Add Storybook lockfile example and verified case study

[Ayush7614]

Summary

Add a real-world Storybook monorepo lockfile snapshot and a verified baseline scan case study to CVE Lite CLI.

Motivation

Storybook is a widely used UI component development and documentation tool with a large JavaScript monorepo and a complex dependency graph spanning build tooling, testing, and framework integrations. A committed lockfile snapshot and documented case study would:

• Give contributors a realistic large-scale monorepo example beyond CMS/framework snapshots already in the project
• Show how CVE Lite CLI handles Storybook-scale toolchain and transitive dependency risk
• Document verified baseline findings, fix command groups, and remaining risk without applying remediation
• Provide a side-by-side comparison with the package manager’s native audit output on the same lockfile (where applicable)

Proposed changes

• Add examples/storybook/ with package.json and lockfile (pnpm-lock.yaml or package-lock.json, depending on upstream) pinned to a specific upstream commit
• Add website/docs/case-studies/storybook.md with verified scan results (CVE Lite CLI version, package manager audit comparison, reproducible commands)
• Wire the case study into docs sidebar, README, and examples readme (Storybook-only additions)

Scope

• Documentation and example fixture only
• No changes to scanner source code or existing examples
• All scan metrics must be reproduced locally before publishing (baseline only — no fake “after” remediation results)

Acceptance criteria

• Lockfile snapshot is pinned to a documented upstream revision
• Case study includes scan verification section with reproduce commands
• Comparison note explains CVE Lite vs native audit count differences (if totals differ)
• Baseline findings table matches live scan JSON output

[Ayush7614]

cc: @sonukapoor

[sonukapoor]

Hey @Ayush7614 - same question as #466: would you like to take a crack at this one? Pin a specific upstream commit from the Storybook repo, add the lockfile to examples/storybook/, run a scan locally, and document the results following the existing case study structure. Happy to review if you want to go for it.

[Ayush7614]

PR opened: #471

Includes:

• examples/storybook/ lockfile snapshot at cc19ae1
• Verified case study with CVE Lite vs yarn npm audit comparison
• Docs wiring (sidebar, README, examples readme)

Happy to address review feedback.

[Ayush7614]

Correction: PR is #474 (not #471 in the earlier comment).

#474

[Ayush7614]

cc: @sonukapoor