@blamejs/exceptd-skills 0.12.28 → 0.12.30
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.md +1 -1
- package/CHANGELOG.md +53 -0
- package/bin/exceptd.js +30 -20
- package/data/_indexes/_meta.json +9 -9
- package/data/_indexes/activity-feed.json +7 -7
- package/data/_indexes/chains.json +9 -9
- package/data/_indexes/currency.json +43 -43
- package/data/_indexes/stale-content.json +1 -1
- package/data/atlas-ttps.json +61 -111
- package/data/cve-catalog.json +136 -65
- package/data/cwe-catalog.json +151 -95
- package/data/d3fend-catalog.json +201 -54
- package/data/dlp-controls.json +2 -1
- package/data/framework-control-gaps.json +1214 -110
- package/data/playbooks/crypto-codebase.json +1 -1
- package/data/rfc-references.json +23 -67
- package/lib/exit-codes.js +2 -0
- package/lib/playbook-runner.js +25 -1
- package/manifest-snapshot.json +2 -2
- package/manifest-snapshot.sha256 +1 -1
- package/manifest.json +49 -48
- package/package.json +3 -2
- package/sbom.cdx.json +1853 -10
- package/scripts/backfill-theater-test.js +806 -0
- package/scripts/check-test-coverage.js +18 -4
- package/scripts/refresh-reverse-refs.js +171 -0
- package/scripts/refresh-sbom.js +155 -8
package/manifest.json
CHANGED
|
@@ -1,13 +1,14 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "exceptd-security",
|
|
3
|
-
"version": "0.12.
|
|
3
|
+
"version": "0.12.30",
|
|
4
4
|
"description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation",
|
|
5
5
|
"homepage": "https://exceptd.com",
|
|
6
6
|
"license": "Apache-2.0",
|
|
7
|
-
"atlas_version": "5.
|
|
8
|
-
"
|
|
9
|
-
"
|
|
10
|
-
"
|
|
7
|
+
"atlas_version": "5.4.0",
|
|
8
|
+
"atlas_version_date": "2026-02-06",
|
|
9
|
+
"attack_version": "19.0",
|
|
10
|
+
"attack_version_date": "2026-04-28",
|
|
11
|
+
"threat_review_date": "2026-05-15",
|
|
11
12
|
"sources_dir": "sources/",
|
|
12
13
|
"agents_dir": "agents/",
|
|
13
14
|
"reports_dir": "reports/",
|
|
@@ -52,7 +53,7 @@
|
|
|
52
53
|
],
|
|
53
54
|
"last_threat_review": "2026-05-01",
|
|
54
55
|
"signature": "N6H4u/u1fCFE6f/3QVkAr2cumZvLNE+xYBC91CCxKoeaSKm5zqbwzb2mvFDk9XKUegUy5W6npLFGi75yxNMIAg==",
|
|
55
|
-
"signed_at": "2026-05-
|
|
56
|
+
"signed_at": "2026-05-16T02:15:30.223Z",
|
|
56
57
|
"cwe_refs": [
|
|
57
58
|
"CWE-125",
|
|
58
59
|
"CWE-362",
|
|
@@ -116,7 +117,7 @@
|
|
|
116
117
|
],
|
|
117
118
|
"last_threat_review": "2026-05-01",
|
|
118
119
|
"signature": "Xen6ojQGzT4AZUN/WtuQon+gT2UrJyX50nrZwEdxLw5aiz8gDaeMkWo/Bic+h4NFEF7MRd7uDTm0dvKgWnlRBA==",
|
|
119
|
-
"signed_at": "2026-05-
|
|
120
|
+
"signed_at": "2026-05-16T02:15:30.225Z",
|
|
120
121
