@blamejs/exceptd-skills 0.16.24 → 0.16.25
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/data/_indexes/_meta.json +2 -2
- package/lib/refresh-external.js +40 -15
- package/manifest.json +53 -53
- package/package.json +1 -1
- package/sbom.cdx.json +14 -14
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,9 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 0.16.25 — 2026-06-05
|
|
4
|
+
|
|
5
|
+
The `refresh` air-gap guidance now consistently names `--prefetch` as the cache-populate command. The `refresh --help` synopsis and the `--from-cache` missing-path error hint previously presented `--no-network` as a populate alias — but `--no-network` is the report-only dry run that writes nothing, so an operator following that guidance produced an empty cache and then hit a confusing "path does not exist" on the offline host. `--no-network` is now documented as the report-only mode it actually is, and the air-gap hint points at `--prefetch`.
|
|
6
|
+
|
|
3
7
|
## 0.16.24 — 2026-06-05
|
|
4
8
|
|
|
5
9
|
Attestation replay tamper-gating, collector detection integrity, and lock-lifecycle fixes.
|
package/data/_indexes/_meta.json
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
{
|
|
2
2
|
"schema_version": "1.1.0",
|
|
3
|
-
"generated_at": "2026-06-
|
|
3
|
+
"generated_at": "2026-06-06T00:45:44.721Z",
|
|
4
4
|
"generator": "scripts/build-indexes.js",
|
|
5
5
|
"source_count": 63,
|
|
6
6
|
"source_hashes": {
|
|
7
|
-
"manifest.json": "
|
|
7
|
+
"manifest.json": "9e5780f8d8bec94d6cff2d22e16c940f63e7a38d8dfefe17a201cf93eaeabf93",
|
|
8
8
|
"data/atlas-ttps.json": "f66b456cf82a3c20575d8479de41f7b11b7ee5693eb1fcf64a67e162ae1b88a2",
|
|
9
9
|
"data/attack-techniques.json": "c39f28e3402ef13ad9b7076819f63fda67a22f97e3e375cfe01c4a4e0beff7c9",
|
|
10
10
|
"data/cve-catalog.json": "51d8425a49e5cc0375d0a154a83a16816e99c3141a5bbafe6383607ca11be240",
|
package/lib/refresh-external.js
CHANGED
|
@@ -109,13 +109,17 @@ function parseArgs(argv) {
|
|
|
109
109
|
// older than 7d or one that was prefetched without a signing keypair.
|
|
110
110
|
// EXCEPTD_FORCE_STALE=1 mirrors for non-interactive automation.
|
|
111
111
|
else if (a === "--force-stale") out.forceStale = true;
|
|
112
|
-
//
|
|
113
|
-
//
|
|
114
|
-
//
|
|
115
|
-
//
|
|
116
|
-
//
|
|
112
|
+
// --prefetch / --no-network are prefetch-cache operations. Capture them so
|
|
113
|
+
// main() can delegate to lib/prefetch.js (the same routing bin/exceptd.js
|
|
114
|
+
// performs) when this script is invoked directly — otherwise the help
|
|
115
|
+
// text's "report-only, no cache write" promise for --no-network is a lie
|
|
116
|
+
// on the direct path, which would fall through to the live refresh loop.
|
|
117
|
+
else if (a === "--no-network") { out.noNetwork = true; }
|
|
118
|
+
else if (a === "--prefetch") { out.prefetch = true; }
|
|
119
|
+
// Remaining bin-translated aliases are tolerated as no-ops at this layer
|
|
120
|
+
// so the unknown-flag guard below doesn't false-reject them.
|
|
117
121
|
else if (
|
|
118
|
-
a === "--
|
|
122
|
+
a === "--indexes-only" ||
|
|
119
123
|
a === "--network" || a === "--curate" || a === "--force-stale-acked"
|
|
120
124
|
) { /* accepted, no-op at this layer */ }
|
|
121
125
|
// Any remaining --flag is an unrecognized typo. Record it; refuse after
|
|
@@ -148,8 +152,10 @@ Modes:
|
|
|
148
152
|
place. Same trust anchor as \`npm update -g\`, only the
|
|
149
153
|
data slice changes — useful when you want fresher
|
|
150
154
|
intel without re-resolving CLI/lib code.
|
|
151
|
-
--prefetch
|
|
152
|
-
|
|
155
|
+
--prefetch populate the cache for offline use. Equivalent to
|
|
156
|
+
\`exceptd prefetch\`.
|
|
157
|
+
--no-network report-only: list what would be fetched, WITHOUT writing
|
|
158
|
+
the cache (the dry-run opposite of --prefetch).
|
|
153
159
|
--from-cache [<p>] read from prefetch cache (default .cache/upstream).
|
|
154
160
|
Combine with --apply to upsert against cached data
|
|
155
161
|
entirely offline. Cache must be pre-populated via --prefetch.
|
|
@@ -1099,15 +1105,16 @@ function loadCtx(opts) {
|
|
|
1099
1105
|
const abs = path.resolve(opts.fromCache);
|
|
1100
1106
|
ctx.cacheDir = abs;
|
|
1101
1107
|
if (!fs.existsSync(abs)) {
|
|
1102
|
-
//
|
|
1103
|
-
//
|
|
1104
|
-
//
|
|
1105
|
-
//
|
|
1106
|
-
//
|
|
1108
|
+
// Operators following the air-gap workflow hit this with an unhelpful
|
|
1109
|
+
// "path does not exist" stack trace. The cache is populated by
|
|
1110
|
+
// `exceptd refresh --prefetch` (which routes to prefetch) — NOT by
|
|
1111
|
+
// `--no-network`, which is the report-only dry run that writes nothing.
|
|
1112
|
+
// Tell them exactly that, and emit a structured JSON error to stderr
|
|
1113
|
+
// instead of a fatal stack trace.
|
|
1107
1114
|
const err = new Error(
|
|
1108
1115
|
`refresh: --from-cache path does not exist: ${abs}\n` +
|
|
1109
|
-
`Hint: the cache is populated by running \`exceptd refresh --
|
|
1110
|
-
`on a connected host first. Air-gap workflow: (1) on connected host: \`exceptd refresh --
|
|
1116
|
+
`Hint: the cache is populated by running \`exceptd refresh --prefetch\` ` +
|
|
1117
|
+
`on a connected host first. Air-gap workflow: (1) on connected host: \`exceptd refresh --prefetch\`, ` +
|
|
1111
1118
|
`(2) copy .cache/upstream/ across the boundary, (3) on offline host: \`exceptd refresh --from-cache --apply\`.`
|
|
1112
1119
|
);
|
|
1113
1120
|
err._exceptd_hint = true;
|
|
@@ -1526,6 +1533,24 @@ async function main() {
|
|
|
1526
1533
|
return;
|
|
1527
1534
|
}
|
|
1528
1535
|
|
|
1536
|
+
// `--prefetch` / `--no-network` are prefetch-cache operations. The operator
|
|
1537
|
+
// path (bin/exceptd.js) routes them to lib/prefetch.js; when this script is
|
|
1538
|
+
// invoked directly, delegate the SAME way so behavior matches the help text:
|
|
1539
|
+
// --prefetch populates the cache, --no-network is a report-only dry run that
|
|
1540
|
+
// writes nothing. Without this, the direct path fell through to the live
|
|
1541
|
+
// refresh loop and could egress + write refresh-report.json despite
|
|
1542
|
+
// --no-network.
