Rule Reference

SEC458lintai-ai-securitysupply-chainhardeningstablemarkdownwarn

AI markdown: pip config http index

AI-native markdown configures Python package resolution with an insecure `http://` package index

Public lane: supply-chain
Category: hardening
Provider: lintai-ai-security
Scope: per-file
Surface: markdown
Tier: stable
Severity: warn
Confidence: high
Detection: structural
Remediation: message only

How to read this lane

Reproducibility, provenance, and dependency hardening review.

How to read this category

Least-privilege, provenance, or operational hygiene signal.

Activation Model

Preset Activation

These presets explain where this rule appears in the product experience.

supply-chainsidecar lane

Lifecycle

Stable Lifecycle Contract

State

stable

Graduation rationale

Checks AI-native markdown for `pip config set` commands that point package index configuration at `http://` sources.

Deterministic signal basis

MarkdownSignals exact `pip config set`, `pip3 config set`, or `python -m pip config set` token analysis with `global.index-url http://` or `global.extra-index-url http://` detection inside parsed markdown regions.

Malicious corpus

skill-pip-config-http-index

Benign corpus

skill-pip-config-https-index-safe

structured evidence required remediation reviewed

Canonical note

Structural stable rule positioned as a supply-chain hardening control: high-precision and actionable, but not a blanket claim of direct repository compromise.

Nearby Signals

Related Rules

SEC417AI markdown: unpinned pip git installAI-native markdown installs Python packages from an unpinned `git+https://` sourcesupply-chainhardeningmarkdown

SEC448AI markdown: pip trusted-hostAI-native markdown installs Python packages with `--trusted-host`supply-chainhardeningmarkdown

SEC449AI markdown: pip http indexAI-native markdown installs Python packages from an insecure `http://` package indexsupply-chainhardeningmarkdown

SEC450AI markdown: npm http registryAI-native markdown installs JavaScript packages from an insecure `http://` registrysupply-chainhardeningmarkdown

SEC451AI markdown: cargo http git installAI-native markdown installs Rust packages from an insecure `http://` git sourcesupply-chainhardeningmarkdown

SEC452AI markdown: cargo http indexAI-native markdown installs Rust packages from an insecure `http://` indexsupply-chainhardeningmarkdown

SEC458 / MD-PIP-CONFIG-HTTP-INDEX

SEC458 flags AI-native markdown when a pip config set, pip3 config set, or python -m pip config set command points global.index-url or global.extra-index-url at http://....

Why It Matters

Changing pip config to an insecure package index makes every later install trust an unencrypted source. In shared AI-native instructions, that turns a persistent supply-chain downgrade into copy-pastable setup guidance.

What Triggers It

AI-native markdown surface
the same parsed markdown region contains:
- pip config set
- pip3 config set
- or python -m pip config set
the same region also contains one of:
- global.index-url http://
- global.extra-index-url http://
- global.index-url=http://
- global.extra-index-url=http://

The finding points to http://.

What Does Not Trigger It

https:// index config
pip install --index-url ... examples, because those are covered by SEC449
unrelated prose that mentions http:// without a matching pip config command

Example

Bad:

bash

pip config set global.index-url http://pypi.example.test/simple

Better:

bash

pip config set global.index-url https://pypi.example.test/simple

Remediation

Replace the insecure http:// package index config with a normal TLS-verified https:// source.

AI markdown: pip config http index

Preset Activation

Stable Lifecycle Contract

Related Rules

SEC458 / MD-PIP-CONFIG-HTTP-INDEX ​

Why It Matters ​

What Triggers It ​

What Does Not Trigger It ​

Example ​