Documentation

As seen in: Help Net Security · Development Curated · Press coverage →

CVE Lite CLI is designed around short local feedback loops: scan a lockfile, understand whether findings are direct or transitive, apply the safest supported fix command, and rescan before code reaches CI.

Start here

• Getting Started explains how to get started
• Workflow Integration explains how to integrate with CI, GitHub Actions, GitHub Code Scanning (SARIF upload), git hooks, and offline mode.
• Remediation Strategy explains how the CLI chooses direct upgrades, parent updates, and parent upgrades.
• Fix Mode Guide explains the conservative --fix workflow.
• HTML Vulnerability Report explains the local dashboard generated by --report.
• How CVE Lite CLI Works covers the scanner model and lockfile-first behavior.

Compare and validate

• Comparison with Other Tools compares CVE Lite CLI with Dependabot, npm audit, OSV-Scanner, Snyk, and Socket.
• Parser Coverage documents package-manager support and fallback behavior.
• Case Studies show real project scans and remediation journeys.