sonukapoor

sonukapoor / cve-lite-cli

Public

Fast, developer-friendly JS/TS dependency vulnerability scanner with local lockfile scanning, OSV matching, direct vs transitive visibility, fix hints, JSON/SARIF output, and a practical remediation plan.

14
0
100% credibility
Found Apr 01, 2026 at 14 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
TypeScript
AI Summary

CVE Lite CLI is a lightweight command-line tool that scans JavaScript and TypeScript projects for known vulnerabilities in dependencies using public vulnerability databases and provides prioritized fix recommendations.

How It Works

1
πŸ“° Discover the safety checker

You hear about a free, easy tool that quickly checks your project's parts for known weak spots before sharing it.

2
πŸ“₯ Get the tool

You add this simple checker to your computer in one quick step, no hassle.

3
πŸ“ Pick your project

You choose the folder holding your project, like pointing to your work space.

4
πŸ” Run the check

You start the scan and watch it swiftly review all the building blocks for any safety issues.

5
πŸ“‹ See your results

A friendly report appears, highlighting urgent problems first with a clear plan on what to fix and how.

6
πŸ”§ Follow the fix guide

You update the weak parts using the simple suggestions, making your project stronger step by step.

βœ… Project is secure!

Run the check again to confirm – everything is safe, and your project is ready to release with confidence.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 14 to 14 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is cve-lite-cli?

cve-lite-cli is a fast, developer-friendly CLI scanner for JS/TS project dependencies, parsing lockfiles from npm, pnpm, or Yarn to match exact versions against OSV vulnerabilities. It delivers a clear summary of issues, distinguishing direct from transitive deps, with fix hints, dependency paths, and a prioritized remediation plan. Run `cve-lite .` for instant triage, or pipe JSON/SARIF output to CI tools.

Why is it gaining traction?

It skips SaaS signups and heavy platforms, offering local-first scans with smart output: top-priority fixes first, parent hints for transitives, and CI-friendly flags like `--fail-on high` or SARIF exports for fast GitHub Actions. Unlike npm audit's raw dumps, it generates actionable plans; versus broader tools like Snyk, it's lite, free, and focused on release gates with minimal deps.

Who should use this?

JS/TS maintainers running pre-release checks on side projects or OSS repos, small teams adding lightweight CI gates without budgets for enterprise scanners, or consultants verifying client lockfiles quickly. Ideal for monorepos where you need direct/transitive visibility before merging, especially in fast GitHub workflows like actions or searches.

Verdict

Grab it for quick, honest JS/TS dep scans if you hate platform lock-inβ€”docs are solid, output shines. At 14 stars and 1.0% credibility, it's early but promising; test in non-critical flows until adoption grows.

(178 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.