docs: refine descriptions and mitigations in THREATMODEL.md (#10718)

2026-06-17 19:21:29 +03:00 · 2026-04-14 19:11:53 +02:00
parent cb7b9ade1b
commit 19e9b4162d
1 changed files with 3 additions and 3 deletions
@@ -402,11 +402,11 @@ This is the model that protects **what gets published as `axios` on npm**. A suc

 |                 |                                                                                                                                                                                                                                                                                                            |
 | --------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| **Description** | Attacker with write access force-pushes an existing tag (`v1.15.0`) to point at a malicious commit, or pushes `v1.99.99` to publish out of band.                                                                                                                                                           |
+| **Description** | Attacker with write access force-pushes an existing tag to point at a malicious commit, or pushes `v1.99.99` to publish out of band.                                                                                                                                                           |
 | **Likelihood**  | Low (requires write access - assumed compromised at that point)                                                                                                                                                                                                                                            |
 | **Impact**      | High                                                                                                                                                                                                                                                                                                       |
-| **Mitigations** | • npm rejects re-publishing an existing version - re-tagging `v1.15.0` cannot overwrite the published `1.15.0`. <br>• Provenance attestation records the commit SHA the tag pointed to _at publish time_ - forensically verifiable. <br>• GitHub tag protection rules can prevent tag deletion/force-push. |
-| **Gaps**        | • Verify that tag protection is actually enabled on `v*` (repo setting, not visible from the codebase). <br>• A _new_ malicious version (`v1.15.1`) is still publishable by anyone with tag-push rights - this collapses back into T-S3 (account security).                                                |
+| **Mitigations** | • npm rejects re-publishing an existing version - re-tagging you cannot overwrite the published `1.15.0`. <br>• Provenance attestation records the commit SHA the tag pointed to _at publish time_ - forensically verifiable. <br>• GitHub tag protection rules can prevent tag deletion/force-push. |
+| **Gaps**        | A _new_ malicious version (`v1.x.x`) is still publishable by anyone with tag-push rights - this collapses back into T-S3 (account security).                                                |

 ---