|
"cwe_refs": [
|
|
121
122
|
"CWE-1039",
|
|
122
123
|
"CWE-1426",
|
|
@@ -179,7 +180,7 @@
|
|
|
179
180
|
],
|
|
180
181
|
"last_threat_review": "2026-05-01",
|
|
181
182
|
"signature": "IDhdamTvyWfnz7SvIMrVMz2cwLuiP2/Iw2iYHFNbI1O302XnrGyIVsJcoKZa5QFClBYPiABVt+yI5HEuLxMCBw==",
|
|
182
|
-
"signed_at": "2026-05-
|
|
183
|
+
"signed_at": "2026-05-16T02:15:30.225Z",
|
|
183
184
|
"cwe_refs": [
|
|
184
185
|
"CWE-22",
|
|
185
186
|
"CWE-345",
|
|
@@ -225,7 +226,7 @@
|
|
|
225
226
|
"framework_gaps": [],
|
|
226
227
|
"last_threat_review": "2026-05-01",
|
|
227
228
|
"signature": "cPRRTsNQT1MYR3cE5O3KdC4MB037EMc0fsMIbOyfOv16sR+DkiXmAhQOjlIC47HngHz3vhLI+rbqItN91VWpBg==",
|
|
228
|
-
"signed_at": "2026-05-
|
|
229
|
+
"signed_at": "2026-05-16T02:15:30.225Z"
|
|
229
230
|
},
|
|
230
231
|
{
|
|
231
232
|
"name": "compliance-theater",
|
|
@@ -256,7 +257,7 @@
|
|
|
256
257
|
],
|
|
257
258
|
"last_threat_review": "2026-05-01",
|
|
258
259
|
"signature": "79NrFMRsqGsipWeE5ETQSVICGO4BjTJYgyir+PSaNVFpkLqLcwZd8Dr1V7iwX0H0fXFL3WpPz35gtrYCEG32BQ==",
|
|
259
|
-
"signed_at": "2026-05-
|
|
260
|
+
"signed_at": "2026-05-16T02:15:30.226Z"
|
|
260
261
|
},
|
|
261
262
|
{
|
|
262
263
|
"name": "exploit-scoring",
|
|
@@ -285,7 +286,7 @@
|
|
|
285
286
|
],
|
|
286
287
|
"last_threat_review": "2026-05-01",
|
|
287
288
|
"signature": "O7YIzAOQtSCFD0pyUdF0otYy9xwksrRGCLnSw5aMMGOs0SYeYA1JsMX5XLxNOQJC8tURC21HgQc/yx22jLtvAw==",
|
|
288
|
-
"signed_at": "2026-05-
|
|
289
|
+
"signed_at": "2026-05-16T02:15:30.226Z"
|
|
289
290
|
},
|
|
290
291
|
{
|
|
291
292
|
"name": "rag-pipeline-security",
|
|
@@ -322,7 +323,7 @@
|
|
|
322
323
|
],
|
|
323
324
|
"last_threat_review": "2026-05-01",
|
|
324
325
|
"signature": "ai6ebp9pz7dBigm2rQvQ0SklhDZtHqP3exKtolbEBiN0shQScypJfDBaQN2J3aoOC4dZjjTgIZvGfWLmBxrxBA==",
|
|
325
|
-
"signed_at": "2026-05-
|
|
326
|
+
"signed_at": "2026-05-16T02:15:30.226Z",
|
|
326
327
|
"cwe_refs": [
|
|
327
328
|
"CWE-1395",
|
|
328
329
|
"CWE-1426"
|
|
@@ -379,7 +380,7 @@
|
|
|
379
380
|
],
|
|
380
381
|
"last_threat_review": "2026-05-01",
|
|
381
382
|
"signature": "BkDjyCF53MAATVfzERmIhEhi474eWloxD0qyw9Gvw+VFE8aH3pOi+yeCpc0kq0vHAVmAEszwxBKEcuLkJbmSBg==",
|
|
382
|
-
"signed_at": "2026-05-
|
|
383
|
+
"signed_at": "2026-05-16T02:15:30.227Z",
|
|
383
384
|
"d3fend_refs": [
|
|
384
385
|
"D3-CA",
|
|
385
386
|
"D3-CSPP",
|
|
@@ -414,7 +415,7 @@
|
|
|
414
415
|
"framework_gaps": [],
|
|
415
416
|
"last_threat_review": "2026-05-01",
|
|
416
417
|
"signature": "DxfXhSyoAGUo1emHh0uIIcg324ZreBYxmFdBDVAKOOuPmMlfN4RqNc/JGDSfVmMv5CjgYCUcSmkcYB0A5lk0Cg==",
|
|
417
|
-
