Adjust the examples for running a vulnerability scan.

ashokfaire · andrew · commit 3bfa27ed932d · 2026-02-25T15:08:02.000Z
To run the scan, I believe you need to pass the subcommand. It looks like these documentation examples arrived very early in the repo and haven't changed, so I assume the behaviour I'm getting in 0.14.0 should match the documentation.
diff --git a/content/_index.md b/content/_index.md
@@ -35,7 +35,7 @@ git pkgs why rails      # why was this added?
 git pkgs diff                 # HEAD vs working tree
 git pkgs diff --from=HEAD~10  # what changed recently?
 git pkgs diff main..feature   # compare branches
-git pkgs vulns          # scan for known CVEs
+git pkgs vulns scan     # scan for known CVEs
 git pkgs vulns blame    # who introduced each vulnerability
 git pkgs outdated       # find packages with newer versions
 git pkgs update         # update all dependencies
@@ -51,7 +51,7 @@ The database lives in `.git/pkgs.sqlite3` and stays current through git hooks. C
 Static scanners tell you what's vulnerable. git-pkgs tells you who introduced it, when, and how long it took to fix.
 
 ```bash
-git pkgs vulns                      # scan current dependencies
+git pkgs vulns scan                 # scan current dependencies
 git pkgs vulns blame                # who introduced each vulnerability
 git pkgs vulns praise --summary     # who fixes vulnerabilities fastest
 git pkgs vulns history lodash       # timeline for a specific package
diff --git a/content/docs/vulnerabilities.md b/content/docs/vulnerabilities.md
@@ -8,11 +8,11 @@ git-pkgs scans dependencies for known vulnerabilities using the [OSV](https://os
 ## Basic usage
 
 ```bash
-git pkgs vulns                  # scan at HEAD
-git pkgs vulns v1.0.0           # scan at a tag
-git pkgs vulns -s high          # only critical and high severity
-git pkgs vulns -e npm           # filter by ecosystem
-git pkgs vulns -f sarif         # output for GitHub code scanning
+git pkgs vulns scan             # scan at HEAD
+git pkgs vulns scan -c v1.0.0   # scan at a commit or tag
+git pkgs vulns scan -s high     # only critical and high severity
+git pkgs vulns scan -e npm      # filter by ecosystem
+git pkgs vulns scan -f sarif    # output for GitHub code scanning
 ```
 
 ## Blame
