Skip to content

docs: add Presenton dual-lockfile example and verified case study (#527) #595

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Ayush7614 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

docs: add Presenton dual-lockfile example and verified case study (#527) #595

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,9 @@ All notable changes to CVE Lite CLI will be documented in this file.

## [Unreleased]

### Docs
- Presenton case study added with verified baseline scan of dual npm lockfile snapshots (`examples/presenton/` root + `electron/`, 594 packages, 9 findings at revision `493aff5`), including AI presentation app coverage and CVE Lite CLI vs `npm audit` comparison.

## [1.21.0] - 2026-06-09

### Added
Expand Down
3 changes: 2 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -226,8 +226,9 @@ CVE Lite CLI has been evaluated against real open-source projects to verify that
- [n8n](https://owasp.org/cve-lite-cli/docs/case-studies/n8n) — verified baseline scan of a workflow automation pnpm monorepo (3,746 packages, 32 findings at revision `e2e0394`) with one direct `turbo` fix, four command groups, and email/editor transitive clusters
- [CamoFox Browser](https://owasp.org/cve-lite-cli/docs/case-studies/camofox-browser) — verified baseline scan of an AI agent browser automation npm graph (435 packages, 2 findings at revision `ce3a3b0`) with dual `qs` fix strategies — within-range `npm update qs` and parent `npm install express@4.22.2`
- [Storybook](https://owasp.org/cve-lite-cli/docs/case-studies/storybook) — verified baseline scan of a Yarn Berry monorepo (3,008 packages, 92 findings at revision `cc19ae1`) spanning cross-framework sandbox templates, five critical transitive chains, and one direct vite fix command
- [Presenton](https://owasp.org/cve-lite-cli/docs/case-studies/presenton) — verified baseline scan of an AI presentation generator with dual npm lockfiles (594 packages combined, 9 findings at revision `493aff5`) — 9/9 first-pass fix coverage across root orchestrator and Electron desktop shell

In-repo lockfile fixtures for Astro, Turborepo, Visual Studio Code, Gatsby, Vercel AI SDK, Mastra, Lit, LangChain.js, OpenAI Agents JS, n8n, CamoFox Browser, and Storybook live under [`examples/`](examples/readme.md) — clone the repo and scan immediately without downloading full upstream checkouts.
In-repo lockfile fixtures for Astro, Turborepo, Visual Studio Code, Gatsby, Vercel AI SDK, Mastra, Lit, LangChain.js, OpenAI Agents JS, n8n, CamoFox Browser, Storybook, and Presenton live under [`examples/`](examples/readme.md) — clone the repo and scan immediately without downloading full upstream checkouts.

These are not demos. They are documented scans against real codebases with real findings, recorded before and after applying fix commands.

Expand Down
Loading