"signed_at": "2026-05-
|
|
418
|
+
"signed_at": "2026-05-16T02:15:30.227Z",
|
|
418
419
|
"cwe_refs": [
|
|
419
420
|
"CWE-1188"
|
|
420
421
|
]
|
|
@@ -442,7 +443,7 @@
|
|
|
442
443
|
"framework_gaps": [],
|
|
443
444
|
"last_threat_review": "2026-05-01",
|
|
444
445
|
"signature": "rFQ82v+1oAHWixWcGwokKhjZHfXUf6N7EfSgldhQ5Jrbiy3kv5CIbnOCsI6zPWyErSnpKVeBFTabJXnzLrzDCQ==",
|
|
445
|
-
"signed_at": "2026-05-
|
|
446
|
+
"signed_at": "2026-05-16T02:15:30.228Z"
|
|
446
447
|
},
|
|
447
448
|
{
|
|
448
449
|
"name": "global-grc",
|
|
@@ -474,7 +475,7 @@
|
|
|
474
475
|
"framework_gaps": [],
|
|
475
476
|
"last_threat_review": "2026-05-01",
|
|
476
477
|
"signature": "7yVjZkanFMKDQqXdX4B/7oLc2Rz72xHC1zscYd8F/+e5UAbR7ikK8Bn5EKZt3aBEOhHPAviSQNCMxpZD9U00CA==",
|
|
477
|
-
"signed_at": "2026-05-
|
|
478
|
+
"signed_at": "2026-05-16T02:15:30.228Z"
|
|
478
479
|
},
|
|
479
480
|
{
|
|
480
481
|
"name": "zeroday-gap-learn",
|
|
@@ -501,7 +502,7 @@
|
|
|
501
502
|
"framework_gaps": [],
|
|
502
503
|
"last_threat_review": "2026-05-01",
|
|
503
504
|
"signature": "VlPR7yY39hEwDJYYKPgHAOeax9LU0X7eIrR8L7zMFJWS0SdKTalOXXJtD9GppByftnkYAAdryZ8tHQ/KWLtaBQ==",
|
|
504
|
-
"signed_at": "2026-05-
|
|
505
|
+
"signed_at": "2026-05-16T02:15:30.228Z"
|
|
505
506
|
},
|
|
506
507
|
{
|
|
507
508
|
"name": "pqc-first",
|
|
@@ -553,7 +554,7 @@
|
|
|
553
554
|
],
|
|
554
555
|
"last_threat_review": "2026-05-01",
|
|
555
556
|
"signature": "V+qn5FqUlETfsEjvvi6jZGuQdqLFtFejfgPA6KSYxSlBXBTbOBXP3BGk5S+ba9akIzgbKh1j9VGB1MqsIt56DA==",
|
|
556
|
-
"signed_at": "2026-05-
|
|
557
|
+
"signed_at": "2026-05-16T02:15:30.229Z",
|
|
557
558
|
"cwe_refs": [
|
|
558
559
|
"CWE-327"
|
|
559
560
|
],
|
|
@@ -600,7 +601,7 @@
|
|
|
600
601
|
],
|
|
601
602
|
"last_threat_review": "2026-05-01",
|
|
602
603
|
"signature": "WCNz19186cER1eEhCophTIbnL3ltS3FC98I1rfv463aRnuVxPB3sUlD9xHTbxTM2rUABhqKijhdkWiMh2uKxCQ==",
|
|
603
|
-
"signed_at": "2026-05-
|
|
604
|
+
"signed_at": "2026-05-16T02:15:30.229Z"
|
|
604
605
|
},
|
|
605
606
|
{
|
|
606
607
|
"name": "security-maturity-tiers",
|
|
@@ -637,7 +638,7 @@
|
|
|
637
638
|
],
|
|
638
639
|
"last_threat_review": "2026-05-01",
|
|
639
640
|
"signature": "zjq6ACAHD46xvhvQJKlrCPh5xDCuBuIWBI+QJB8RxcudpC7p7I1pqv+BY8DZdsAgU4tquCU8KC+xlduMIk3/DQ==",
|
|
640
|
-
"signed_at": "2026-05-
|
|
641
|
+
"signed_at": "2026-05-16T02:15:30.229Z",
|
|
641
642
|
"cwe_refs": [
|
|
642
643
|
"CWE-1188"
|
|
643
644
|
]
|
|
@@ -672,7 +673,7 @@
|
|
|
672
673
|
"framework_gaps": [],
|
|
673
674
|
"last_threat_review": "2026-05-11",
|
|
674
675
|
"signature": "/lGgWehCMQUXjI6w4FUa+5wrbyRnct+txvVcXA+D2/ZEkoJKh+J/psO3j5HPf7Hpv+Y5SmkH71CoO+9qilyVDQ==",
