update todo

tom171296 · Nov 21, 2024 · 5b844bb · 5b844bb
1 parent c60392a
commit 5b844bb
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/workshop/04-dependency-confusion.md b/workshop/04-dependency-confusion.md
@@ -6,7 +6,7 @@ Because of the way a nuget restore works (it uses the first source that responds
 For example, you are using the package MyCompany.Common with version `1.0.0` and you reference it in your project file like this <PackageReference Include="MyCompany.Common" Version="1.0.*" />. You have a connection to your own private feed and the public Nuget feed. The hacker uploads a package with the name MyCompany.Common with version 1.0.1 to the public Nuget feed. When you run a restore, NuGet will restore the package of the hacker because of the resolution rules. You can **unintentionally** introduce a new way for your software to be vulnerable for a supply chain attack. It is good to understand how [Nuget semantic versioning works](https://learn.microsoft.com/en-us/nuget/concepts/package-versioning?tabs=semver20sort#references-in-project-files-packagereference) and what the risks are of the way you reference your packages in your project file.
 
 ##### Mitigations
-**NOTE**: before you perform the next exercise make sure that you run the command `nuget locals all -clear`. This will clear you local cached packages, so that you can see the effect of the mitigations that you are going to do. If you don't run this command, NuGet will use the cached packages and you will not see the effect of the mitigations.
+**NOTE**: before you perform the next exercise make sure that you run the command `dotnet nuget locals all --clear`. This will clear you local cached packages, so that you can see the effect of the mitigations that you are going to do. If you don't run this command, NuGet will use the cached packages and you will not see the effect of the mitigations.
 
 By default, having both a public and a private feed is a risk. I would recommend to **only use a private feed**. This way you (your company) has control over the packages that are available to your software projects. You can configure Nuget to only use the private feed. Configuring NuGet to use a certain package source is done via the [`nuget.config` file](https://learn.microsoft.com/en-us/nuget/reference/nuget-config-file).