From 3bfa27ed932dc0c554449a3fc79db785c54659b6 Mon Sep 17 00:00:00 2001
From: Ashok Argent-Katwala <ashok.argent-katwala@faire.com>
Date: Wed, 25 Feb 2026 09:49:56 -0500
Subject: [PATCH] Adjust the examples for running a vulnerability scan.

To run the scan, I believe you need to pass the subcommand. It looks like these documentation examples arrived very early in the repo and haven't changed, so I assume the behaviour I'm getting in 0.14.0 should match the documentation.
---
 content/_index.md               |  4 ++--
 content/docs/vulnerabilities.md | 10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/content/_index.md b/content/_index.md
index 675d127..579b411 100644
--- a/content/_index.md
+++ b/content/_index.md
@@ -35,7 +35,7 @@ git pkgs why rails      # why was this added?
 git pkgs diff                 # HEAD vs working tree
 git pkgs diff --from=HEAD~10  # what changed recently?
 git pkgs diff main..feature   # compare branches
-git pkgs vulns          # scan for known CVEs
+git pkgs vulns scan     # scan for known CVEs
 git pkgs vulns blame    # who introduced each vulnerability
 git pkgs outdated       # find packages with newer versions
 git pkgs update         # update all dependencies
@@ -51,7 +51,7 @@ The database lives in `.git/pkgs.sqlite3` and stays current through git hooks. C
 Static scanners tell you what's vulnerable. git-pkgs tells you who introduced it, when, and how long it took to fix.
 
 ```bash
-git pkgs vulns                      # scan current dependencies
+git pkgs vulns scan                 # scan current dependencies
 git pkgs vulns blame                # who introduced each vulnerability
 git pkgs vulns praise --summary     # who fixes vulnerabilities fastest
 git pkgs vulns history lodash       # timeline for a specific package
diff --git a/content/docs/vulnerabilities.md b/content/docs/vulnerabilities.md
index b715a47..f59abab 100644
--- a/content/docs/vulnerabilities.md
+++ b/content/docs/vulnerabilities.md
@@ -8,11 +8,11 @@ git-pkgs scans dependencies for known vulnerabilities using the [OSV](https://os
 ## Basic usage
 
 ```bash
-git pkgs vulns                  # scan at HEAD
-git pkgs vulns v1.0.0           # scan at a tag
-git pkgs vulns -s high          # only critical and high severity
-git pkgs vulns -e npm           # filter by ecosystem
-git pkgs vulns -f sarif         # output for GitHub code scanning
+git pkgs vulns scan             # scan at HEAD
+git pkgs vulns scan -c v1.0.0   # scan at a commit or tag
+git pkgs vulns scan -s high     # only critical and high severity
+git pkgs vulns scan -e npm      # filter by ecosystem
+git pkgs vulns scan -f sarif    # output for GitHub code scanning
 ```
 
 ## Blame