From ff5120c7b7982e94b06db741bfd5e8afe6404f04 Mon Sep 17 00:00:00 2001
From: Sonu Kapoor <sonukapoor@gmail.com>
Date: Mon, 18 May 2026 14:00:00 -0400
Subject: [PATCH 1/2] docs: add languages and package managers visual section
 to README

Adds an icon grid near the top of the README showing supported languages
(JavaScript, TypeScript) and package managers (npm, pnpm, Yarn, Bun)
using devicon and simpleicons logos at 48px with labels, matching the
visual pattern recommended by OWASP reviewer feedback.

Closes #370
---
 README.md | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/README.md b/README.md
index a905bb7..6404388 100644
--- a/README.md
+++ b/README.md
@@ -47,6 +47,32 @@
 
 ---
 
+<div align="center">
+
+**Languages**
+
+<table border="0" cellspacing="0" cellpadding="12">
+<tr>
+<td align="center"><img src="https://cdn.jsdelivr.net/gh/devicons/devicon@latest/icons/javascript/javascript-original.svg" width="48" height="48" alt="JavaScript"/><br/><sub><b>JavaScript</b></sub></td>
+<td align="center"><img src="https://cdn.jsdelivr.net/gh/devicons/devicon@latest/icons/typescript/typescript-original.svg" width="48" height="48" alt="TypeScript"/><br/><sub><b>TypeScript</b></sub></td>
+</tr>
+</table>
+
+**Package Managers**
+
+<table border="0" cellspacing="0" cellpadding="12">
+<tr>
+<td align="center"><img src="https://cdn.jsdelivr.net/gh/devicons/devicon@latest/icons/npm/npm-original-wordmark.svg" width="48" height="48" alt="npm"/><br/><sub><b>npm</b></sub></td>
+<td align="center"><img src="https://cdn.simpleicons.org/pnpm" width="48" height="48" alt="pnpm"/><br/><sub><b>pnpm</b></sub></td>
+<td align="center"><img src="https://cdn.jsdelivr.net/gh/devicons/devicon@latest/icons/yarn/yarn-original.svg" width="48" height="48" alt="Yarn"/><br/><sub><b>Yarn</b></sub></td>
+<td align="center"><img src="https://cdn.simpleicons.org/bun" width="48" height="48" alt="Bun"/><br/><sub><b>Bun</b></sub></td>
+</tr>
+</table>
+
+</div>
+
+---
+
 ## The problem with how security scanning works today
 
 Most security tooling is designed around pipelines, not people.

From 545e0a8eefc11faf0fb5a7a97e2276297672b087 Mon Sep 17 00:00:00 2001
From: Sonu Kapoor <sonukapoor@gmail.com>
Date: Mon, 18 May 2026 14:30:00 -0400
Subject: [PATCH 2/2] =?UTF-8?q?docs:=20remove=20Languages=20section=20?=
 =?UTF-8?q?=E2=80=94=20show=20package=20managers=20only?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

CVE Lite CLI scans lockfiles, not JS/TS source code. Showing JavaScript
and TypeScript as supported languages implied SAST-style analysis. Package
managers (npm, pnpm, Yarn, Bun) are the accurate scope signal.
---
 README.md | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/README.md b/README.md
index 6404388..34be67e 100644
--- a/README.md
+++ b/README.md
@@ -49,15 +49,6 @@
 
 <div align="center">
 
-**Languages**
-
-<table border="0" cellspacing="0" cellpadding="12">
-<tr>
-<td align="center"><img src="https://cdn.jsdelivr.net/gh/devicons/devicon@latest/icons/javascript/javascript-original.svg" width="48" height="48" alt="JavaScript"/><br/><sub><b>JavaScript</b></sub></td>
-<td align="center"><img src="https://cdn.jsdelivr.net/gh/devicons/devicon@latest/icons/typescript/typescript-original.svg" width="48" height="48" alt="TypeScript"/><br/><sub><b>TypeScript</b></sub></td>
-</tr>
-</table>
-
 **Package Managers**
 
 <table border="0" cellspacing="0" cellpadding="12">