This release improves the day-to-day developer experience of CVE Lite CLI by introducing a cleaner default console view while preserving the existing detailed output behind a new --verbose flag.
Highlights
- Added a calmer, summary-first default CLI output for faster triage
- Added
--verbosemode for full detailed output, including:- detailed findings table
- dependency paths
- suggested fix plan
- richer scan context for CI logs
- Improved output readability and visual hierarchy in the terminal
- Updated the README with:
- refreshed branding assets
- improved workflow diagram
- OWASP Juice Shop example
- clearer guidance for default vs verbose usage
Why this release matters
CVE Lite CLI is built for the moment right before release, when developers want a clear answer and a practical next step without the overhead of a larger platform.
This release makes that workflow easier by default:
- cleaner local output for fast human review
- fuller verbose output when deeper investigation or CI context is needed
Usage
Default summary-first output:
cve-lite .Full detailed output:
cve-lite . --verboseRecommended for CI:
cve-lite . --verbose --fail-on highScope reminder
CVE Lite CLI remains intentionally focused on JavaScript and TypeScript dependency vulnerability scanning using local lockfile resolution and OSV-backed matching.
It does not aim to replace broader application security platforms or cover areas such as runtime reachability, container scanning, secrets scanning, or IaC scanning.
Thanks
If you test this release on real projects, especially lockfile edge cases or CI workflows, feedback and issues are welcome.