From dd863045a8619984a2b6a3bfdf188904f00c346f Mon Sep 17 00:00:00 2001
From: ff00ff-security <195214694+ff00ff-security@users.noreply.github.com>
Date: Thu, 16 Jan 2025 21:18:11 +0000
Subject: [PATCH] Update NPM_Security_Cheat_Sheet.md spelling error

Updating the wording to correct a spelling error.
---
 cheatsheets/NPM_Security_Cheat_Sheet.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cheatsheets/NPM_Security_Cheat_Sheet.md b/cheatsheets/NPM_Security_Cheat_Sheet.md
index e3e7543a6b..8c86ece41d 100644
--- a/cheatsheets/NPM_Security_Cheat_Sheet.md
+++ b/cheatsheets/NPM_Security_Cheat_Sheet.md
@@ -4,7 +4,7 @@ In the following npm cheatsheet, we’re going to focus on [10 npm security best
 
 ## 1) Avoid publishing secrets to the npm registry
 
-Whether you’re making use of API keys, passwords or other secrets, they can very easily end up leaking into source control or even a published package on the public npm registry. You may have secrets in your working directory in designated files such as a `.env` which should be added to a `.gitignore` to avoid committing it to a SCM, but what happen when you publish an npm package from the project’s directory?
+Whether you’re making use of API keys, passwords or other secrets, they can very easily end up leaking into source control or even a published package on the public npm registry. You may have secrets in your working directory in designated files such as a `.env` which should be added to a `.gitignore` to avoid committing it to a SCM, but what happens when you publish an npm package from the project’s directory?
 
 The npm CLI packs up a project into a tar archive (tarball) in order to push it to the registry. The following criteria determine which files and directories are added to the tarball: