This is a non-functional milestone release created to mark the project state prior to its transition into OWASP.
CVE Lite CLI has been accepted as an OWASP Incubator Project and will continue development under the OWASP GitHub organization:
https://github.com/OWASP/CVE-Lite-CLI
This release captures the original independent development history of the project before transfer, including:
- local-first JavaScript/TypeScript lockfile scanning
- OSV-based vulnerability matching
- npm, pnpm, and Yarn lockfile support
- direct vs transitive vulnerability classification
- fixed-version hints where available
- top-priority fixes and suggested remediation planning
- JSON and SARIF output
- CI-friendly fail-on severity support
- local advisory caching
- small runtime dependency footprint
This release is intended as a historical checkpoint before the OWASP transition. Future development, issues, pull requests, and releases are expected to continue under the OWASP repository.