Rule Reference

SEC454lintai-ai-securitystablemarkdownwarn

AI markdown: npm http source

AI-native markdown installs JavaScript packages from an insecure direct `http://` source

Provider: lintai-ai-security
Surface: markdown
Scope: per_file
Tier: stable
Severity: warn
Confidence: high
Detection: structural
Remediation: message_only

Activation Model

Preset Membership

This rule is part of the builtin activation graph through these preset memberships.

previewmembership

skillsmembership

Lifecycle

Stable Lifecycle Contract

State

stable_gated

Graduation rationale

Checks AI-native markdown for `npm`, `pnpm`, `yarn`, and `bun` install examples that fetch a direct package source over `http://`.

Deterministic signal basis

MarkdownSignals exact `npm install`, `npm i`, `pnpm add/install`, `yarn add`, or `bun add` token analysis with direct `http://` source detection inside parsed markdown regions, excluding `--registry http://` forms already covered by SEC450.

Malicious corpus

skill-npm-http-source

Benign corpus

skill-npm-https-source-safe

structured evidence required remediation reviewed

Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC352AI markdown: unscoped Bash tool grantAI-native markdown frontmatter grants unscoped Bash tool accessmarkdownstable

SEC417AI markdown: unpinned pip git installAI-native markdown installs Python packages from an unpinned `git+https://` sourcemarkdownstable

SEC428AI markdown: unsafe Read path grantAI-native markdown frontmatter grants `Read(...)` over an unsafe repo-external pathmarkdownstable

SEC429AI markdown: unsafe Write path grantAI-native markdown frontmatter grants `Write(...)` over an unsafe repo-external pathmarkdownstable

SEC430AI markdown: unsafe Edit path grantAI-native markdown frontmatter grants `Edit(...)` over an unsafe repo-external pathmarkdownstable

SEC431AI markdown: unsafe Glob path grantAI-native markdown frontmatter grants `Glob(...)` over an unsafe repo-external pathmarkdownstable

SEC454 / MD-NPM-HTTP-SOURCE

SEC454 flags AI-native markdown when an npm, pnpm, yarn, or bun install example fetches a package directly from http://....

Why It Matters

A direct http:// package source removes transport integrity from the package payload itself. In shared AI-native instructions, that turns an insecure supply-chain fetch into copy-pastable setup guidance.

Trigger Shape

The rule triggers only when all of these are true:

the file is an AI-native markdown instruction surface
a parsed markdown region contains npm install, npm i, pnpm install, pnpm add, yarn add, or bun add
the same region also contains a direct http:// package source argument

Clean Cases

These stay clean:

package install examples that fetch the source over https://
--registry http://... forms, because those are covered by SEC450
unrelated http:// text outside a matching install form

Example Trigger

bash

npm install http://registry.example.test/demo.tgz

Safer Example

bash

npm install https://registry.example.test/demo.tgz

How To Fix

Replace the insecure direct http:// source with a normal TLS-verified https:// source.

AI markdown: npm http source

Preset Membership

Stable Lifecycle Contract

Related Rules

SEC454 / MD-NPM-HTTP-SOURCE ​

Why It Matters ​

Trigger Shape ​

Clean Cases ​

Example Trigger ​

Safer Example ​

How To Fix ​