What's new
CVE Lite CLI now provides better guidance for transitive vulnerabilities.
When a vulnerable package is nested under another dependency, the tool preserves the full dependency path and, when it can determine one reliably, recommends the parent package upgrade to make.
Highlights
- added parent upgrade guidance for transitive vulnerabilities
- preserved full dependency path output in verbose mode
- improved compact output with more actionable remediation guidance
- updated README wording to reflect the new behavior
Example
Before:
project -> express-jwt -> jsonwebtoken
After:
project -> express-jwt -> jsonwebtoken
Recommended parent upgrade: express-jwt 0.1.0 -> 6.0.0
Notes
This is best-effort guidance. When a reliable parent upgrade cannot be determined, CVE Lite CLI falls back to the existing generic remediation wording.