DevSecurityWeekabout 12 hours ago

OWASP Incubator Project Scans Dependencies in Seconds

1 min read

CVE Lite CLI is a lightweight open source command line security scanner that operates on lockfiles during development. The tool focuses on JavaScript and TypeScript files and supports npm, pnpm, and Yarn. Developed by Sonu Kapoor and now community supported, it was recently adopted as an OWASP Incubator Project. The scanner tells developers which packages contain a vulnerability and how to fix it.

Level

Hype check

Tap to vote and see what everyone thinks.

#owasp #cve-lite-cli #dependency-scanning

Read full story

More to chew on!

AIabout 9 hours ago

New IronWorm Malware Hits 36 Packages In npm Supply-Chain Attack

Security4 days ago

Red Hat npm packages compromised to steal developer credentials