|
|
675
|
-
"signed_at": "2026-05-
|
|
676
|
+
"signed_at": "2026-05-16T02:15:30.229Z"
|
|
676
677
|
},
|
|
677
678
|
{
|
|
678
679
|
"name": "attack-surface-pentest",
|
|
@@ -743,7 +744,7 @@
|
|
|
743
744
|
"PTES revision incorporating AI-surface enumeration"
|
|
744
745
|
],
|
|
745
746
|
"signature": "RqQMwOKK7xjG9e/Ls4986NOrDwKz/nQmpw1DwNJwV2nlOztyo7MgxUG3kTuLbuW3qCrrkO+CbpBA5nGS1cmKBQ==",
|
|
746
|
-
"signed_at": "2026-05-
|
|
747
|
+
"signed_at": "2026-05-16T02:15:30.230Z"
|
|
747
748
|
},
|
|
748
749
|
{
|
|
749
750
|
"name": "fuzz-testing-strategy",
|
|
@@ -803,7 +804,7 @@
|
|
|
803
804
|
"OSS-Fuzz-Gen / AI-assisted harness generation becoming the default expectation for OSS maintainers"
|
|
804
805
|
],
|
|
805
806
|
"signature": "+ELdD+1AY5DymBitH7wU65CS60NY1nDoLowJAFn7cE5Gr/5jy9BTkyxsm7PEXaSlXWMOkTf/HQ+uyzyxUVD/Bw==",
|
|
806
|
-
"signed_at": "2026-05-
|
|
807
|
+
"signed_at": "2026-05-16T02:15:30.230Z"
|
|
807
808
|
},
|
|
808
809
|
{
|
|
809
810
|
"name": "dlp-gap-analysis",
|
|
@@ -878,7 +879,7 @@
|
|
|
878
879
|
"Quebec Law 25, India DPDPA, KSA PDPL enforcement actions naming AI-tool prompt data as in-scope personal information"
|
|
879
880
|
],
|
|
880
881
|
"signature": "vL5XeQOk7vwX0sLMuKghj6XLnXsqKcGpCUNMui9HwqnWyNQwgSRGu+JFqP7ZqpP3SUYRZHcVlWhXeTJHyOtiAA==",
|
|
881
|
-
"signed_at": "2026-05-
|
|
882
|
+
"signed_at": "2026-05-16T02:15:30.230Z"
|
|
882
883
|
},
|
|
883
884
|
{
|
|
884
885
|
"name": "supply-chain-integrity",
|
|
@@ -955,7 +956,7 @@
|
|
|
955
956
|
"OpenSSF model-signing — emerging Sigstore-based signing standard for ML model weights; track for production adoption"
|
|
956
957
|
],
|
|
957
958
|
"signature": "jp3MxKukV7zW47eX3VcAIMG5WxypMDcfHqwYDodI9YQgTxEojCrRcMSApaoZHTdD3yTQC1JtkXeKxU6K3C5NCg==",
|
|
958
|
-
"signed_at": "2026-05-
|
|
959
|
+
"signed_at": "2026-05-16T02:15:30.231Z"
|
|
959
960
|
},
|
|
960
961
|
{
|
|
961
962
|
"name": "defensive-countermeasure-mapping",
|
|
@@ -1012,7 +1013,7 @@
|
|
|
1012
1013
|
],
|
|
1013
1014
|
"last_threat_review": "2026-05-11",
|
|
1014
1015
|
"signature": "XZigwq8X/csfrdG10O6Q1V5q0zUqSQGd3QrjRKkZ4fkaodG4mZahYuIQqxc8rU9jjtGAm9LtBXYB+I5csqj9Bw==",
|
|
1015
|
-
"signed_at": "2026-05-
|
|
1016
|
+
"signed_at": "2026-05-16T02:15:30.231Z"
|
|
1016
1017
|
},
|
|
1017
1018
|
{
|
|
1018
1019
|
"name": "identity-assurance",
|
|
@@ -1079,7 +1080,7 @@
|
|
|
1079
1080
|
"d3fend_refs": [],
|
|
1080
1081
|
"last_threat_review": "2026-05-11",
|
|
1081
1082
|
"signature": "k0HrsZMBxiPWB1jl4dRwhv/R5IsqbZ+SLDv1Jx3/sRl51JyXjtm8vyogTNhSwsl5/IkaRakqIPJFRFRl5h/9CQ==",
