CVE Lite CLI

Version updated for https://github.com/sonukapoor/cve-lite-cli to version v1.3.0.

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

CVE Lite CLI is a GitHub Action designed to help developers scan JavaScript and TypeScript projects for known package vulnerabilities, offering practical fixes and prioritization guidance. It is optimized for developer workflows, supports offline advisory database usage for restricted environments, and eliminates the need for runtime network access. This tool addresses the need for affordable, efficient, and secure vulnerability scanning, making it suitable for enterprise contexts and CI/CD pipelines.

What’s Changed

Added

• package-manager-aware suggested fix commands for urgent findings
  • package-lock.json -> npm install ...
  • pnpm-lock.yaml -> pnpm add ...
  • yarn.lock -> yarn add ...
• explicit skipped-item output for urgent findings that cannot be fixed confidently
• -v / --version support

Changed

• improved output flow so suggested fix commands are easier to notice
• CLI banner now includes the tool version
• README now documents the new remediation workflow with a concrete fix-command example
• screenshots were refreshed to match the current output

Example

npm install jsonwebtoken@4.2.2 express-jwt@2.1.0 sanitize-html@2.17.2

• sonukapoor
• GitHub Actions