github OWASP/cve-lite-cli v1.7.0
v1.7.0 - pnpm lockfile v9 support and Analog case study
on GitHub

latest releases: v1, v1.23.1, v1.23.0...
one month ago

Added

  • pnpm lockfile v9 support — the v9 format (default in current pnpm installations) uses name@version keys and a snapshots section instead of the legacy /name/version and packages layout; the parser now branches on lockfileVersion and routes v9+ lockfiles through a dedicated path, eliminating false negatives on modern pnpm projects
  • Analog case study — full scan-fix workflow on a real pnpm v9 Angular monorepo (3,367 packages), including a comparison table against pnpm audit, fix journey, and baseline findings table
  • Baseline findings tables backported to NestJS and Juice Shop case studies for structural consistency across all studies

Fixed

  • BFS path-tracking in the pnpm parser replaced path-fingerprint seenPaths with a visited-key seenKeys set, eliminating exponential queue growth through circular dependency chains in large lockfiles (e.g. Analog's 15 circular deps)

Validation

  • npm test
  • npm run build
Check out latest releases or
releases around OWASP/cve-lite-cli v1.7.0

Don't miss a new cve-lite-cli release

NewReleases is sending notifications on new releases.

Get notifications