@blamejs/exceptd-skills 0.13.0 → 0.13.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (40) hide show
  1. package/CHANGELOG.md +67 -0
  2. package/bin/exceptd.js +35 -6
  3. package/data/_indexes/_meta.json +26 -26
  4. package/data/_indexes/activity-feed.json +3 -3
  5. package/data/_indexes/catalog-summaries.json +3 -3
  6. package/data/_indexes/chains.json +2868 -700
  7. package/data/_indexes/frequency.json +8 -0
  8. package/data/_indexes/section-offsets.json +517 -517
  9. package/data/_indexes/token-budget.json +66 -66
  10. package/data/atlas-ttps.json +3 -0
  11. package/data/attack-techniques.json +35 -7
  12. package/data/cve-catalog.json +177 -31
  13. package/data/cwe-catalog.json +26 -6
  14. package/data/framework-control-gaps.json +310 -8
  15. package/data/zeroday-lessons.json +996 -0
  16. package/lib/lint-skills.js +50 -1
  17. package/lib/refresh-external.js +7 -0
  18. package/lib/source-advisories.js +281 -0
  19. package/manifest.json +60 -60
  20. package/orchestrator/index.js +183 -1
  21. package/package.json +1 -1
  22. package/sbom.cdx.json +59 -37
  23. package/scripts/check-test-count.js +146 -0
  24. package/scripts/predeploy.js +16 -0
  25. package/skills/age-gates-child-safety/skill.md +1 -0
  26. package/skills/ai-risk-management/skill.md +1 -0
  27. package/skills/defensive-countermeasure-mapping/skill.md +1 -0
  28. package/skills/email-security-anti-phishing/skill.md +1 -0
  29. package/skills/fuzz-testing-strategy/skill.md +1 -0
  30. package/skills/mlops-security/skill.md +1 -0
  31. package/skills/ot-ics-security/skill.md +1 -0
  32. package/skills/researcher/skill.md +1 -0
  33. package/skills/sector-energy/skill.md +1 -0
  34. package/skills/sector-federal-government/skill.md +1 -0
  35. package/skills/sector-telecom/skill.md +1 -0
  36. package/skills/skill-update-loop/skill.md +1 -0
  37. package/skills/threat-model-currency/skill.md +1 -0
  38. package/skills/threat-modeling-methodology/skill.md +1 -0
  39. package/skills/webapp-security/skill.md +1 -0
  40. package/skills/zeroday-gap-learn/skill.md +1 -0
package/data/_indexes/token-budget.json CHANGED
@@ -3,8 +3,8 @@
3
3
  "schema_version": "1.0.0",
4
4
  "tokenizer_note": "Character-density approximation: 1 token ≈ 4 chars. This is the canonical rule-of-thumb for OpenAI tokenizers on English+technical text. Claude's tokenizer is typically more efficient on prose; treat this as an upper-bound budget for both. Consumers with stricter precision needs should re-tokenize with their own tokenizer.",
5
5
  "approx_chars_per_token": 4,
6
- "total_chars": 1610543,
7
- "total_approx_tokens": 402643,
6
+ "total_chars": 1613380,
7
+ "total_approx_tokens": 403351,
8
8
  "skill_count": 42
9
9
  },
10
10
  "skills": {
@@ -555,10 +555,10 @@
555
555
  },
556
556
  "threat-model-currency": {
557
557
  "path": "skills/threat-model-currency/skill.md",
558
- "bytes": 27330,
559
- "chars": 27218,
560
- "lines": 411,
561
- "approx_tokens": 6805,
558
+ "bytes": 27509,
559
+ "chars": 27397,
560
+ "lines": 412,
561
+ "approx_tokens": 6849,
562
562
  "approx_chars_per_token": 4,
563
563
  "sections": {
564
564
  "frontmatter-scope": {
@@ -680,10 +680,10 @@
680
680
  },
681
681
  "zeroday-gap-learn": {
682
682
  "path": "skills/zeroday-gap-learn/skill.md",
683
- "bytes": 37609,
684
