Skip to content

v1.23.0 - Git source classification, error handling, and 2x faster cold scans

Latest
Latest

Choose a tag to compare

View all tags
@sonukapoor sonukapoor released this 13 Jun 17:45
· 3 commits to main since this release
v1.23.0
This tag was signed with the committer’s verified signature.
sonukapoor Sonu Kapoor
GPG key ID: 3306B2C5600CA6DB
Verified
Learn about vigilant mode.
f0e0092
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Added

  • Graded output for MAL- advisories from git sources: terminal shows ⚠ Git source (SHA-pinned) or ⚠ Git source (floating ref) with resolved URL; HTML report shows orange badge variant

Fixed

  • Error handling and cleanup for SARIF, CycloneDX, and HTML report file writes; pre-existing directories preserved on write failure
  • Duplicate db.close() call removed from osv-sync catch block that could mask original error

Performance

  • CVE detail fetches now run concurrently — 2.2x faster on cold cache for large lockfiles (28.4s → 12.7s on a 170-CVE scan)
  • Packument cache pre-warmed before transitive remediation loop to eliminate serial npm registry round-trips

Validation

  • npm test
  • npm run build
Assets 3
Loading