|
|
1543
|
+
if (opts.prefetch || opts.noNetwork) {
|
|
1544
|
+
const { spawnSync } = require("child_process");
|
|
1545
|
+
const pfArgs = [require.resolve("./prefetch.js")];
|
|
1546
|
+
if (opts.noNetwork) pfArgs.push("--no-network");
|
|
1547
|
+
if (opts.source) pfArgs.push("--source", opts.source);
|
|
1548
|
+
if (opts.quiet) pfArgs.push("--quiet");
|
|
1549
|
+
const r = spawnSync(process.execPath, pfArgs, { stdio: "inherit" });
|
|
1550
|
+
process.exitCode = r.status == null ? 1 : r.status;
|
|
1551
|
+
return;
|
|
1552
|
+
}
|
|
1553
|
+
|
|
1529
1554
|
// v0.12.0: `--advisory <id>` short-circuits the normal source loop and
|
|
1530
1555
|
// seeds a single CVE catalog entry from GHSA. Exits non-zero ("draft
|
|
1531
1556
|
// written, please review") so CI pipelines surface the needed editorial
|
package/manifest.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "exceptd-security",
|
|
3
|
-
"version": "0.16.
|
|
3
|
+
"version": "0.16.25",
|
|
4
4
|
"description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation",
|
|
5
5
|
"homepage": "https://exceptd.com",
|
|
6
6
|
"license": "Apache-2.0",
|
|
@@ -53,7 +53,7 @@
|
|
|
53
53
|
],
|
|
54
54
|
"last_threat_review": "2026-05-15",
|
|
55
55
|
"signature": "0H+JfyUVmo/pVFEi5rLENATHjlukPVUqnOWmNPEH77wm8svKGK0aNJ46k6QU5GdHb8c9X9pVJKiuhON6AxDjDw==",
|
|
56
|
-
"signed_at": "2026-06-
|
|
56
|
+
"signed_at": "2026-06-06T00:30:06.267Z",
|
|
57
57
|
"cwe_refs": [
|
|
58
58
|
"CWE-125",
|
|
59
59
|
"CWE-362",
|
|
@@ -123,7 +123,7 @@
|
|
|
123
123
|
],
|
|
124
124
|
"last_threat_review": "2026-05-17",
|
|
125
125
|
"signature": "PHwHEsoy7ctBYOtlAfAdCDVfsq2Bpk9+qESSF+5dVkDcez2zp2v9Ihsv2vqMEs3QxMndyQ+t7NVezyt5VamSCg==",
|
|
126
|
-
"signed_at": "2026-06-
|
|
126
|
+
"signed_at": "2026-06-06T00:30:06.268Z",
|
|
127
127
|
"cwe_refs": [
|
|
128
128
|
"CWE-1039",
|
|
129
129
|
"CWE-1426",
|
|
@@ -196,7 +196,7 @@
|
|
|
196
196
|
],
|
|
197
197
|
"last_threat_review": "2026-05-17",
|
|
198
198
|
"signature": "dD4p7lcRtMyfITOncqLkpOeMy6x6gM0V7UlWHgLEdcxqODb1s75ar1cBtTqDWPbMv6ZAzVo2HJLDK1hVjjU2AQ==",
|
|
199
|
-
"signed_at": "2026-06-
|
|
199
|
+
"signed_at": "2026-06-06T00:30:06.269Z",
|
|
200
200
|
"cwe_refs": [
|
|
201
201
|
"CWE-22",
|
|
202
202
|
"CWE-345",
|
|
@@ -248,7 +248,7 @@
|
|
|
248
248
|
"framework_gaps": [],
|
|
249
249
|
"last_threat_review": "2026-05-22",
|
|
250
250
|
"signature": "wsw8Mlr/gyw6S7Iaao9BVHdU5LFPWl8WVymW17Lkq9J1Mui0+fCrTg6UbrsaeE3s7EW3TVgzBuK+8EFd1+H5AA==",
|
|
251
|
-
"signed_at": "2026-06-
|
|
251
|
+
"signed_at": "2026-06-06T00:30:06.269Z"
|
|
252
252
|
},
|
|
253
253
|
{
|
|
254
254
|
"name": "compliance-theater",
|
|
@@ -279,7 +279,7 @@
|
|
|
279
279
|
],
|
|
280
280
|
"last_threat_review": "2026-05-22",
|
|
281
281
|
"signature": "uVTc1QRKOKcIVDajBz+q2egjiEAyOQaDNsvVI2ghj5FD0VvquoUBBE5Naca2FkaZa790EHWCsVZ4hhdaSQs2DQ==",
|
|
282
|
-
"signed_at": "2026-06-
|
|
282
|
+
"signed_at": "2026-06-06T00:30:06.270Z"
|
|
283
283
|
},
|
|
284
284
|
{
|
|
285
285
|
"name": "exploit-scoring",
|
|
@@ -308,7 +308,7 @@
|
|
|
308
308
|
],
|
|
309
309
|
"last_threat_review": "2026-05-18",
|
|
310
310
|
"signature": "Vne6mNYAubRMzF8Fz6CrU/hbvV+UzkGbpmWQrRSGlqNTGPHgzKOhDcZ2cqgRAI9AGz4IBE79dMaQrXqsnni9AQ==",
|
|
311
|
-
"signed_at": "2026-06-
|
|
311
|
+
"signed_at": "2026-06-06T00:30:06.270Z"
|
|
312
312
|
},
|
|
313
313
|
{
|
|
314
314
|
"name": "rag-pipeline-security",
|
|
@@ -345,7 +345,7 @@
|
|
|
345
345
|
],
|
|
346
346
|
"last_threat_review": "2026-05-22",
|
|
347
347
|
"signature": "5rw2i39SxY2WphBbDLEP28wufnbPPE9+PWt54hmaGdwHXr9RLiVt5liL/5xp14sehlVgFsfpR/bg9vy//xV0DA==",
|
|
348
|
-
"signed_at": "2026-06-
|
|
348
|
+
"signed_at": "2026-06-06T00:30:06.271Z",
|
|
349
349
|
"cwe_refs": [
|
|
350
350
|
"CWE-1395",
|
|
351
351
|
"CWE-1426"
|
|
@@ -405,7 +405,7 @@
|
|
|
405
405
|
],
|
|
406
406
|
"last_threat_review": "2026-05-17",
|
|
407
407
|
"signature": "Vqu49nzntFWjn9A/QeJzm7q/2xk/cZJ6HFQKtiNi1zgcxzXKm+MlFdkaLgYHWj5/9HJohxyIDyBJQTvcJ20eDQ==",
|
|
408
|
-
"signed_at": "2026-06-
|
|
408
|
+
"signed_at": "2026-06-06T00:30:06.271Z",
|
|
409
409
|
"cwe_refs": [
|
|
410
410
|
"CWE-918"
|
|
411
411
|
],
|
|
@@ -443,7 +443,7 @@
|
|
|
443
443
|
"framework_gaps": [],
|
|
444
444
|
"last_threat_review": "2026-05-22",
|
|
445
445
|
"signature": "W87VdyVdAxAdcRI6P/8StaV+MS8ZSPKM9HOCK9n/bBO6BM3ZSE3uImVoyJVpAXQlUpUGN+A3lCJZXv64LuxwDg==",
|
|
446
|
-
"signed_at": "2026-06-
|
|
446
|
+
"signed_at": "2026-06-06T00:30:06.271Z",
|
|
447
447
|
"cwe_refs": [
|
|
448
448
|
"CWE-1188"
|
|
449
449
|
],
|
|
@@ -477,7 +477,7 @@
|
|
|
477
477
|
"framework_gaps": [],
|
|
478
478
|
"last_threat_review": "2026-05-18",
|
|
479
479
|