- "chars": 37453,
685
- "lines": 444,
686
- "approx_tokens": 9363,
683
+ "bytes": 37784,
684
+ "chars": 37628,
685
+ "lines": 445,
686
+ "approx_tokens": 9407,
687
687
  "approx_chars_per_token": 4,
688
688
  "sections": {
689
689
  "frontmatter-scope": {
@@ -820,10 +820,10 @@
820
820
  },
821
821
  "skill-update-loop": {
822
822
  "path": "skills/skill-update-loop/skill.md",
823
- "bytes": 47134,
824
- "chars": 47002,
825
- "lines": 519,
826
- "approx_tokens": 11751,
823
+ "bytes": 47309,
824
+ "chars": 47177,
825
+ "lines": 520,
826
+ "approx_tokens": 11794,
827
827
  "approx_chars_per_token": 4,
828
828
  "sections": {
829
829
  "frontmatter-scope": {
@@ -980,10 +980,10 @@
980
980
  },
981
981
  "researcher": {
982
982
  "path": "skills/researcher/skill.md",
983
- "bytes": 32058,
984
- "chars": 31886,
985
- "lines": 335,
986
- "approx_tokens": 7972,
983
+ "bytes": 32226,
984
+ "chars": 32054,
985
+ "lines": 336,
986
+ "approx_tokens": 8014,
987
987
  "approx_chars_per_token": 4,
988
988
  "sections": {
989
989
  "frontmatter-scope": {
@@ -1085,10 +1085,10 @@
1085
1085
  },
1086
1086
  "fuzz-testing-strategy": {
1087
1087
  "path": "skills/fuzz-testing-strategy/skill.md",
1088
- "bytes": 30523,
1089
- "chars": 30382,
1090
- "lines": 313,
1091
- "approx_tokens": 7596,
1088
+ "bytes": 30702,
1089
+ "chars": 30561,
1090
+ "lines": 314,
1091
+ "approx_tokens": 7640,
1092
1092
  "approx_chars_per_token": 4,
1093
1093
  "sections": {
1094
1094
  "threat-context": {
@@ -1235,10 +1235,10 @@
1235
1235
  },
1236
1236
  "defensive-countermeasure-mapping": {
1237
1237
  "path": "skills/defensive-countermeasure-mapping/skill.md",
1238
- "bytes": 32601,
1239
- "chars": 32465,
1240
- "lines": 301,
1241
- "approx_tokens": 8116,
1238
+ "bytes": 32791,
1239
+ "chars": 32655,
1240
+ "lines": 302,
1241
+ "approx_tokens": 8164,
1242
1242
  "approx_chars_per_token": 4,
1243
1243
  "sections": {
1244
1244
  "threat-context": {
@@ -1340,10 +1340,10 @@
1340
1340
  },
1341
1341
  "ot-ics-security": {
1342
1342
  "path": "skills/ot-ics-security/skill.md",
1343
- "bytes": 36266,
1344
- "chars": 36070,
1345
- "lines": 341,
1346
- "approx_tokens": 9018,
1343
+ "bytes": 36439,
1344
+ "chars": 36243,
1345
+ "lines": 342,
1346
+ "approx_tokens": 9061,
1347
1347
  "approx_chars_per_token": 4,
1348
1348
  "sections": {
1349
1349
  "threat-context": {
@@ -1450,10 +1450,10 @@
1450
1450
  },
1451
1451
  "threat-modeling-methodology": {
1452
1452
  "path": "skills/threat-modeling-methodology/skill.md",
1453
- "bytes": 30617,
1454
- "chars": 30440,
1455
- "lines": 317,
1456
- "approx_tokens": 7610,
1453
+ "bytes": 30802,
1454
+ "chars": 30625,
1455
+ "lines": 318,
1456
+ "approx_tokens": 7656,
1457
1457
  "approx_chars_per_token": 4,
1458
1458
  "sections": {
1459
1459
  "purpose": {
@@ -1510,10 +1510,10 @@
1510
1510
  },
1511
1511
  "webapp-security": {
1512
1512
  "path": "skills/webapp-security/skill.md",
1513
- "bytes": 28963,
1514
- "chars": 28789,
1515
- "lines": 282,
1516
- "approx_tokens": 7197,
1513
+ "bytes": 29136,
1514
+ "chars": 28962,
1515
+ "lines": 283,
1516
+ "approx_tokens": 7241,
1517
1517
  "approx_chars_per_token": 4,
1518
1518
  "sections": {
1519
1519
  "threat-context": {
@@ -1565,10 +1565,10 @@
1565
1565
  },
1566
1566
  "ai-risk-management": {
1567
1567
