Add Lit lockfile example and verified case study

[Ayush7614]

Summary

• Adds lockfile-only snapshot examples/lit/ from lit/lit@20afabd (package.json + package-lock.json).
• Documents verified baseline scan in website/docs/case-studies/lit.md (2,059 packages, 99 findings, npm audit comparison).
• Hosts Lit logo at website/static/img/lit-logo.svg (from repo packages/lit/logo-dark.svg).
• Includes Remaining risk, full 99-row Baseline findings table, and Want your project reviewed?

Test plan

• npm run build && node dist/index.js examples/lit --verbose --all — 99 findings (5 critical · 52 high · 33 medium · 9 low)
• npm audit — 107 entries documented in case study
• cd website && npm run build — Docusaurus build succeeds
• First-pass fix coverage: 13 of 99 findings (4 command groups)

Made with Cursor

[sonukapoor]

Good work on the Lit study — three direct rollup majors with matching workspace-scoped upgrades is exactly the pattern that makes a case study useful. Before merging: the branch has 2 commits. Please squash them into one (git rebase -i origin/main, then git push --force-with-lease).

[sonukapoor]

Nice case study — the three direct rollup versions with workspace-scoped upgrade commands is exactly the kind of actionable story that makes this interesting. A few things missing before merge:

README not updated. The case studies list in README.md doesn't include Lit, and the in-repo fixtures line ("Astro, Turborepo, and Visual Studio Code live under examples/") needs Lit added. Please follow the pattern of the other entries.

CHANGELOG entry missing. No CHANGELOG.md update in the diff. Add a line to the [Unreleased] section under ### Docs following the same one-line format as the other case study entries.

Add a row to website/docs/case-studies/index.md. A case studies index page was added after your branch was cut — it's on main now but missing a Lit entry. After rebasing you'll find it at website/docs/case-studies/index.md. Suggested row:

| [Lit](./lit.md) | npm | Web components reference implementation — 2,059 packages, 3 direct rollup findings with workspace-scoped fix commands, 5 critical transitive |

Please also rebase against main before pushing — the branch is behind the v1.18.2 release.

[Ayush7614]

Thanks for the review @sonukapoor — addressed all requested updates:

• Squashed to a single commit and rebased onto latest main
• Added Lit to the README case studies list and in-repo fixtures line
• Added [Unreleased] CHANGELOG entry under ### Docs
• Added Lit row to website/docs/case-studies/index.md (using your suggested wording)
• Conflicts resolved in examples/readme.md and website/sidebars.ts (Lit + Storybook)

I will update anything else you flag on this PR. Ready for another look.

[sonukapoor]

All feedback addressed — README, CHANGELOG, and index.md all updated, rebased cleanly against main. Good to merge.

[sonukapoor]

Hey Ayush — really sorry about this. We accidentally wiped the content of your branch during a rebase attempt on our end. Your original work is completely safe in your local git history.

To restore this PR, please run:

git fetch upstream   # where upstream is OWASP/cve-lite-cli
git checkout <your-branch>
git rebase upstream/main
git push origin <your-branch> --force

The PR will reopen automatically once the branch has content again. Sorry for the extra work.

[Ayush7614]

Restored after the accidental branch wipe — same approach as #529 / #530.

• Recovered from local 26aa702, rebased onto latest main
• Force-pushed ayush10 (74687d6) — Lit-only diff on top of main
• Index row uses @sonukapoor's suggested wording
• New PR: (linked below — GitHub would not reopen this closed empty PR)

Author: Ayush7614 only, no Cursor co-author trailer. Ready for merge when CI is green.