| title | Documentation |
|---|---|
| description | Start here for CVE Lite CLI documentation, remediation guidance, reports, parser coverage, CI usage, and case studies. |
As seen in: Help Net Security · Development Curated · Press coverage →
CVE Lite CLI is designed around short local feedback loops: scan a lockfile, understand whether findings are direct or transitive, apply the safest supported fix command, and rescan before code reaches CI.
- Getting Started explains how to get started
- Workflow Integration explains how to integrate with CI, GitHub Actions, GitHub Code Scanning (SARIF upload), git hooks, and offline mode.
- Remediation Strategy explains how the CLI chooses direct upgrades, parent updates, and parent upgrades.
- Fix Mode Guide explains the conservative
--fixworkflow. - Override Hygiene Auditing audits
overridesandresolutionsfor stale, broken, and ineffective pins across npm, pnpm, Yarn, and Bun (rules OA001-OA008). - HTML Vulnerability Report explains the local dashboard generated by
--report. - How CVE Lite CLI Works covers the scanner model and lockfile-first behavior.
- Comparison with Other Tools compares CVE Lite CLI with Dependabot, npm audit, OSV-Scanner, Snyk, and Socket.
- Parser Coverage documents package-manager support and fallback behavior.
- Case Studies show real project scans and remediation journeys — including verified lockfile snapshots for Astro (pnpm, 2,228 packages), Turborepo (pnpm, 1,776 packages), Visual Studio Code (npm root lockfile, 1,374 packages), and Storybook (Yarn Berry, 3,008 packages).