You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This commit was created on GitHub.com and signed with GitHub’s verified signature.
Added
Light/dark mode toggle in HTML report: one-click switch between themes, persisted to localStorage
SARIF 2.1.0 output now includes ruleIndex, kind: "open", and partialFingerprints for full GitHub Code Scanning compatibility; shared sarifFingerprintHash utility extracted to src/utils/sarif.ts
OA009 stale floor detector: fires when a >= or ^ override floor is already met by every parent declaration, making the override redundant
Empty container pruning: after --fix removes the last override entry, the now-empty overrides/pnpm.overrides object is also removed
Path-first argument ordering: cve-lite <path> overrides [flags] now works alongside cve-lite overrides <path> [flags]
reachesFailOn shared helper extracted to src/utils/severity.ts; fixes missing unknown severity rank and closes --fail-on asymmetry between scan and overrides paths
PD001 (Override-only phantom, high): fires when source code imports a package only present via an override pin - declare it as a dependency
PD002 (Transitive-only phantom, medium): fires when source code imports a package only present as a transitive dependency - declare it explicitly
OA009 safety guard: suppresses stale-floor removal suggestion when the override anchors a phantom import
overrides --json now writes to a timestamped file consistent with the main scan path
examples/all-scenarios/ fixture triggering all nine auto-detectable override hygiene rules in one scan
Fix-all tip: when 2+ rules are auto-fixable, hint block leads with cve-lite overrides --fix to apply all at once
Fixed
overrides --fix output table no longer shows findings that were just fixed
Hint commands after the findings table now include the scanned path when it is not .
Double blank line before Override Hygiene section in standalone overrides command removed
handleMultiFolderScan now returns ExitCode instead of calling process.exit(), fixing audit-log fd leak
Changed
DebugSession type gains a close(): void method for explicit session lifecycle signalling; both enabled and disabled paths implement it as a no-op