mediumexperimentalLinuxAI/MLT1195.001

LLM Host Installing Node Packages From Unapproved Registry

Detects npm, yarn, or Node processes connecting to package registries other than the approved npm registry or OCI mirrors. Unapproved registries may serve malicious packages targeting LLM toolchain components.

Updated Jan 15, 2025 · Detection Engineering Team

llmsupply-chainlinuxpackage-installowasp-llm03

Problem Statement

Node-based LLM tooling and MCP servers rely on npm packages. Connections to unapproved registries indicate potential supply chain compromise of the LLM tool ecosystem.

Sample Logs

{"timestamp":"2025-01-15T09:45:00Z","computer_name":"llm-host-02","user":"llm_svc","image":"/usr/bin/npm","destination_hostname":"custom-registry.attacker.io","destination_ip":"198.51.100.10","destination_port":443}

Required Fields

image

destination_hostname

destination_ip

user

computer_name

False Positives

·Internal npm registry mirrors with non-standard hostnames

Tuning Guidance

Add approved internal registry hostnames to the allowlist. Enforce registry configuration via .npmrc on LLM hosts.