OWASP/cve-lite-cli v1.22.0

v1.22.0 - Dev dependency labelling and private registry detection for all parsers

on GitHub

Added

• Dev dependency labelling: terminal output and HTML report now show direct · dev / transitive · dev for findings from devDependencies; Yarn Classic and Berry parsers updated to detect dev status
• yarn-within-range and dev-only-finding example fixtures for regression testing

Fixed

• Private registry detection (⚠ Unverifiable (private source)) now works for pnpm (legacy and v9), Yarn Classic, and Bun lockfiles — previously only npm was supported

Validation

• npm test
• npm run build