From 3ea407fd6bd5f21b3e503f9ad7d589c9dc23a618 Mon Sep 17 00:00:00 2001 From: Liran Tal Date: Mon, 2 Aug 2021 11:34:07 +0300 Subject: [PATCH] docs: update FAQ section --- README.md | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index d7f406d..68d3a06 100644 --- a/README.md +++ b/README.md @@ -75,16 +75,16 @@ How does snync work from decision tree perspective? # Install -```sh -npm install -g snync -``` - ## Prerequisite To use this tool, it is expected that you have the following available in your environment: 1. Node.js and npm in stable and recent versions 2. The Git binary available in your path +```sh +npm install -g snync +``` + # Usage To scan a project's dependencies and test if you're vulnerable to Dependency Confusion security issues, where the project's git repository is cloned at `/home/user/my-app`: @@ -100,3 +100,8 @@ To get a list of dependencies we parse a project's manifest (`package.json`) fro Then we fetch from the public NPM registry to check when each dependency was created. At this point we can check if dependency is **vulnerable** – if it is not in the public NPM registry. To check if dependency is **suspicious** we compare date it was first introduced to a project's manifest and date it was published. To understand when you added a dependency to a manifest we scan git commits history. + +# FAQ + +Q. Why is it called _snync_? +A. _snync_ is abbreviation for _So Now You're Not Confused_, which is a play on Snyk's _So Now You Know_.