Skip to content

docs: Add docs for --dependency option and fix typo (closes #155) #156

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
sdn4z merged 1 commit into from
Nov 13, 2024
Merged

docs: Add docs for --dependency option and fix typo (closes #155) #156

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 15 additions & 4 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,9 @@ In short, Twyn protects you against [typosquatting attacks](https://en.wikipedia

It works as follows:

1. It will try to find a dependencies file in your working path. You can freely specify a different path for that file.
2. If your installed package name matches with the name of one of the most well known packages, the package is accepted.
3. If the name of your package is similar to the name one of the most used packages, Twyn will prompt an error.
1. Either choose to scan the dependencies in a dependencies file you specify (`--dependency-file`) or some dependencies introduced through the CLI (`--dependency`). If no option was provided, it will try to find a dependencies file in your working path.
2. If the name of your package name matches with the name of one of the most well known packages, the package is accepted.
3. If the name of your package is similar to the name of one of the most used packages, Twyn will prompt an error.
4. If your package name is not in the list of the most known ones and is not similar enough to any of those to be considered misspelled, the package is accepted. Twyn assumes that you're using either a not so popular package (therefore it can't verify its legitimacy) or a package created by yourself, therefore unknown for the rest.

## Docker
Expand Down Expand Up @@ -60,6 +60,17 @@ Currently it supports these dependency file formats.
- `requirements.txt`
- `poetry.lock`

### Check dependencies introduced through the CLI
You can also check a dependency by entering it through the command line:

twyn run --dependency <dependency>

It does accept multiple dependencies at a time:

twyn run --dependency <dependency> --dependency <another_dependency>

When this option is selected, no dependency file is checked.

### Selector method
You can choose between different operational modes:
- `all`: Default option. It is the most exhaustive mode. It will check your package names against the trusted ones without any assumption.
Expand All @@ -84,4 +95,4 @@ All the configurations available through the command line are also supported in
dependency_file="/my/path/requirements.txt"
selector_method="first_letter"
logging_level="debug"
allowlist=["my_package"]
allowlist=["my_package"]
Loading