CVE Lite CLI

Version updated for https://github.com/sonukapoor/cve-lite-cli to version v1.5.2.

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

CVE Lite CLI is a GitHub Action designed to scan JavaScript and TypeScript projects for known package vulnerabilities, offering practical fix recommendations. It streamlines vulnerability assessment by supporting offline advisory databases, making it suitable for restricted or enterprise environments, and providing a developer-friendly, cost-effective alternative to expensive platforms. Additionally, it emphasizes actionable results and seamless integration into CI/CD workflows.

What’s Changed

Highlights

• added conservative –fix mode for validated direct dependency remediation
• –fix now applies package-manager-native direct updates, rescans automatically, and prints concise applied/skipped summary
• added dedicated –fix docs and updated website guidance
• refreshed OWASP Juice Shop case study with –fix evidence snapshot
• clarified README comparison table with explicit auto-fix support notes

Validation

• npm test
• npm run build

• Sonukapoor
• GitHub Actions