From 6b61bae779010089a863e251d3933a675d834469 Mon Sep 17 00:00:00 2001
From: Ya Zhuang <499038+zhuangya@users.noreply.github.com>
Date: Thu, 30 Dec 2021 11:22:28 +0800
Subject: [PATCH] correct npx directive

according to the [doc](https://docs.npmjs.com/cli/v8/commands/npx), npx needs package name rather than the binary name. so executing `npx y-websocket-server` would not download and run the server binary in `y-websocket`, it would download from [y-websocket-server](https://npmjs.com/package/y-websocket-server) instead, which could lead to remote arbitrage code execution.
---
 README.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index a28c00c..bff0fa2 100644
--- a/README.md
+++ b/README.md
@@ -24,7 +24,7 @@ This repository implements a basic server that you can adopt to your specific us
 Start a y-websocket server:
 
 ```sh
-HOST=localhost PORT=1234 npx y-websocket-server
+HOST=localhost PORT=1234 npx y-websocket
 ```
 
 ### Client Code:
@@ -101,10 +101,10 @@ wsOpts = {
 Start a y-websocket server:
 
 ```sh
-HOST=localhost PORT=1234 npx y-websocket-server
+HOST=localhost PORT=1234 npx y-websocket
 ```
 
-Since npm symlinks the `y-websocket-server` executable from your local `./node_modules/.bin` folder, you can simply run npx. The `PORT` environment variable already defaults to 1234, and `HOST` defaults to `localhost`.
+Since npm symlinks the `y-websocket` executable from your local `./node_modules/.bin` folder, you can simply run npx. The `PORT` environment variable already defaults to 1234, and `HOST` defaults to `localhost`.
 
 ### Websocket Server with Persistence