"signature": "wdVX+edeNekpaIldqkhvtraV6DquLvIsKAjuZVwPQYn3l1vS99HXuFxmNsD7UeMlO3qgC6Dysfsto9EnuH0RBg==",
|
|
480
|
-
"signed_at": "2026-06-
|
|
480
|
+
"signed_at": "2026-06-06T00:30:06.272Z",
|
|
481
481
|
"forward_watch": [
|
|
482
482
|
"New AI attack classes as ATLAS v6 publishes",
|
|
483
483
|
"Post-quantum adversary capability timeline",
|
|
@@ -516,7 +516,7 @@
|
|
|
516
516
|
"framework_gaps": [],
|
|
517
517
|
"last_threat_review": "2026-05-01",
|
|
518
518
|
"signature": "b5miTiY0cnxETd2btxorfZBdJKt/fLnQx20sGYUb9zEqGqtm0LMLpghkW68j4/9k48KNyuGMtNWiKTSnodUGBw==",
|
|
519
|
-
"signed_at": "2026-06-
|
|
519
|
+
"signed_at": "2026-06-06T00:30:06.272Z"
|
|
520
520
|
},
|
|
521
521
|
{
|
|
522
522
|
"name": "zeroday-gap-learn",
|
|
@@ -543,7 +543,7 @@
|
|
|
543
543
|
"framework_gaps": [],
|
|
544
544
|
"last_threat_review": "2026-05-18",
|
|
545
545
|
"signature": "xbkip0AQtWQKAu+O6r/gYECNjezS6O9k9xkkJsYbMlr+j8CdqH3p5/0l+GZmDidImRC/DL07GCnKrk9HRR/yDQ==",
|
|
546
|
-
"signed_at": "2026-06-
|
|
546
|
+
"signed_at": "2026-06-06T00:30:06.273Z",
|
|
547
547
|
"forward_watch": [
|
|
548
548
|
"New CISA KEV entries",
|
|
549
549
|
"New ATLAS TTP additions in each ATLAS release",
|
|
@@ -607,7 +607,7 @@
|
|
|
607
607
|
],
|
|
608
608
|
"last_threat_review": "2026-05-22",
|
|
609
609
|
"signature": "li2NnC1oeVIr22ComP5QbcQoh5xpWITuaKpza1s2SsUkH6kGnnt4wFfFAzaC1ORmH9x2cr8hN8kaNANG/eIMBQ==",
|
|
610
|
-
"signed_at": "2026-06-
|
|
610
|
+
"signed_at": "2026-06-06T00:30:06.273Z",
|
|
611
611
|
"cwe_refs": [
|
|
612
612
|
"CWE-327"
|
|
613
613
|
],
|
|
@@ -655,7 +655,7 @@
|
|
|
655
655
|
],
|
|
656
656
|
"last_threat_review": "2026-05-22",
|
|
657
657
|
"signature": "sZHlJ7ueHPdtzVbR+yXQ5+wKgNyjWsa1LKVg9aWTmg/Onl71DvEILMyJiLpPQjseT56Mnr1DMYJE8xOGlffBAw==",
|
|
658
|
-
"signed_at": "2026-06-
|
|
658
|
+
"signed_at": "2026-06-06T00:30:06.273Z"
|
|
659
659
|
},
|
|
660
660
|
{
|
|
661
661
|
"name": "security-maturity-tiers",
|
|
@@ -692,7 +692,7 @@
|
|
|
692
692
|
],
|
|
693
693
|
"last_threat_review": "2026-05-01",
|
|
694
694
|
"signature": "3AwFnEJu6DukPPNep/3SnuPWEuV060fJEQIwThFm7ujmdbFk0/Ii0XwGv1dkvbbK7ymMdOQpp35l4aLONAucDA==",
|
|
695
|
-
"signed_at": "2026-06-
|
|
695
|
+
"signed_at": "2026-06-06T00:30:06.274Z",
|
|
696
696
|
"cwe_refs": [
|
|
697
697
|
"CWE-1188"
|
|
698
698
|
]
|
|
@@ -727,7 +727,7 @@
|
|
|
727
727
|
"framework_gaps": [],
