From 19e9b4162d4a2845c6e99e425b81a6071171a6df Mon Sep 17 00:00:00 2001
From: Jay <jasonsaayman@gmail.com>
Date: Tue, 14 Apr 2026 19:11:53 +0200
Subject: [PATCH] docs: refine descriptions and mitigations in THREATMODEL.md
 (#10718)

---
 THREATMODEL.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/THREATMODEL.md b/THREATMODEL.md
index b1eb5ca8..9de6c5b9 100644
--- a/THREATMODEL.md
+++ b/THREATMODEL.md
@@ -402,11 +402,11 @@ This is the model that protects **what gets published as `axios` on npm**. A suc
 
 |                 |                                                                                                                                                                                                                                                                                                            |
 | --------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| **Description** | Attacker with write access force-pushes an existing tag (`v1.15.0`) to point at a malicious commit, or pushes `v1.99.99` to publish out of band.                                                                                                                                                           |
+| **Description** | Attacker with write access force-pushes an existing tag to point at a malicious commit, or pushes `v1.99.99` to publish out of band.                                                                                                                                                           |
 | **Likelihood**  | Low (requires write access - assumed compromised at that point)                                                                                                                                                                                                                                            |
 | **Impact**      | High                                                                                                                                                                                                                                                                                                       |
-| **Mitigations** | • npm rejects re-publishing an existing version - re-tagging `v1.15.0` cannot overwrite the published `1.15.0`. <br>• Provenance attestation records the commit SHA the tag pointed to _at publish time_ - forensically verifiable. <br>• GitHub tag protection rules can prevent tag deletion/force-push. |
-| **Gaps**        | • Verify that tag protection is actually enabled on `v*` (repo setting, not visible from the codebase). <br>• A _new_ malicious version (`v1.15.1`) is still publishable by anyone with tag-push rights - this collapses back into T-S3 (account security).                                                |
+| **Mitigations** | • npm rejects re-publishing an existing version - re-tagging you cannot overwrite the published `1.15.0`. <br>• Provenance attestation records the commit SHA the tag pointed to _at publish time_ - forensically verifiable. <br>• GitHub tag protection rules can prevent tag deletion/force-push. |
+| **Gaps**        | A _new_ malicious version (`v1.x.x`) is still publishable by anyone with tag-push rights - this collapses back into T-S3 (account security).                                                |
 
 ---