diff --git a/code_utils/code_checker/docker/javascript/.npmrc b/code_utils/code_checker/docker/javascript/.npmrc
index e12fbb5eb..693cc5861 100644
--- a/code_utils/code_checker/docker/javascript/.npmrc
+++ b/code_utils/code_checker/docker/javascript/.npmrc
@@ -7,6 +7,6 @@
 //pkgs.dev.azure.com/codat/Codat/_packaging/codat-npm/npm/:email=${CODAT_EMAIL}
 ; end auth token
 
-registry=https://pkgs.dev.azure.com/codat/Codat/_packaging/codat-npm/npm/registry/
+registry=https://codat.repo.sonatype.app/repository/npm-public/
 always-auth=true
 save-exact=true
\ No newline at end of file
diff --git a/docs/bank-feeds/bank-feeds-sdk.md b/docs/bank-feeds/bank-feeds-sdk.md
index a20f59a84..c4df41cac 100644
--- a/docs/bank-feeds/bank-feeds-sdk.md
+++ b/docs/bank-feeds/bank-feeds-sdk.md
@@ -103,6 +103,13 @@ Use the component in your solution as needed:
   />
 ```
 
+**Conditional steps**
+
+- **If you're using TypeScript**, extend your type declarations with our types by installing the types package using `npm install --save-dev @codat/sdk-bank-feeds-types`. Otherwise, delete the type-related code in the snippets.
+- **If you're using content security policy (CSP) headers**, edit these headers:
+  - Allowlist Codat by adding `*.codat.io` to `default-src` (or each of `script-src`, `style-src`, `font-src`, `connect-src`, `img-src`).
+  - Add `unsafe-inline` to `style-src`. Do _not_ use a hash because this can change at any time without warning.
+
 ---
 
 ## Read next