OWASP/cve-lite-cli v1.12.0 on GitHub

Added

HTML report findings now show the actual fix command (e.g. npm install <package>@<version>) with a Copy button when one is available, instead of always showing a descriptive prose recommendation. Findings without a runnable command show the recommendation as plain text without a misleading Copy button.
Serialized findings expose a new runnableFixCommand: string | null field for programmatic consumers of the JSON output.
New "Offline vs Online Results" docs page explaining the two advisory sources, what stays the same across modes, the intentional behavior differences, and freshness considerations on both sides.

Offline scans now produce a Suggested Fix Plan that matches online scans for direct upgrades and in-range parent updates. The validation gate previously dropped the entire plan in offline mode.
Offline transitive remediation now resolves against the lockfile graph, with safe-child candidates synthesized from the advisory's firstFixedVersion when the npm registry is not available. The "update parent within current range" path now works offline.
Withdrawn OSV advisories are now skipped during local advisory database sync, mirroring OSV's /v1/querybatch behavior. Offline scans no longer surface findings from advisories that have been retracted.

The repository's user-facing documentation now lives exclusively under website/docs, which backs the published site at https://owasp.org/cve-lite-cli/. Documentation links in the README point at the published guides. The previous /docs directory has been removed.
GitHub Actions workflows updated to current versions.
Public site homepage layout polished.