diff --git a/website/docs/case-studies/index.md b/website/docs/case-studies/index.md
index 869f90a..dc94ab3 100644
--- a/website/docs/case-studies/index.md
+++ b/website/docs/case-studies/index.md
@@ -15,20 +15,20 @@ CVE Lite CLI is an [OWASP Incubator Project](https://owasp.org/cve-lite-cli/).
 
 | Project | Lockfile | Key finding |
 |---|---|---|
-| [OWASP Juice Shop](./owasp-juice-shop.md) | npm | Multiple critical/high direct findings with copy-and-run fix commands |
+| [CamoFox Browser](./camofox-browser.md) | npm | AI agent browser automation — 435 packages, 2 `qs` findings, within-range refresh + express parent upgrade |
+| [Ghost](./ghost.md) | npm | CMS platform, transitive chain analysis |
+| [lint-staged](./lint-staged.md) | npm | `picomatch@2.3.1` direct high dep hidden by `npm audit --omit=dev` |
+| [Lit](./lit.md) | npm | Web components reference implementation — 2,059 packages, 3 direct rollup findings with workspace-scoped fix commands, 5 critical transitive |
 | [NestJS](./nestjs.md) | npm | 26 findings, 25 transitive - CVE Lite surfaces the one actionable direct fix |
+| [OWASP Juice Shop](./owasp-juice-shop.md) | npm | Multiple critical/high direct findings with copy-and-run fix commands |
+| [Storybook](./storybook.md) | npm | Frontend tooling, large dependency graph |
+| [VS Code](./vscode.md) | npm | `@anthropic-ai/sdk@0.81/0.82` as direct Copilot dependencies |
 | [Analog](./analog.md) | pnpm | Angular meta-framework monorepo, pnpm workspace scanning |
-| [lint-staged](./lint-staged.md) | npm | `picomatch@2.3.1` direct high dep hidden by `npm audit --omit=dev` |
-| [Ghost](./ghost.md) | npm | CMS platform, transitive chain analysis |
 | [Astro](./astro.md) | pnpm | Large pnpm monorepo with verified baseline scan documentation |
-| [Turborepo](./turborepo.md) | pnpm | Monorepo build tooling, pnpm lockfile |
-| [VS Code](./vscode.md) | npm | `@anthropic-ai/sdk@0.81/0.82` as direct Copilot dependencies |
-| [Gatsby](./gatsby.md) | Yarn Classic | Large Yarn v1 monorepo — 3,568 packages, 128 findings, 5 direct |
-| [Vercel AI SDK](./vercel-ai-sdk.md) | pnpm | AI SDK monorepo — 3 direct findings, 5 workspace-scoped fix command groups |
-| [Mastra](./mastra.md) | pnpm | AI agent framework — 4,555 packages, 4 direct findings, workspace-scoped `pnpm add` |
-| [Lit](./lit.md) | npm | Web components reference implementation — 2,059 packages, 3 direct rollup findings with workspace-scoped fix commands, 5 critical transitive |
 | [LangChain.js](./langchainjs.md) | pnpm | LLM application framework monorepo — 2,174 packages, lean graph, 3 high with validated targets, malicious-package advisory on OpenSearch integration paths |
-| [OpenAI Agents SDK (JS)](./openai-agents-js.md) | pnpm | AI agent monorepo — 1,683 packages, 0 direct findings, 31 transitive, one verdaccio parent-upgrade command |
+| [Mastra](./mastra.md) | pnpm | AI agent framework — 4,555 packages, 4 direct findings, workspace-scoped `pnpm add` |
 | [n8n](./n8n.md) | pnpm | Workflow automation monorepo — 3,746 packages, 1 direct turbo fix, 4 command groups, 31 transitive |
-| [CamoFox Browser](./camofox-browser.md) | npm | AI agent browser automation — 435 packages, 2 `qs` findings, within-range refresh + express parent upgrade |
-| [Storybook](./storybook.md) | npm | Frontend tooling, large dependency graph |
+| [OpenAI Agents SDK (JS)](./openai-agents-js.md) | pnpm | AI agent monorepo — 1,683 packages, 0 direct findings, 31 transitive, one verdaccio parent-upgrade command |
+| [Turborepo](./turborepo.md) | pnpm | Monorepo build tooling, pnpm lockfile |
+| [Vercel AI SDK](./vercel-ai-sdk.md) | pnpm | AI SDK monorepo — 3 direct findings, 5 workspace-scoped fix command groups |
+| [Gatsby](./gatsby.md) | Yarn Classic | Large Yarn v1 monorepo — 3,568 packages, 128 findings, 5 direct |