Add Presenton lockfile example and verified case study

[Ayush7614]

Summary

Add a real-world Presenton lockfile snapshot and a verified baseline scan case study to CVE Lite CLI.

Motivation

Presenton is a popular open-source AI presentation generator and API (~7.7k GitHub stars). A committed lockfile snapshot and documented case study would:

• Extend AI application coverage in the case study portfolio (alongside LangChain.js, OpenAI Agents JS, VS Code Copilot deps, etc.)
• Show CVE Lite CLI on an npm project with multiple JavaScript lockfiles (root orchestrator + Electron desktop shell)
• Document verified baseline findings, fix command groups, and remaining risk without applying remediation
• Provide side-by-side comparisons with npm audit on the same lockfile(s)

Lockfile scope note

Presenton ships more than one npm lockfile:

Path	Preliminary packages	Preliminary findings
Root package-lock.json	93	1 (0 critical · 1 high · 0 medium · 0 low)
electron/package-lock.json	501	8 (0 critical · 5 high · 3 medium · 0 low)

The repository also contains Python/FastAPI server code; the case study should stay JavaScript lockfile-only and clearly state which lockfile(s) are in scope. Contributors may use multi-folder scan (if both snapshots are committed under examples/presenton/) or document two sub-fixtures — but must not mix Python dependency graphs into the published study.

Preliminary numbers are from lockfile-only downloads on 2026-06-02 and must be re-verified locally before publishing.

Preliminary scan (CVE Lite CLI, lockfile-only, 2026-06-02)

Metric	Value
Upstream revision (candidate)	493aff5c764c13f7249a9a908fe41aa85c19b7c3
Root lockfile	package-lock.json
Root: resolved packages	93
Root: vulnerable packages	1 (0 direct / 1 transitive)
Electron lockfile	electron/package-lock.json
Electron: resolved packages	501
Electron: vulnerable packages	8 (0 direct / 8 transitive)

Proposed changes

• Add examples/presenton/ with pinned package.json + package-lock.json (and optionally electron/ lockfiles) at a documented upstream commit
• Add website/docs/case-studies/presenton.md with verified scan results (CVE Lite CLI version, npm audit comparison, reproducible commands, explicit lockfile scope)
• Bundle Presenton logo under website/static/img/ (do not rely on external raw URLs that 404)
• Wire the case study into docs sidebar, examples/readme.md, README.md, CHANGELOG, and website/docs/case-studies/index.md

Scope

• Documentation and example fixture only
• No changes to scanner source code or existing examples
• All scan metrics must be reproduced locally before publishing (baseline only — no fake “after” remediation results)

Acceptance criteria

• Lockfile snapshot(s) are pinned to a documented upstream revision
• Case study states which lockfile(s) were scanned and why
• Case study includes scan verification section with reproduce commands
• Comparison note explains CVE Lite vs native audit count differences (if totals differ)
• Baseline findings table matches live scan JSON output
• Logo is bundled locally under website/static/img/

[sonukapoor]

Thanks for the detailed proposal and preliminary scan work. The multi-lockfile angle (root + Electron) is interesting, and this is a good candidate for demonstrating the multi-folder scan feature we just shipped in v1.19.0.

Added to the publishing queue for the week of Jun 23. Feel free to start working on it — follow the same structure as the other case studies and make sure to document both lockfiles separately in the Before vs After table. The multi-folder scan command would be:

cve-lite examples/presenton

Let us know if you have any questions.

[Ayush7614]

Implemented in PR (branch ayush23) — verified dual-lockfile scan at 493aff5: root 93 pkgs / 1 finding, electron 501 pkgs / 8 findings, 9/9 fix coverage. npm audit counts align on both lockfiles.