Skip to content

v1.24.0 - Dual SARIF and HTML output, dev dependency fix flags, and Action binary fix

Latest
Latest

Choose a tag to compare

View all tags
@sonukapoor sonukapoor released this 17 Jun 12:40
· 1 commit to main since this release
v1.24.0
This tag was signed with the committer’s verified signature.
sonukapoor Sonu Kapoor
GPG key ID: 3306B2C5600CA6DB
Verified
Learn about vigilant mode.
97546a6
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Added

  • --sarif can now be combined with --report to write both a SARIF file and an HTML report in one scan - useful for CI pipelines that upload to GitHub Code Scanning and also attach an HTML artifact for human review

Fixed

  • Fix commands now include -D flag for dev dependencies (npm install -D, pnpm add -D, yarn add -D, bun add --dev); mixed dev/prod batches split into separate commands
  • GitHub Action now installs cve-lite-cli via npm install --prefix and appends the bin dir to $GITHUB_PATH, fixing cve-lite: not found errors on npm 10.x runners where npx cannot resolve a binary name different from the package name

Changed

  • Upgrade jest to 30.4.1; add .cve-lite/baseline.json to suppress unfixable js-yaml@3.14.2 transitive dev dep (GHSA-h67p-54hq-rp68)

Docs

  • Socket CLI comparison expanded with structured sections and concrete examples

Validation

  • npm test
  • npm run build

Contributors

Contributors

raj-krr
Assets 3
Loading