OWASP
diff --git a/‎README.md‎
Lines changed: 13 additions & 2 deletions b/‎README.md‎
Lines changed: 13 additions & 2 deletions
@@ -34,6 +34,7 @@
       <a href="#new-offline-advisory-db-support">Offline advisory DB support</a><br/>
       <a href="#why-offline-mode-matters">Why offline mode matters</a><br/>
       <a href="docs/case-studies/owasp-juice-shop.md">OWASP Juice Shop case study</a><br/>
+      <a href="docs/case-studies/nestjs.md">NestJS case study</a><br/>
       <a href="#what-it-looks-like">What it looks like</a><br/>
       <a href="#why-this-tool-exists">Why this tool exists</a><br/>
       <a href="#project-scope-and-differentiation">Project scope and differentiation</a>
@@ -77,7 +78,7 @@ It is designed to be:
 - usable in enterprise and restricted-network environments
 - capable of zero-runtime-network scans through a local advisory database
 
-For a real-world remediation example, see the [OWASP Juice Shop case study](docs/case-studies/owasp-juice-shop.md).
+For real-world remediation examples, see the [OWASP Juice Shop case study](docs/case-studies/owasp-juice-shop.md) and the [NestJS case study](docs/case-studies/nestjs.md).
 
 ## New: Offline advisory DB support
 
@@ -232,11 +233,21 @@ For deeper investigation, running with `--verbose` provides the fuller remediati
 
 That is the core idea: install it, point it at your project, and immediately get a practical fix plan instead of a wall of raw advisories.
 
+That local loop matters a lot in practice. In the NestJS case study, one dependency path required several `tar` upgrades in sequence as the dependency graph changed after each install. If a team only relied on pipeline scanners, they would likely:
+
+1. upgrade `tar`
+2. push a branch
+3. wait for CI or a scheduled scanner to report back
+4. learn they need to upgrade `tar` again
+5. repeat the full cycle
+
+That kind of branch-and-pipeline remediation can easily burn hours or days for one CVE path, and in slower teams it can stretch into weeks. CVE Lite CLI brings that feedback loop down to a local scan-fix-rescan workflow that can happen in the same session, and its local caching keeps consecutive rescans extremely fast instead of redoing the same advisory lookups from scratch each time.
+
 The final status line also gives the scan a clear ending, which makes terminal use and screenshots easier to read.
 
 See the example below using OWASP Juice Shop for real output samples.
 
-For a real-world case study, see the [OWASP Juice Shop case study](docs/case-studies/owasp-juice-shop.md).
+For real-world case studies, see the [OWASP Juice Shop case study](docs/case-studies/owasp-juice-shop.md) and the [NestJS case study](docs/case-studies/nestjs.md).
 
 If you maintain an open-source JavaScript or TypeScript project and want CVE Lite CLI evaluated on it, open an issue and share the repository. Strong candidates may be turned into future public case studies.