Add CamoFox Browser lockfile example and verified case study

CHANGELOG.md

@@ -13,6 +13,7 @@ All notable changes to CVE Lite CLI will be documented in this file.
 - LangChain.js case study added with verified baseline scan of a pnpm lockfile snapshot (`examples/langchainjs/`, 2,174 packages, 13 findings at revision `1503c9b`), including CVE Lite CLI vs `pnpm audit` comparison and lean-graph triage narrative.
 - OpenAI Agents SDK (JavaScript) case study added with verified baseline scan of a pnpm lockfile snapshot (`examples/openai-agents-js/`, 1,683 packages, 31 findings at revision `f76fc19`), including all-transitive parent-tracing narrative and CVE Lite CLI vs `pnpm audit` comparison.
 - n8n case study added with verified baseline scan of a pnpm lockfile snapshot (`examples/n8n/`, 3,746 packages, 32 findings at revision `e2e0394`), including CVE Lite CLI vs `pnpm audit` comparison.
+- CamoFox Browser case study added with verified baseline scan of an npm lockfile snapshot (`examples/camofox-browser/`, 435 packages, 2 findings at revision `ce3a3b0`), including within-range vs parent-upgrade `qs` remediation narrative and CVE Lite CLI vs `npm audit` comparison.
 
 ## [1.19.1] - 2026-06-02
 

README.md

@@ -220,9 +220,10 @@ CVE Lite CLI has been evaluated against real open-source projects to verify that
 - [LangChain.js](https://owasp.org/cve-lite-cli/docs/case-studies/langchainjs) — verified baseline scan of a pnpm LLM-framework monorepo (2,174 packages, 13 findings at revision `1503c9b`) with a lean-graph profile, three high-severity findings with validated fix targets, and a malicious-package advisory on OpenSearch integration paths
 - [OpenAI Agents SDK (JavaScript)](https://owasp.org/cve-lite-cli/docs/case-studies/openai-agents-js) — verified baseline scan of a pnpm AI-agent monorepo (1,683 packages, 31 findings at revision `f76fc19`) with 0 direct findings, MCP/Daytona parent clusters, and one generated `verdaccio` parent-upgrade command
 - [n8n](https://owasp.org/cve-lite-cli/docs/case-studies/n8n) — verified baseline scan of a workflow automation pnpm monorepo (3,746 packages, 32 findings at revision `e2e0394`) with one direct `turbo` fix, four command groups, and email/editor transitive clusters
+- [CamoFox Browser](https://owasp.org/cve-lite-cli/docs/case-studies/camofox-browser) — verified baseline scan of an AI agent browser automation npm graph (435 packages, 2 findings at revision `ce3a3b0`) with dual `qs` fix strategies — within-range `npm update qs` and parent `npm install express@4.22.2`
 - [Storybook](https://owasp.org/cve-lite-cli/docs/case-studies/storybook) — verified baseline scan of a Yarn Berry monorepo (3,008 packages, 92 findings at revision `cc19ae1`) spanning cross-framework sandbox templates, five critical transitive chains, and one direct vite fix command
 
-In-repo lockfile fixtures for Astro, Turborepo, Visual Studio Code, Gatsby, Vercel AI SDK, Mastra, Lit, LangChain.js, OpenAI Agents JS, n8n, and Storybook live under [`examples/`](examples/readme.md) — clone the repo and scan immediately without downloading full upstream checkouts.
+In-repo lockfile fixtures for Astro, Turborepo, Visual Studio Code, Gatsby, Vercel AI SDK, Mastra, Lit, LangChain.js, OpenAI Agents JS, n8n, CamoFox Browser, and Storybook live under [`examples/`](examples/readme.md) — clone the repo and scan immediately without downloading full upstream checkouts.
 
 These are not demos. They are documented scans against real codebases with real findings, recorded before and after applying fix commands.