Dependency vulnerability scanning in JavaScript and TypeScript projects has long sat at the end of the development pipeline. Pull requests get opened, continuous integration runs, and a security scanner returns a list of CVE identifiers that developers then have to triage hours or days after writing the code. CVE Lite CLI, now an officially recognized OWASP Incubator Project, moves that check to the developer’s terminal. The open-source tool, maintained by Sonu Kapoor, reads a project’s … More → The post CVE Lite CLI: Open-source dependency vulnerability scanner appeared first on Help Net Security .