Skip to content

Add Storybook lockfile example and verified case study#474

Open
Ayush7614 wants to merge 1 commit into
OWASP:mainfrom
Ayush7614:ayush4
Open

Add Storybook lockfile example and verified case study#474
Ayush7614 wants to merge 1 commit into
OWASP:mainfrom
Ayush7614:ayush4

Conversation

@Ayush7614
Copy link
Copy Markdown
Contributor

@Ayush7614 Ayush7614 commented May 27, 2026
edited by sonukapoor
Loading

Closes #465

Summary

  • Adds examples/storybook/ with package.json and yarn.lock pinned to storybookjs/storybook@cc19ae1
  • Adds website/docs/case-studies/storybook.md with verified baseline scan results (CVE Lite CLI v1.18.0)
  • Documents comparison with default yarn npm audit on the same lockfile (3 entries vs 92 unique CVE Lite findings across 3,008 packages)
  • Wires the case study into docs sidebar, README, and examples readme

Scope note

Documentation and example fixture only — no scanner source changes.

@Ayush7614 Ayush7614 mentioned this pull request May 27, 2026
Open
4 tasks
@Ayush7614
Copy link
Copy Markdown
Contributor Author

Ayush7614 commented May 28, 2026

@sonukapoor — conflicts with main (after #475 merged) are resolved. Merged latest main into ayush4; Storybook content is unchanged, and both Storybook + Turborepo are wired in the shared docs. Ready for review and merge. Thanks!

sonukapoor
sonukapoor requested changes May 28, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@sonukapoor sonukapoor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The case study content is solid - good verified data, the yarn npm audit comparison (3 vs 92) tells a strong story about what lockfile-wide scanning reveals that default audit scope misses entirely.

Two things before this merges:

Logo should be bundled locally. The current img src points to raw.githubusercontent.com/storybookjs/brand/.... That URL can change or break when the upstream brand repo gets reorganised. The VS Code case study in #484 shows the right pattern - bundle the logo under website/static/img/ and reference it with a site-relative path like /cve-lite-cli/img/storybook-logo.svg. Would be good to match that approach here.

The last commit includes a Cursor co-author line. Co-authored-by: Cursor <cursoragent@cursor.com> will land in git history on merge. Worth squashing that commit into the one before it to keep the history clean. The content is fine - just the attribution.

@Ayush7614
Add Storybook lockfile example and verified case study.
820b370 
Pin storybookjs/storybook@cc19ae1 Yarn Berry lockfile (3,008 packages,
92 findings) with CVE Lite vs yarn npm audit comparison. Bundle Storybook
wordmark under website/static/img/ and wire docs sidebar, README, examples
readme, CHANGELOG, and docs index alongside merged VS Code case study.

Closes OWASP#465
@Ayush7614
Copy link
Copy Markdown
Contributor Author

Ayush7614 commented May 28, 2026

@sonukapoor — both review items addressed:

  1. Logo bundled locally — Storybook wordmark is now at website/static/img/storybook-logo.svg and referenced as /cve-lite-cli/img/storybook-logo.svg in the case study (same pattern as Add VS Code root lockfile example and verified case study #484).

  2. Clean commit history — Squashed to a single commit on latest main with Ayush7614 as the only author (no Cursor co-author line).

Also rebased onto current main (includes merged VS Code #484) and resolved conflicts in README.md, website/docs/index.md, and website/sidebars.ts — Storybook and VS Code entries are both present.

Ready for re-review.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sonukapoor sonukapoor sonukapoor requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add Storybook lockfile example and verified case study

2 participants

@Ayush7614 @sonukapoor