From 8e4a82a35bed61fb0cdd10a95a4b33361c6738ec Mon Sep 17 00:00:00 2001 From: root Date: Mon, 18 May 2026 05:47:49 +0200 Subject: [PATCH 1/2] docs: expand Socket CLI comparison section --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 9e4d2e0..d597b9b 100644 --- a/README.md +++ b/README.md @@ -180,6 +180,10 @@ No other free tool combines all of the following: lockfile scanning across npm, The transitive parent guidance is a key difference: CVE Lite CLI avoids recommending direct installs for packages that are only present transitively. For npm lockfiles, it can identify when `npm update ` is enough to re-resolve a known non-vulnerable child within the current parent range, and when the parent package itself needs an upgrade. + +### About Socket CLI +Socket provides deep supply-chain analysis (malware, typosquatting, maintainer risk) but requires a paid account for full features. CVE Lite CLI remains the only fully free, offline, and account-free option with strong transitive analysis. + For detailed per-tool analysis, see [Comparison with other tools](https://owasp.org/cve-lite-cli/docs/comparison). ## Real-world validation From b44aa883e669e1f7056aa1caded89e7a02e1053d Mon Sep 17 00:00:00 2001 From: root Date: Mon, 18 May 2026 14:00:24 +0200 Subject: [PATCH 2/2] docs: soften socket comparison claim --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index d597b9b..a905bb7 100644 --- a/README.md +++ b/README.md @@ -180,9 +180,8 @@ No other free tool combines all of the following: lockfile scanning across npm, The transitive parent guidance is a key difference: CVE Lite CLI avoids recommending direct installs for packages that are only present transitively. For npm lockfiles, it can identify when `npm update ` is enough to re-resolve a known non-vulnerable child within the current parent range, and when the parent package itself needs an upgrade. - ### About Socket CLI -Socket provides deep supply-chain analysis (malware, typosquatting, maintainer risk) but requires a paid account for full features. CVE Lite CLI remains the only fully free, offline, and account-free option with strong transitive analysis. +Socket provides deep supply-chain analysis (malware, typosquatting, maintainer risk) but requires a paid account for full features. CVE Lite CLI remains one of the few fully free, offline, and account-free options with strong transitive analysis. For detailed per-tool analysis, see [Comparison with other tools](https://owasp.org/cve-lite-cli/docs/comparison).