From f3489fbe95e27405ad8d2c1296d0847d49d3735f Mon Sep 17 00:00:00 2001
From: kira88-code <testingalpha35@gmail.com>
Date: Mon, 8 Jun 2026 07:54:46 +0500
Subject: [PATCH 1/3] docs: sort case studies table by lockfile type and
 project name

---
 website/docs/case-studies/index.md | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/website/docs/case-studies/index.md b/website/docs/case-studies/index.md
index 173d97c..7726c2c 100644
--- a/website/docs/case-studies/index.md
+++ b/website/docs/case-studies/index.md
@@ -15,19 +15,19 @@ CVE Lite CLI is an [OWASP Incubator Project](https://owasp.org/cve-lite-cli/).
 
 | Project | Lockfile | Key finding |
 |---|---|---|
-| [OWASP Juice Shop](./owasp-juice-shop.md) | npm | Multiple critical/high direct findings with copy-and-run fix commands |
+| [Ghost](./ghost.md) | npm | CMS platform, transitive chain analysis |
+| [lint-staged](./lint-staged.md) | npm | `picomatch@2.3.1` direct high dep hidden by `npm audit --omit=dev` |
+| [Lit](./lit.md) | npm | Web components reference implementation — 2,059 packages, 3 direct rollup findings with workspace-scoped fix commands, 5 critical transitive |
 | [NestJS](./nestjs.md) | npm | 26 findings, 25 transitive - CVE Lite surfaces the one actionable direct fix |
+| [OWASP Juice Shop](./owasp-juice-shop.md) | npm | Multiple critical/high direct findings with copy-and-run fix commands |
+| [Storybook](./storybook.md) | npm | Frontend tooling, large dependency graph |
+| [VS Code](./vscode.md) | npm | `@anthropic-ai/sdk@0.81/0.82` as direct Copilot dependencies |
 | [Analog](./analog.md) | pnpm | Angular meta-framework monorepo, pnpm workspace scanning |
-| [lint-staged](./lint-staged.md) | npm | `picomatch@2.3.1` direct high dep hidden by `npm audit --omit=dev` |
-| [Ghost](./ghost.md) | npm | CMS platform, transitive chain analysis |
 | [Astro](./astro.md) | pnpm | Large pnpm monorepo with verified baseline scan documentation |
-| [Turborepo](./turborepo.md) | pnpm | Monorepo build tooling, pnpm lockfile |
-| [VS Code](./vscode.md) | npm | `@anthropic-ai/sdk@0.81/0.82` as direct Copilot dependencies |
-| [Gatsby](./gatsby.md) | Yarn Classic | Large Yarn v1 monorepo — 3,568 packages, 128 findings, 5 direct |
-| [Vercel AI SDK](./vercel-ai-sdk.md) | pnpm | AI SDK monorepo — 3 direct findings, 5 workspace-scoped fix command groups |
-| [Mastra](./mastra.md) | pnpm | AI agent framework — 4,555 packages, 4 direct findings, workspace-scoped `pnpm add` |
-| [Lit](./lit.md) | npm | Web components reference implementation — 2,059 packages, 3 direct rollup findings with workspace-scoped fix commands, 5 critical transitive |
 | [LangChain.js](./langchainjs.md) | pnpm | LLM application framework monorepo — 2,174 packages, lean graph, 3 high with validated targets, malicious-package advisory on OpenSearch integration paths |
-| [OpenAI Agents SDK (JS)](./openai-agents-js.md) | pnpm | AI agent monorepo — 1,683 packages, 0 direct findings, 31 transitive, one verdaccio parent-upgrade command |
+| [Mastra](./mastra.md) | pnpm | AI agent framework — 4,555 packages, 4 direct findings, workspace-scoped `pnpm add` |
 | [n8n](./n8n.md) | pnpm | Workflow automation monorepo — 3,746 packages, 1 direct turbo fix, 4 command groups, 31 transitive |
-| [Storybook](./storybook.md) | npm | Frontend tooling, large dependency graph |
+| [OpenAI Agents SDK (JS)](./openai-agents-js.md) | pnpm | AI agent monorepo — 1,683 packages, 0 direct findings, 31 transitive, one verdaccio parent-upgrade command |
+| [Turborepo](./turborepo.md) | pnpm | Monorepo build tooling, pnpm lockfile |
+| [Vercel AI SDK](./vercel-ai-sdk.md) | pnpm | AI SDK monorepo — 3 direct findings, 5 workspace-scoped fix command groups |
+| [Gatsby](./gatsby.md) | Yarn Classic | Large Yarn v1 monorepo — 3,568 packages, 128 findings, 5 direct |
\ No newline at end of file

From 332fc75f1cb1f0b036470db37c9a6c939d24c5ec Mon Sep 17 00:00:00 2001
From: Ali Azan Shah <70583155+kira88-code@users.noreply.github.com>
Date: Mon, 8 Jun 2026 17:30:26 +0500
Subject: [PATCH 2/3] style: add trailing newline to case-studies

