lintai docs

Appearance

Rule Reference

SEC753lintai-ai-securitystablejsonwarn

package.json: direct archive URL dependency source

package.json installs a dependency from a direct archive URL source

Provider
lintai-ai-security
Surface
json
Scope
per_file
Tier
stable
Severity
warn
Confidence
high
Detection
structural
Remediation
message_only

Activation Model

Preset Membership

This rule is part of the builtin activation graph through these preset memberships.

supply-chainmembership

Lifecycle

Stable Lifecycle Contract

State

stable_gated

Graduation rationale

Checks committed package.json dependency sections for direct archive URL sources that bypass the normal registry release path.

Deterministic signal basis

JsonSignals package manifest analysis over dependency sections for direct `http://` or `https://` archive-like specs ending in `.tgz`, `.tar.gz`, `.tar`, `.zip`, or containing `/tarball/`.

Malicious corpus
package-manifest-direct-url-dependency
Benign corpus
package-manifest-registry-archive-safe
structured evidence required remediation reviewed
Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC743package.json: dangerous lifecycle scriptpackage.json defines a dangerous install-time lifecycle scriptjsonstable
SEC744package.json: git or forge dependency sourcepackage.json installs a dependency from a git or forge shortcut sourcejsonstable
SEC745package.json: unbounded dependency versionpackage.json uses an unbounded dependency version like * or latestjsonstable
SEC301MCP config: shell trampolineMCP configuration shells out through sh -c or bash -cjsonstable
SEC302Config: insecure HTTP endpointConfiguration contains an insecure http:// endpointjsonstable
SEC303MCP config: credential env passthroughMCP configuration passes through credential environment variablesjsonstable

Why It Matters

Direct archive URLs bypass the normal package registry release path and make dependency review, provenance, and reproducibility harder. The package bytes can change independently of normal registry controls and metadata.

What Triggers

SEC753 matches dependency specs in package.json when they point directly to an http:// or https:// archive-like source such as:

  • .tgz
  • .tar.gz
  • .tar
  • .zip
  • tarball-style URLs containing /tarball/

False Positives

The rule is intentionally narrow. It only evaluates dependency sections and only flags direct archive-style URLs, not ordinary semver versions or normal registry package names.

Remediation

Prefer a published registry release with a reviewed explicit version instead of a direct archive URL dependency.