|
|
1082
|
-
"signed_at": "2026-05-
|
|
1083
|
+
"signed_at": "2026-05-16T02:15:30.231Z"
|
|
1083
1084
|
},
|
|
1084
1085
|
{
|
|
1085
1086
|
"name": "ot-ics-security",
|
|
@@ -1135,7 +1136,7 @@
|
|
|
1135
1136
|
"d3fend_refs": [],
|
|
1136
1137
|
"last_threat_review": "2026-05-11",
|
|
1137
1138
|
"signature": "oHxjumOhk8y86WcwhAX8sSWIlPzt60KfTMn4DCJLeRrrQd5+i54fVADKAdZ3vOqfDN+DexO0uX4f5dLPtacRCQ==",
|
|
1138
|
-
"signed_at": "2026-05-
|
|
1139
|
+
"signed_at": "2026-05-16T02:15:30.232Z"
|
|
1139
1140
|
},
|
|
1140
1141
|
{
|
|
1141
1142
|
"name": "coordinated-vuln-disclosure",
|
|
@@ -1187,7 +1188,7 @@
|
|
|
1187
1188
|
"NYDFS 23 NYCRR 500 amendments potentially adding explicit CVD program requirements"
|
|
1188
1189
|
],
|
|
1189
1190
|
"signature": "UCiNjncvhkZItmLQA/Sm1/NCsOiLMwdCjfUw+067v4NIxhaMMaqRrAeD3KgMyEtov7m2Hq2kfwYSt5+DQsYDCQ==",
|
|
1190
|
-
"signed_at": "2026-05-
|
|
1191
|
+
"signed_at": "2026-05-16T02:15:30.232Z"
|
|
1191
1192
|
},
|
|
1192
1193
|
{
|
|
1193
1194
|
"name": "threat-modeling-methodology",
|
|
@@ -1237,7 +1238,7 @@
|
|
|
1237
1238
|
"PASTA v2 updates incorporating AI/ML application threats"
|
|
1238
1239
|
],
|
|
1239
1240
|
"signature": "V9kl8Cf8UMjNFyn3D/fSyhWHLeXWlx3WV/jT9jdF9SrjfDqymimuTt2o91cZ2FOEJndAH9V0JGXB13Ohz8K4CQ==",
|
|
1240
|
-
"signed_at": "2026-05-
|
|
1241
|
+
"signed_at": "2026-05-16T02:15:30.232Z"
|
|
1241
1242
|
},
|
|
1242
1243
|
{
|
|
1243
1244
|
"name": "webapp-security",
|
|
@@ -1311,7 +1312,7 @@
|
|
|
1311
1312
|
"d3fend_refs": [],
|
|
1312
1313
|
"last_threat_review": "2026-05-11",
|
|
1313
1314
|
"signature": "ENSL4MJSNXhriKsTVBjg2jTc7JTtb6mxqbfBw/SVVajPMkLMcLBk4Gem9LhZWZ8DSqyWLnFO2d6hlz5q8bjuCg==",
|
|
1314
|
-
"signed_at": "2026-05-
|
|
1315
|
+
"signed_at": "2026-05-16T02:15:30.232Z"
|
|
1315
1316
|
},
|
|
1316
1317
|
{
|
|
1317
1318
|
"name": "ai-risk-management",
|
|
@@ -1361,7 +1362,7 @@
|
|
|
1361
1362
|
"d3fend_refs": [],
|
|
1362
1363
|
"last_threat_review": "2026-05-11",
|
|
1363
1364
|
"signature": "8E82UwKFNraXV/MKAbiUV6gUryYuN+Ff/kiv1aW4/XtriShdTyt/UgRuQJ8LXGXl0jMH8hRJ/xTAV8LOJqexDA==",
|
|
1364
|
-
"signed_at": "2026-05-
|
|
1365
|
+
"signed_at": "2026-05-16T02:15:30.233Z"
|
|
1365
1366
|
},
|
|
1366
1367
|
{
|
|
1367
1368
|
"name": "sector-healthcare",
|
|
@@ -1421,7 +1422,7 @@
|
|
|
1421
1422
|
"d3fend_refs": [],
|
|
1422
1423
|
"last_threat_review": "2026-05-11",
|
|
1423
1424
|
"signature": "BDuLcpTeFp2BNSf1q4rYOhYKNhlgd3o5RZ0Uw9xW5olyYxPbZSgqekQ+6Ggaec09s7y6sqR37GS0vuAMdbrdDQ==",
|
|
1424
|
-
"signed_at": "2026-05-
|
|
1425
|
+
"signed_at": "2026-05-16T02:15:30.233Z"