  "path": "skills/ai-risk-management/skill.md",
1568
- "bytes": 34753,
1569
- "chars": 34571,
1570
- "lines": 320,
1571
- "approx_tokens": 8643,
1568
+ "bytes": 34929,
1569
+ "chars": 34747,
1570
+ "lines": 321,
1571
+ "approx_tokens": 8687,
1572
1572
  "approx_chars_per_token": 4,
1573
1573
  "sections": {
1574
1574
  "purpose": {
@@ -1735,10 +1735,10 @@
1735
1735
  },
1736
1736
  "sector-federal-government": {
1737
1737
  "path": "skills/sector-federal-government/skill.md",
1738
- "bytes": 44140,
1739
- "chars": 43967,
1740
- "lines": 305,
1741
- "approx_tokens": 10992,
1738
+ "bytes": 44323,
1739
+ "chars": 44150,
1740
+ "lines": 306,
1741
+ "approx_tokens": 11038,
1742
1742
  "approx_chars_per_token": 4,
1743
1743
  "sections": {
1744
1744
  "threat-context": {
@@ -1790,10 +1790,10 @@
1790
1790
  },
1791
1791
  "sector-energy": {
1792
1792
  "path": "skills/sector-energy/skill.md",
1793
- "bytes": 53906,
1794
- "chars": 53698,
1795
- "lines": 409,
1796
- "approx_tokens": 13425,
1793
+ "bytes": 54077,
1794
+ "chars": 53869,
1795
+ "lines": 410,
1796
+ "approx_tokens": 13467,
1797
1797
  "approx_chars_per_token": 4,
1798
1798
  "sections": {
1799
1799
  "threat-context": {
@@ -1845,10 +1845,10 @@
1845
1845
  },
1846
1846
  "sector-telecom": {
1847
1847
  "path": "skills/sector-telecom/skill.md",
1848
- "bytes": 20690,
1849
- "chars": 20590,
1850
- "lines": 256,
1851
- "approx_tokens": 5148,
1848
+ "bytes": 20862,
1849
+ "chars": 20762,
1850
+ "lines": 257,
1851
+ "approx_tokens": 5191,
1852
1852
  "approx_chars_per_token": 4,
1853
1853
  "sections": {
1854
1854
  "threat-context": {
@@ -2065,10 +2065,10 @@
2065
2065
  },
2066
2066
  "mlops-security": {
2067
2067
  "path": "skills/mlops-security/skill.md",
2068
- "bytes": 45439,
2069
- "chars": 45147,
2070
- "lines": 329,
2071
- "approx_tokens": 11287,
2068
+ "bytes": 45611,
2069
+ "chars": 45319,
2070
+ "lines": 330,
2071
+ "approx_tokens": 11330,
2072
2072
  "approx_chars_per_token": 4,
2073
2073
  "sections": {
2074
2074
  "threat-context": {
@@ -2230,10 +2230,10 @@
2230
2230
  },
2231
2231
  "email-security-anti-phishing": {
2232
2232
  "path": "skills/email-security-anti-phishing/skill.md",
2233
- "bytes": 26370,
2234
- "chars": 26272,
2235
- "lines": 208,
2236
- "approx_tokens": 6568,
2233
+ "bytes": 26556,
2234
+ "chars": 26458,
2235
+ "lines": 209,
2236
+ "approx_tokens": 6615,
2237
2237
  "approx_chars_per_token": 4,
2238
2238
  "sections": {
2239
2239
  "threat-context": {
@@ -2285,10 +2285,10 @@
2285
2285
  },
2286
2286
  "age-gates-child-safety": {
2287
2287
  "path": "skills/age-gates-child-safety/skill.md",
2288
- "bytes": 69560,
2289
- "chars": 69272,
2290
- "lines": 456,
2291
- "approx_tokens": 17318,
2288
+ "bytes": 69740,
2289
+ "chars": 69452,
2290
+ "lines": 457,
2291
+ "approx_tokens": 17363,
2292
2292
  "approx_chars_per_token": 4,
2293
2293
  "sections": {
2294
2294
  "threat-context": {
package/data/atlas-ttps.json CHANGED
@@ -85,6 +85,7 @@
85
85
  "maturity": "high",
86
86
  "last_verified": "2026-05-15",
87
87
  "cve_refs": [
88
+ "CVE-2026-30623",
88
89
  "CVE-2026-42945"
89
90
  ]
90
91
  },
@@ -131,6 +132,7 @@
131
132
  "CVE-2026-45321",
132
133
  "MAL-2026-3083",
133
134
  "MAL-2026-NODE-IPC-STEALER",
135
+ "MAL-2026-SHAI-HULUD-OSS",
134
136
  "MAL-2026-TANSTACK-MINI"
135
137
  ]
136
138
  },
