Fixed
- CVSS vector strings (e.g. `CVSS:3.1/AV:N/...`) were misclassified as low severity because the version number in the prefix (`3.1`) was extracted by the score parser and treated as a base score. All CVSS_V3-backed advisories now fall through to `database_specific.severity` and report the correct label. Packages like `crypto-js` (critical) and `braces` (high) were previously silently under-reported.
Changed
- condensed README and extracted detailed content into standalone docs: offline advisory DB guide, CI integration guide, architecture overview, comparison guide, roadmap, troubleshooting, and parser coverage matrix
- docs site updated with SEO meta tags, Open Graph, Twitter Card, JSON-LD structured data, Free/Local/Fast hero pillars, badge section, and GitHub icon nav link
- screenshots shown side-by-side with click-to-enlarge
- removed unimplemented SARIF claims from all docs and comparison tables
Validation
- npm test
- npm run build