CVE Lite CLI is an open-source, OSV-powered dependency scanner from Sonu Kapoor that checks npm, pnpm, and Yarn lockfiles locally and quickly identifies vulnerable JavaScript and TypeScript dependencies. It also recommends safe replacement commands, helping developers fix issues during coding instead of waiting for slow CI scans and repeated trial-and-error loops. #CVE_Lite_CLI #Sonu_Kapoor #OWASP
Keypoints
- CVE Lite CLI scans lockfiles for vulnerable JavaScript and TypeScript dependencies.
- It supports npm, pnpm, and Yarn with OSV-powered detection.
- The tool runs locally on the developerβs device and finishes in seconds.
- It recommends safe package replacements, not just vulnerability alerts.
- It aims to reduce CI delays, context loss, and frustration during development.