|
|
1425
1426
|
},
|
|
1426
1427
|
{
|
|
1427
1428
|
"name": "sector-financial",
|
|
@@ -1502,7 +1503,7 @@
|
|
|
1502
1503
|
"TIBER-EU framework v2.0 alignment with DORA TLPT RTS (JC 2024/40); cross-recognition with CBEST and iCAST"
|
|
1503
1504
|
],
|
|
1504
1505
|
"signature": "w12QqGBlRDaDVYug9uQVmEbxR7+gX23rOKZSjlt3XcszYDHBCRiP4cBRKMuEguu44DCaQsg+Btu4vAVMlss9Dg==",
|
|
1505
|
-
"signed_at": "2026-05-
|
|
1506
|
+
"signed_at": "2026-05-16T02:15:30.233Z"
|
|
1506
1507
|
},
|
|
1507
1508
|
{
|
|
1508
1509
|
"name": "sector-federal-government",
|
|
@@ -1571,7 +1572,7 @@
|
|
|
1571
1572
|
"Australia PSPF 2024 revision and ISM quarterly updates — track for Essential Eight Maturity Level requirements for federal entities"
|
|
1572
1573
|
],
|
|
1573
1574
|
"signature": "nMsyJ+rp5fM8/VjC7zsZyDjOC4hpxB+noT1VX7W0HBlq5t3SY56cwOGApwES/kBcCuf4qexKY376OxUr93zvCQ==",
|
|
1574
|
-
"signed_at": "2026-05-
|
|
1575
|
+
"signed_at": "2026-05-16T02:15:30.234Z"
|
|
1575
1576
|
},
|
|
1576
1577
|
{
|
|
1577
1578
|
"name": "sector-energy",
|
|
@@ -1636,7 +1637,7 @@
|
|
|
1636
1637
|
"ICS-CERT advisory feed (https://www.cisa.gov/news-events/cybersecurity-advisories/ics-advisories) for vendor CVEs in Siemens, Rockwell, Schneider Electric, ABB, GE Vernova, Hitachi Energy, AVEVA / OSIsoft PI"
|
|
1637
1638
|
],
|
|
1638
1639
|
"signature": "L1moEqEGkBkqY/3ohJcfqrlJn40UurDCyb2MOP/IwTAeZD+QbVZ17/drdsydkJ6qSXPiyiE6u8HDfZsDS13NBQ==",
|
|
1639
|
-
"signed_at": "2026-05-
|
|
1640
|
+
"signed_at": "2026-05-16T02:15:30.234Z"
|
|
1640
1641
|
},
|
|
1641
1642
|
{
|
|
1642
1643
|
"name": "sector-telecom",
|
|
@@ -1722,7 +1723,7 @@
|
|
|
1722
1723
|
"O-RAN SFG / WG11 security specifications"
|
|
1723
1724
|
],
|
|
1724
1725
|
"signature": "VKLuoRkFq7lNXqySipwzPSaiHaqemHQ2cReemF/Xy9hUpD9orQaTVZWClOA4lzoF6d2eQ/CeS///Jjnj4g9dCg==",
|
|
1725
|
-
"signed_at": "2026-05-
|
|
1726
|
+
"signed_at": "2026-05-16T02:15:30.235Z"
|
|
1726
1727
|
},
|
|
1727
1728
|
{
|
|
1728
1729
|
"name": "api-security",
|
|
@@ -1791,7 +1792,7 @@
|
|
|
1791
1792
|
"d3fend_refs": [],
|
|
1792
1793
|
"last_threat_review": "2026-05-11",
|
|
1793
1794
|
"signature": "JHGu5OI35payaFR1At3XZIX4HnflgF3lI9vk/XsHpu0loWHtbTiA/SrNzTuWO+be8aIfd36uNz7WnJNwBTCHDA==",
|
|
1794
|
-
"signed_at": "2026-05-
|
|
1795
|
+
"signed_at": "2026-05-16T02:15:30.235Z"
|
|
1795
1796
|
},
|
|
1796
1797
|
{
|
|
1797
1798
|
"name": "cloud-security",
|
|
@@ -1872,7 +1873,7 @@
|
|
|
1872
1873
|
"CISA KEV additions for cloud-control-plane CVEs (IMDSv1 abuses, federation token mishandling, cross-tenant boundary failures); CISA Cybersecurity Advisories for cross-cloud advisories"
