CVE Lite CLI

Version updated for https://github.com/sonukapoor/cve-lite-cli to version v1.7.1.

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

CVE Lite CLI is a vulnerability scanning tool for JavaScript and TypeScript projects that identifies known dependency vulnerabilities by analyzing lockfiles locally and providing actionable remediation plans. It automates tasks such as generating fix commands (e.g., npm install) and distinguishing direct vs. transitive risks, offering fast, offline, and privacy-focused scanning without requiring an account or external cloud services. This tool is ideal for developers seeking efficient, local-first security checks before releases.

What’s Changed

Fixed

• Pre-release versions (e.g. -next.*, -beta.*, -alpha.*, -rc.*) are now suppressed as fix targets across all three resolution paths: OSV advisory data, parent upgrade resolution, and direct fix validation. When the only available fixed version is a pre-release, the fix hint shows — and no fix command is generated.

Validation

• npm test
• npm run build

• Sonukapoor
• GitHub Actions