Reported MD:HttpRequest-inf threat downloading from

[darklight3it]

I got a threat name MD:HttpRequest-inf threat form Norton downloading Deno 2.7.13 via homebrew. The flagged file is README.md inside the tarball, downloading it as a dependency of yt-dlp.
This is almost certainly a false positive caused by heuristic detection of HTTP URLs embedded in the markdown content, but I'm reporting it for awareness and because I was not flagged with the previous versoin (2.7.12).

Threat name:  MD:HttpRequest-inf [Susp]
Severity:     2
Threat type:  Malicious software
File name:    README.md
File path:    /private/tmp/homebrew-unpack-20260426-34744-m37bx0/deno/2.7.13/README.md
Process:      /usr/bin/bsdtar
Detected by:  Auto-Protect
Status:       Threat blocked

Impact

Installation is blocked entirely when Auto-Protect is active. Users need to add a manual exception to proceed.

Steps to reproduce

1. Have Norton Antivirus with Auto-Protect enabled (Norton 26.3.1, virus definition 26042602)
2. Run brew install yt-dlp (or any formula that pulls in deno as a dependency)
3. AV blocks extraction with the above report

Notes

• The threat name MD:HttpRequest-inf suggests the heuristic is scanning markdown files for embedded HTTP request patterns — likely triggered by URLs or example code in the README.
• If there is a known false positive reporting channel with Norton/Broadcom, flagging it there may also help.