|
|
1873
1874
|
],
|
|
1874
1875
|
"signature": "UEn0305KAEqIfYOdzadLBdPG/PJ+3sJ/8ubvPFNcXfqXp2uOWTfqGUqY65PApA992VEEa1RBQt5R7Nyhd/OjDQ==",
|
|
1875
|
-
"signed_at": "2026-05-
|
|
1876
|
+
"signed_at": "2026-05-16T02:15:30.235Z"
|
|
1876
1877
|
},
|
|
1877
1878
|
{
|
|
1878
1879
|
"name": "container-runtime-security",
|
|
@@ -1934,7 +1935,7 @@
|
|
|
1934
1935
|
"d3fend_refs": [],
|
|
1935
1936
|
"last_threat_review": "2026-05-11",
|
|
1936
1937
|
"signature": "lPd9tHAskNapjrWwFWhsb8ntAL0xovDCIGElsOCyjcafzby4ArwRw5Lq28sfNloJZAhMN+AWj+lDdFytiUQHCQ==",
|
|
1937
|
-
"signed_at": "2026-05-
|
|
1938
|
+
"signed_at": "2026-05-16T02:15:30.236Z"
|
|
1938
1939
|
},
|
|
1939
1940
|
{
|
|
1940
1941
|
"name": "mlops-security",
|
|
@@ -2005,7 +2006,7 @@
|
|
|
2005
2006
|
"MITRE ATLAS v5.2 — track AML.T0010 sub-technique expansion and any new MLOps-pipeline-specific TTPs"
|
|
2006
2007
|
],
|
|
2007
2008
|
"signature": "U+HyElcP007FIblXUE/nFpj/rZ5z3VohsvxRCWEuuJDLdOnsXYEadb7ccr3X7S4aRG2MC4T2KtVtgbKIuO5QDw==",
|
|
2008
|
-
"signed_at": "2026-05-
|
|
2009
|
+
"signed_at": "2026-05-16T02:15:30.236Z"
|
|
2009
2010
|
},
|
|
2010
2011
|
{
|
|
2011
2012
|
"name": "incident-response-playbook",
|
|
@@ -2067,7 +2068,7 @@
|
|
|
2067
2068
|
"NYDFS 23 NYCRR 500.17 amendments tightening ransom-payment 24h disclosure operationalization"
|
|
2068
2069
|
],
|
|
2069
2070
|
"signature": "XB3TVjNRBlqqbIhatFoYtTJHTS51nVt9k7DVrb2roUflLDjbCnaTbrpztA2oqJyyxwgnLlX+K7NW8oYOYEMeCg==",
|
|
2070
|
-
"signed_at": "2026-05-
|
|
2071
|
+
"signed_at": "2026-05-16T02:15:30.236Z"
|
|
2071
2072
|
},
|
|
2072
2073
|
{
|
|
2073
2074
|
"name": "ransomware-response",
|
|
@@ -2147,7 +2148,7 @@
|
|
|
2147
2148
|
],
|
|
2148
2149
|
"last_threat_review": "2026-05-15",
|
|
2149
2150
|
"signature": "ChZ8EWZFfrQYLNH6gJBdcRrayROvcQfiPOpb4H+0rio99OZS0AmQgWQjlWfrF1K5KPEYsLjDqtp2i5P7xLfyBw==",
|
|
2150
|
-
"signed_at": "2026-05-
|
|
2151
|
+
"signed_at": "2026-05-16T02:15:30.237Z"
|
|
2151
2152
|
},
|
|
2152
2153
|
{
|
|
2153
2154
|
"name": "email-security-anti-phishing",
|
|
@@ -2200,7 +2201,7 @@
|
|
|
2200
2201
|
"d3fend_refs": [],
|
|
2201
2202
|
"last_threat_review": "2026-05-11",
|
|
2202
2203
|
"signature": "RiCryJEd66T2NNcSo/mZTd3sGWDycE3C37guLJanLdVL5co35DrPFmIl8qy3ZM/y+Wzg5vpny8VKgr1//1/bCA==",
|
|
2203
|
-
"signed_at": "2026-05-
|
|
2204
|
+
"signed_at": "2026-05-16T02:15:30.237Z"
|
|
2204
2205
|
},
|
|
2205
2206
|
{
|
|
2206
2207
|
"name": "age-gates-child-safety",
|
|
@@ -2268,7 +2269,7 @@
|
|
|
2268
2269
|
