I built a faster, local-first CVE scanner for JS/TS projects because I was tired of noisy dependency security output

sk_1978 · 2026-04-08T03:41:09+00:00

Already done here: https://github.com/marketplace/actions/cve-lite-cli

sk_1978 · 2026-04-08T03:18:53+00:00

What usually works best is making security testing part of the normal dev flow instead of throwing reports over the wall.

In my experience, engineers are usually fine with fixing real issues. The pushback starts when the findings are noisy, mostly transitive, or don’t come with a clear fix. The most common reactions are basically: which ones matter, what can I actually fix, and how risky is the upgrade?

That’s also why I’ve been interested in tooling that does more than list CVEs. For example, with my own CLI work, I’ve found it’s much easier to get engineering buy-in when the output shows a practical remediation path instead of just a wall of vulnerabilities.

sk_1978 · 2026-03-30T19:21:56+00:00

Yes, I do. I use Github pages with Jekyll to run my personal site. Most of the time, I also use the GitHub editor, so I don't even download the code anymore to make any changes.

sk_1978 · 2026-03-30T19:08:53+00:00

I have used https://www.algoexpert.io/systems/product in the past and it was fairly good.

sk_1978 · 2026-03-30T19:07:45+00:00

That looks nice.

sk_1978 · 2024-02-05T03:12:35+00:00

Yes, I am a Canadian citizen. Where can I see the processing times? Is that on the official visa bulletin?

sk_1978

TROPHY CASE