CVE Lite CLI

Version updated for https://github.com/sonukapoor/cve-lite-cli to version v1.5.0.

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

CVE Lite CLI is a GitHub Action designed to scan JavaScript and TypeScript projects for known vulnerabilities, providing actionable insights to prioritize and fix issues. It automates vulnerability detection with offline support, making it suitable for restricted or enterprise environments, and enhances developer workflows by offering fast, clear, and cost-effective security assessments. Key capabilities include zero-network scans using a local advisory database and seamless integration into CI/CD pipelines.

What’s Changed

Added

• lowest known non-vulnerable direct remediation target selection based on advisory-range validation across published versions
• version-scan metrics for validated remediation targeting (scanned versions and still-vulnerable exclusions)
• automated tests for multi-step upgrade chains, overlapping advisories, and fallback behavior when advisory coverage is incomplete
• richer NestJS case-study evidence with remediation table metrics and screenshot-backed command snapshots

Changed

• direct remediation output now uses structured table rendering with package/current/target/scanned/vulnerable columns
• direct remediation tables now include a total row for consistent section-level summary in verbose output
• compact output now includes validation-summary context when scanned-version metrics are available
• README now explains the lowest-known-non-vulnerable targeting flow and references NestJS remediation evidence

• sonukapoor
• GitHub Actions