Added
- npm transitive remediation now builds a logical dependency graph from
package-lock.jsonso hoisted packages can be mapped back to their actual parent chain. - npm transitive findings can now recommend
npm update <parent>when a safe child version is reachable within the current parent dependency range. - The CLI now shows progress while analyzing vulnerability findings after advisory details are loaded.
Fixed
- npm workspace scans now preserve workspace-local package path context for dependency paths and remediation resolution.
- npm transitive parent upgrade recommendations now respect parent dependency ranges before suggesting a target.
- npm alias nodes in package locks now keep their alias identity when building the remediation graph.
Changed
- Release metadata and website references updated for v1.11.0.
Validation
- npm test
- npm run build