lintai docs

Appearance

Rule Reference

SEC450lintai-ai-securitystablemarkdownwarn

AI markdown: npm http registry

AI-native markdown installs JavaScript packages from an insecure `http://` registry

Provider
lintai-ai-security
Surface
markdown
Scope
per_file
Tier
stable
Severity
warn
Confidence
high
Detection
structural
Remediation
message_only

Activation Model

Preset Membership

This rule is part of the builtin activation graph through these preset memberships.

previewmembership
skillsmembership

Lifecycle

Stable Lifecycle Contract

State

stable_gated

Graduation rationale

Checks AI-native markdown for `npm`, `pnpm`, `yarn`, and `bun` install examples that point dependency resolution at `http://` registries.

Deterministic signal basis

MarkdownSignals exact `npm install`, `npm i`, `pnpm add/install`, `yarn add`, or `bun add` token analysis with `--registry http://` detection inside parsed markdown regions.

Malicious corpus
skill-npm-http-registry
Benign corpus
skill-npm-https-registry-safe
structured evidence required remediation reviewed
Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC352AI markdown: unscoped Bash tool grantAI-native markdown frontmatter grants unscoped Bash tool accessmarkdownstable
SEC417AI markdown: unpinned pip git installAI-native markdown installs Python packages from an unpinned `git+https://` sourcemarkdownstable
SEC428AI markdown: unsafe Read path grantAI-native markdown frontmatter grants `Read(...)` over an unsafe repo-external pathmarkdownstable
SEC429AI markdown: unsafe Write path grantAI-native markdown frontmatter grants `Write(...)` over an unsafe repo-external pathmarkdownstable
SEC430AI markdown: unsafe Edit path grantAI-native markdown frontmatter grants `Edit(...)` over an unsafe repo-external pathmarkdownstable
SEC431AI markdown: unsafe Glob path grantAI-native markdown frontmatter grants `Glob(...)` over an unsafe repo-external pathmarkdownstable

SEC450 / MD-NPM-HTTP-REGISTRY

SEC450 flags AI-native markdown when an npm, pnpm, yarn, or bun install example uses --registry http://... or --registry=http://....

Why It Matters

JavaScript package install examples that force --registry http://... disable normal TLS protection for package resolution. In AI-native markdown, users often copy these commands directly.

Trigger Shape

lintai reports this rule when AI-native markdown contains an exact package-install command such as:

  • npm install ... --registry http://...
  • npm i ... --registry http://...
  • pnpm install ... --registry http://...
  • pnpm add ... --registry http://...
  • yarn add ... --registry http://...
  • bun add ... --registry http://...
  • npm install ... --registry=http://...
  • pnpm add ... --registry=http://...
  • yarn add ... --registry=http://...
  • bun add ... --registry=http://...

The finding points to the http:// source.

Clean Cases

  • npm install ... --registry https://...
  • pnpm add ... --registry https://...
  • yarn add ... --registry https://...
  • bun add ... --registry https://...
  • unrelated prose that does not contain an exact install command with --registry http://

Trigger Example

bash
npm install demo --registry http://registry.example.test/

Safer Example

bash
pnpm add demo --registry https://registry.example.test/

Remediation

Use a normal TLS-verified https:// package registry instead of an http:// registry.