docs(threatmodel): clarify TLS and tag-replay threat wording (#10722)

* Initial plan * docs(threatmodel): clarify certificate and tag-publish wording Agent-Logs-Url: https://github.com/axios/axios/sessions/128b91a1-0b90-4863-9a7e-323d65db5462 --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Jay <jasonsaayman@gmail.com>
2026-06-17 19:21:29 +03:00 · 2026-04-15 20:01:00 +02:00
parent 0e1634aa9a
commit 42b215406e
1 changed files with 2 additions and 2 deletions
@@ -149,7 +149,7 @@ The runtime model is general by design - axios is a transport library and cannot

 |                   |                                                                                                                                |
 | ----------------- | ------------------------------------------------------------------------------------------------------------------------------ |
-| **Description**   | Caller passes `httpsAgent: new https.Agent({ rejectUnauthorized: false })` to "fix" a cert error in dev, ships it to prod.     |
+| **Description**   | Caller passes `httpsAgent: new https.Agent({ rejectUnauthorized: false })` to "fix" a certificate error in dev, ships it to prod. |
 | **Likelihood**    | Medium (very common copy-paste anti-pattern)                                                                                   |
 | **Impact**        | High (silent MITM)                                                                                                             |
 | **In scope?**     | **No.** axios delegates TLS entirely to Node's `https` module / the browser. We do not inspect or warn on agent configuration. |
@@ -402,7 +402,7 @@ This is the model that protects **what gets published as `axios` on npm**. A suc

 |                 |                                                                                                                                                                                                                                                                                                            |
 | --------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| **Description** | Attacker with write access force-pushes an existing tag to point at a malicious commit, or pushes `v1.99.99` to publish out of band.                                                                                                                                                           |
+| **Description** | Attacker with write access force-pushes an existing tag to point at a malicious commit, or pushes `v1.99.99` so that a release is published out of band.                                                                                                                                      |
 | **Likelihood**  | Low (requires write access - assumed compromised at that point)                                                                                                                                                                                                                                            |
 | **Impact**      | High                                                                                                                                                                                                                                                                                                       |
 | **Mitigations** | • npm rejects re-publishing an existing version - re-tagging you cannot overwrite the published `1.15.0`. <br>• Provenance attestation records the commit SHA the tag pointed to _at publish time_ - forensically verifiable. <br>• GitHub tag protection rules can prevent tag deletion/force-push. |