Skip to main content



To view results on this page you will need to have the Contrast CLI 2.0 installed via npm.

After the CLI is run on a manifest, you can view the associated projects in Contrast and view the findings. This provides earlier and broader visibility of vulnerabilities in open-source software where instrumentation is not possible or is too late in the software development life cycle (SDLC).


On this page, you'll see:

  • Name: This is the name of the project containing the manifest stored locally for the CLI, or the GitHub account and repository name

  • Last activity date: Date of most recent activity

  • Vulnerable libraries: The libraries in the project with an identified vulnerability (CVE). You can click the vulnerable library to view the library page for more information.

See also

Supported languages and package managers for Contrast CLI.