From b9f096ea70e0c21e403782774e37fd41d1f7540a Mon Sep 17 00:00:00 2001
From: Martin Najemi <martin.najemi@gooddata.com>
Date: Fri, 10 Apr 2026 04:23:12 +0200
Subject: [PATCH] chore: Adjust README

Risk: low
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index ffbdfdb..168453e 100644
--- a/README.md
+++ b/README.md
@@ -198,7 +198,7 @@ Taint spreads through the import graph via unlimited BFS hops:
 - **Re-exports**: `export { X } from "./foo"` and `export * from "./foo"` are tracked as import edges
 - **Cross-package**: taint from upstream workspace dependencies is passed into downstream packages
 - **Intra-file**: if symbol A is tainted and symbol B references A in its body, B becomes tainted
-- **External deps**: lockfile version changes taint all imports from the affected package
+- **External deps**: lockfile dependency changes (detected by YAML-diffing old and new `pnpm-lock.yaml`, including transitive deps via BFS) taint all imports from the affected package
 
 ### CSS/SCSS taint (opt-in)