"US state adult-site age-verification laws — 19+ states by mid-2026 (TX HB 18 upheld by SCOTUS June 2025 in Free Speech Coalition v. Paxton); track ongoing challenges in remaining states"
|
|
2269
2270
|
],
|
|
2270
2271
|
"signature": "MMWvg3lIf5ygm31zyf1E43t3W9MfRbMBBPrqlj1wOa8AxVJL8LICnAXfmyJ/TNJXwpF+rfZeDdoxXkql8wmtBA==",
|
|
2271
|
-
"signed_at": "2026-05-
|
|
2272
|
+
"signed_at": "2026-05-16T02:15:30.237Z"
|
|
2272
2273
|
},
|
|
2273
2274
|
{
|
|
2274
2275
|
"name": "cloud-iam-incident",
|
|
@@ -2348,7 +2349,7 @@
|
|
|
2348
2349
|
],
|
|
2349
2350
|
"last_threat_review": "2026-05-15",
|
|
2350
2351
|
"signature": "03brHySNWPVnrfZwGBZH5rKLh20DQxVNln0w30fhdcMXtaHQYRuCfhhvqbHVHHoLEogMfsixQX1YtbiqOojsAQ==",
|
|
2351
|
-
"signed_at": "2026-05-
|
|
2352
|
+
"signed_at": "2026-05-16T02:15:30.238Z"
|
|
2352
2353
|
},
|
|
2353
2354
|
{
|
|
2354
2355
|
"name": "idp-incident-response",
|
|
@@ -2429,11 +2430,11 @@
|
|
|
2429
2430
|
],
|
|
2430
2431
|
"last_threat_review": "2026-05-15",
|
|
2431
2432
|
"signature": "EMdSANZrYCCWZ3+PL8CGKiXM7gQVsPBfj7BNMzNlEkjMIc+OccHUSjNEIWLgVZH6H5So1Le4JQSePqLq/nPABA==",
|
|
2432
|
-
"signed_at": "2026-05-
|
|
2433
|
+
"signed_at": "2026-05-16T02:15:30.238Z"
|
|
2433
2434
|
}
|
|
2434
2435
|
],
|
|
2435
2436
|
"manifest_signature": {
|
|
2436
2437
|
"algorithm": "Ed25519",
|
|
2437
|
-
"signature_base64": "
|
|
2438
|
+
"signature_base64": "cwGLjPDDm7XSC20Ub5GQid3BvrJX/vprQNHNa1c7h0YQT9PIlza1vzOX2ysYEMHIn1W0XpOURUnUYuHE1HFfCQ=="
|
|
2438
2439
|
}
|
|
2439
2440
|
}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@blamejs/exceptd-skills",
|
|
3
|
-
"version": "0.12.
|
|
4
|
-
"description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation.
|
|
3
|
+
"version": "0.12.30",
|
|
4
|
+
"description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 42 skills, 10 catalogs, 34 jurisdictions, pre-computed indexes, Ed25519-signed.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"ai-security",
|
|
7
7
|
"ai-skills",
|
|
@@ -91,6 +91,7 @@
|
|
|
91
91
|
"validate-catalog-meta": "node lib/validate-catalog-meta.js",
|
|
92
92
|
"validate-package": "node lib/validate-package.js",
|
|
93
93
|
"refresh-sbom": "node scripts/refresh-sbom.js",
|
|
94
|
+
"refresh-reverse-refs": "node scripts/refresh-reverse-refs.js",
|
|
94
95
|
"predeploy": "node scripts/predeploy.js",
|
|
95
96
|
"diff-coverage": "node scripts/check-test-coverage.js",
|
|
96
97
|
"prepublishOnly": "node -e \"if(process.env.EXCEPTD_SKIP_PREPUBLISH_PREDEPLOY!=='1'){const r=require('child_process').spawnSync(process.execPath,['scripts/predeploy.js'],{stdio:'inherit'});if(r.status){process.exit(r.status)}}\" && node lib/validate-package.js",
|