github OWASP/cve-lite-cli v1.18.1
v1.18.1 - Corporate SSL proxy support, workspace fix commands, and Turborepo case study
on GitHub

latest release: v1
5 hours ago

Added

  • Corporate SSL proxy support: --ca-cert <path> flag passes a PEM CA certificate for a single scan or advisory sync; cve-lite config set ca-cert <path> saves the path persistently in ~/.cve-lite-cli/config.json so every future invocation uses it automatically; cve-lite config show and cve-lite config unset ca-cert manage the saved value. Cert is validated as a readable PEM file before saving. GitHub Action gains a matching ca-cert input.
  • Workspace-scoped direct fix commands for monorepos: when scanning an npm, pnpm, yarn, or bun workspace project, direct dependency upgrade commands now include the appropriate workspace flag (npm install -w <workspace>, pnpm add --filter ./path, yarn workspace <name> add, bun add --filter <name>) so the install targets the correct workspace scope rather than the project root.

Changed

  • Extracted all fix execution logic from src/index.ts into src/utils/fix-runner.ts: applyFixesIfRequested, FixExecutionResult, printFixModeSummary join the previously extracted buildFixCommandParts, runInstallCommand, and commandLabelForPackageManager.
  • Extracted pluralize utility to src/utils/string.ts, eliminating repeated count ternaries across 9 files.

Docs

  • New Corporate SSL Proxy guide covering one-time config setup, per-invocation flag, cert export from IT/keychain/browser, and air-gapped advisory sync fallback.
  • CLI reference updated with Network/SSL section and config subcommand docs.
  • Troubleshooting page updated with SSL certificate errors entry.
  • Expanded CONTRIBUTING.md with code quality standards and file-size guidelines.
  • Astro pnpm monorepo case study with verified baseline scan and CVE Lite vs pnpm audit comparison.
  • Added Medium dedicated review and Hexaxia Labs integration post to press page, README, and homepage.
  • Refreshed homepage press bar with new outlets and "View all press coverage" link.
  • Turborepo case study added with verified baseline scan of a pnpm lockfile snapshot (examples/turborepo/, 1,776 packages, 13 findings at revision c85d410), including CVE Lite CLI vs pnpm audit comparison.
  • Examples readme, docs sidebar, and README updated to reference the Turborepo fixture and case study.

Validation

  • npm test
  • npm run build

Contributors

  • @Ayush7614 — Astro case study, Turborepo case study, and homepage press bar refresh
  • @Kushaal-k — fix-runner extraction refactor
  • @MohammadYusif — pluralize utility extraction
Check out latest releases or
releases around OWASP/cve-lite-cli v1.18.1

Don't miss a new cve-lite-cli release

NewReleases is sending notifications on new releases.

Get notifications