@@ -162,6 +164,7 @@
162
164
  "maturity": "moderate",
163
165
  "last_verified": "2026-05-15",
164
166
  "cve_refs": [
167
+ "CVE-2023-43472",
165
168
  "CVE-2026-30615"
166
169
  ]
167
170
  },
package/data/attack-techniques.json CHANGED
@@ -99,8 +99,10 @@
99
99
  "DS0017"
100
100
  ],
101
101
  "cve_refs": [
102
+ "CVE-2025-11837",
102
103
  "CVE-2025-53773",
103
104
  "CVE-2026-30615",
105
+ "CVE-2026-30623",
104
106
  "CVE-2026-32202",
105
107
  "CVE-2026-39884",
106
108
  "CVE-2026-39987",
@@ -133,12 +135,14 @@
133
135
  "name": "Exploitation for Privilege Escalation",
134
136
  "version": "v19",
135
137
  "cve_refs": [
138
+ "CVE-2025-62849",
136
139
  "CVE-2026-0300",
137
140
  "CVE-2026-31431",
138
141
  "CVE-2026-33825",
139
142
  "CVE-2026-43284",
140
143
  "CVE-2026-43500",
141
144
  "CVE-2026-46300",
145
+ "CVE-2026-46333",
142
146
  "CVE-2026-6973"
143
147
  ]
144
148
  },
@@ -150,11 +154,15 @@
150
154
  "name": "Valid Accounts",
151
155
  "version": "v19",
152
156
  "cve_refs": [
157
+ "CVE-2020-10148",
158
+ "CVE-2024-1709",
159
+ "CVE-2026-20182",
153
160
  "CVE-2026-33825",
154
161
  "CVE-2026-39884",
155
162
  "CVE-2026-42897",
156
163
  "CVE-2026-6973",
157
- "MAL-2026-NODE-IPC-STEALER"
164
+ "MAL-2026-NODE-IPC-STEALER",
165
+ "MAL-2026-SHAI-HULUD-OSS"
158
166
  ]
159
167
  },
160
168
  "T1078.001": {
@@ -221,8 +229,16 @@
221
229
  "name": "Exploit Public-Facing Application",
222
230
  "version": "v19",
223
231
  "cve_refs": [
232
+ "CVE-2020-10148",
233
+ "CVE-2023-3519",
234
+ "CVE-2024-1709",
235
+ "CVE-2025-12686",
224
236
  "CVE-2025-53773",
237
+ "CVE-2025-59389",
238
+ "CVE-2025-62847",
239
+ "CVE-2025-62848",
225
240
  "CVE-2026-0300",
241
+ "CVE-2026-20182",
226
242
  "CVE-2026-32202",
227
243
  "CVE-2026-39987",
228
244
  "CVE-2026-42208",
@@ -252,7 +268,8 @@
252
268
  "CVE-2024-3094",
253
269
  "CVE-2026-45321",
254
270
  "MAL-2026-3083",
255
- "MAL-2026-NODE-IPC-STEALER"
271
+ "MAL-2026-NODE-IPC-STEALER",
272
+ "MAL-2026-SHAI-HULUD-OSS"
256
273
  ]
257
274
  },
258
275
  "T1199": {
@@ -273,7 +290,10 @@
273
290
  },
274
291
  "T1485": {
275
292
  "name": "Data Destruction",
276
- "version": "v19"
293
+ "version": "v19",
294
+ "cve_refs": [
295
+ "MAL-2026-SHAI-HULUD-OSS"
296
+ ]
277
297
  },
278
298
  "T1486": {
279
299
  "name": "Data Encrypted for Impact",
@@ -294,7 +314,10 @@
294
314
  },
295
315
  "T1525": {
296
316
  "name": "Implant Internal Image",
297
- "version": "v19"
317
+ "version": "v19",
318
+ "cve_refs": [
319
+ "CVE-2024-40635"
320
+ ]
298
321
  },
299
322
  "T1528": {
300
323
  "name": "Steal Application Access Token",
@@ -358,7 +381,8 @@
358
381
  "name": "Compromise Host Software Binary",
359
382
  "version": "v19",
360
383
  "cve_refs": [
361
- "CVE-2024-3094"
384
+ "CVE-2024-3094",
385
+ "CVE-2025-11837"
362
386
  ]
363
387
  },
364
388
  "T1555": {
@@ -424,7 +448,10 @@
424
448
  },
425
449
  "T1567": {
426
450
  "name": "Exfiltration Over Web Service",
427
- "version": "v19"
451
+ "version": "v19",
452
+ "cve_refs": [
453
+ "MAL-2026-SHAI-HULUD-OSS"
454
+ ]
428
455
  },
429
456
  "T1568": {
430
457
  "name": "Dynamic Resolution",
@@ -484,7 +511,8 @@
484
511
  "DS0029"
485
512
  ],
486
513
  "cve_refs": [
487
- "CVE-2024-21626"
514
+ "CVE-2024-21626",
515
+ "CVE-2024-3154"
488
516
  ]
489
517
  },
490
518
  "T1613": {