Signed-off-by: Ali Azan Shah <testingalpha35@gmail.com>
---
 website/docs/case-studies/index.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/docs/case-studies/index.md b/website/docs/case-studies/index.md
index 7726c2c..e740343 100644
--- a/website/docs/case-studies/index.md
+++ b/website/docs/case-studies/index.md
@@ -30,4 +30,4 @@ CVE Lite CLI is an [OWASP Incubator Project](https://owasp.org/cve-lite-cli/).
 | [OpenAI Agents SDK (JS)](./openai-agents-js.md) | pnpm | AI agent monorepo — 1,683 packages, 0 direct findings, 31 transitive, one verdaccio parent-upgrade command |
 | [Turborepo](./turborepo.md) | pnpm | Monorepo build tooling, pnpm lockfile |
 | [Vercel AI SDK](./vercel-ai-sdk.md) | pnpm | AI SDK monorepo — 3 direct findings, 5 workspace-scoped fix command groups |
-| [Gatsby](./gatsby.md) | Yarn Classic | Large Yarn v1 monorepo — 3,568 packages, 128 findings, 5 direct |
\ No newline at end of file
+| [Gatsby](./gatsby.md) | Yarn Classic | Large Yarn v1 monorepo — 3,568 packages, 128 findings, 5 direct |

From 3e01a6818ea4e15806a6f853778bf0b59ac63534 Mon Sep 17 00:00:00 2001
From: Ali Azan Shah <70583155+kira88-code@users.noreply.github.com>
Date: Mon, 8 Jun 2026 18:37:29 +0500
Subject: [PATCH 3/3] style: sort case studies by lockfile manager and project
 name

- Grouped rows strictly by lockfile manager type (npm -> pnpm -> Yarn)
- Fully alphabetized all project entries within their respective categories
- Cleaned up duplicate entries and fixed the trailing newline formatting
Signed-off-by: Ali Azan Shah <testingalpha35@gmail.com>
---
 website/docs/case-studies/index.md | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/website/docs/case-studies/index.md b/website/docs/case-studies/index.md
index 344d072..dc94ab3 100644
--- a/website/docs/case-studies/index.md
+++ b/website/docs/case-studies/index.md
@@ -15,20 +15,20 @@ CVE Lite CLI is an [OWASP Incubator Project](https://owasp.org/cve-lite-cli/).
 
 | Project | Lockfile | Key finding |
 |---|---|---|
-| [Analog](./analog.md) | pnpm | Angular meta-framework monorepo, pnpm workspace scanning |
-| [Astro](./astro.md) | pnpm | Large pnpm monorepo with verified baseline scan documentation |
 | [CamoFox Browser](./camofox-browser.md) | npm | AI agent browser automation — 435 packages, 2 `qs` findings, within-range refresh + express parent upgrade |
-| [Gatsby](./gatsby.md) | Yarn Classic | Large Yarn v1 monorepo — 3,568 packages, 128 findings, 5 direct |
 | [Ghost](./ghost.md) | npm | CMS platform, transitive chain analysis |
-| [LangChain.js](./langchainjs.md) | pnpm | LLM application framework monorepo — 2,174 packages, lean graph, 3 high with validated targets, malicious-package advisory on OpenSearch integration paths |
 | [lint-staged](./lint-staged.md) | npm | `picomatch@2.3.1` direct high dep hidden by `npm audit --omit=dev` |
 | [Lit](./lit.md) | npm | Web components reference implementation — 2,059 packages, 3 direct rollup findings with workspace-scoped fix commands, 5 critical transitive |
-| [Mastra](./mastra.md) | pnpm | AI agent framework — 4,555 packages, 4 direct findings, workspace-scoped `pnpm add` |
-| [n8n](./n8n.md) | pnpm | Workflow automation monorepo — 3,746 packages, 1 direct turbo fix, 4 command groups, 31 transitive |
 | [NestJS](./nestjs.md) | npm | 26 findings, 25 transitive - CVE Lite surfaces the one actionable direct fix |
-| [OpenAI Agents SDK (JS)](./openai-agents-js.md) | pnpm | AI agent monorepo — 1,683 packages, 0 direct findings, 31 transitive, one verdaccio parent-upgrade command |
 | [OWASP Juice Shop](./owasp-juice-shop.md) | npm | Multiple critical/high direct findings with copy-and-run fix commands |
 | [Storybook](./storybook.md) | npm | Frontend tooling, large dependency graph |
+| [VS Code](./vscode.md) | npm | `@anthropic-ai/sdk@0.81/0.82` as direct Copilot dependencies |
+| [Analog](./analog.md) | pnpm | Angular meta-framework monorepo, pnpm workspace scanning |
+| [Astro](./astro.md) | pnpm | Large pnpm monorepo with verified baseline scan documentation |
+| [LangChain.js](./langchainjs.md) | pnpm | LLM application framework monorepo — 2,174 packages, lean graph, 3 high with validated targets, malicious-package advisory on OpenSearch integration paths |
+| [Mastra](./mastra.md) | pnpm | AI agent framework — 4,555 packages, 4 direct findings, workspace-scoped `pnpm add` |
+| [n8n](./n8n.md) | pnpm | Workflow automation monorepo — 3,746 packages, 1 direct turbo fix, 4 command groups, 31 transitive |
+| [OpenAI Agents SDK (JS)](./openai-agents-js.md) | pnpm | AI agent monorepo — 1,683 packages, 0 direct findings, 31 transitive, one verdaccio parent-upgrade command |
 | [Turborepo](./turborepo.md) | pnpm | Monorepo build tooling, pnpm lockfile |
 | [Vercel AI SDK](./vercel-ai-sdk.md) | pnpm | AI SDK monorepo — 3 direct findings, 5 workspace-scoped fix command groups |
-| [VS Code](./vscode.md) | npm | `@anthropic-ai/sdk@0.81/0.82` as direct Copilot dependencies |
+| [Gatsby](./gatsby.md) | Yarn Classic | Large Yarn v1 monorepo — 3,568 packages, 128 findings, 5 direct |