  • local advisory caching
  • small runtime dependency footprint

This release is intended as a historical checkpoint before the OWASP transition. Future development, issues, pull requests, and releases are expected to continue under the OWASP repository.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track OWASP/cve-lite-cli

Get notified when new releases ship.

Sign up free

About OWASP/cve-lite-cli

All releases →

Related context

Beta — feedback welcome: [email protected]