|
|
728
728
|
"last_threat_review": "2026-05-11",
|
|
729
729
|
"signature": "iJWevUBurLvt2v8X+Ch2eHmZkPWpKeAtIpxTIP4MwbUHyco3igDeBywJCyaR2vURYRx8LkzzIMM8DxQM4LAXBQ==",
|
|
730
|
-
"signed_at": "2026-06-
|
|
730
|
+
"signed_at": "2026-06-06T00:30:06.274Z"
|
|
731
731
|
},
|
|
732
732
|
{
|
|
733
733
|
"name": "attack-surface-pentest",
|
|
@@ -799,7 +799,7 @@
|
|
|
799
799
|
"Pwn2Own Berlin 2026 (disclosed 2026-05-14, embargo ends 2026-08-12) — Microsoft Edge 4-bug sandbox escape by Orange Tsai (DEVCORE); forward-watch only (browser sandbox, out of current playbook scope); track Microsoft Edge security advisory and KEV add"
|
|
800
800
|
],
|
|
801
801
|
"signature": "DDMzI+4En4aIkwBUCGW6nj1eEkCyLqHGn2LJ2rnwWfYatjPI1U5HrTZNAN/n9JqWtAzk8F3rmsKehaaz5iNWDA==",
|
|
802
|
-
"signed_at": "2026-06-
|
|
802
|
+
"signed_at": "2026-06-06T00:30:06.274Z"
|
|
803
803
|
},
|
|
804
804
|
{
|
|
805
805
|
"name": "fuzz-testing-strategy",
|
|
@@ -859,7 +859,7 @@
|
|
|
859
859
|
"OSS-Fuzz-Gen / AI-assisted harness generation becoming the default expectation for OSS maintainers"
|
|
860
860
|
],
|
|
861
861
|
"signature": "dJB0iAstIUbyny+udl3OIkaLScEmqS97LNP73yQ8mxt+0bcqxZjpfXaWLzLuIQblGYvUvz75/H6rO2EJuGd4AQ==",
|
|
862
|
-
"signed_at": "2026-06-
|
|
862
|
+
"signed_at": "2026-06-06T00:30:06.275Z"
|
|
863
863
|
},
|
|
864
864
|
{
|
|
865
865
|
"name": "dlp-gap-analysis",
|
|
@@ -934,7 +934,7 @@
|
|
|
934
934
|
"Quebec Law 25, India DPDPA, KSA PDPL enforcement actions naming AI-tool prompt data as in-scope personal information"
|
|
935
935
|
],
|
|
936
936
|
"signature": "KEAoMji3VcPX/ZXXqVe6OStxSkTssfY9fIRPyPcDYqh50GzOFQ6koNOTBVAiWOvjDjQ38g12xun5srbqgmvRAw==",
|
|
937
|
-
"signed_at": "2026-06-
|
|
937
|
+
"signed_at": "2026-06-06T00:30:06.275Z"
|
|
938
938
|
},
|
|
939
939
|
{
|
|
940
940
|
"name": "supply-chain-integrity",
|
|
@@ -1013,7 +1013,7 @@
|
|
|
1013
1013
|
"Pwn2Own Berlin 2026 (disclosed 2026-05-14, embargo ends 2026-08-12) — NVIDIA Megatron Bridge path traversal by haehae; AI training-stack file-system trust boundary; track patch and SBOM-attestation impact"
|
|
1014
1014
|
],
|
|
1015
1015
|
"signature": "zuW8T0EMbVV83GsUP/W20Use2gBTicBW021T0sY7qsRY/U5qsPWkXYIWp3SdiKLTIKqTEd/0T7LQebjIs2QKCA==",
|
|
1016
|
-
"signed_at": "2026-06-
|
|
1016
|
+
"signed_at": "2026-06-06T00:30:06.275Z"
|
|
1017
1017
|
},
|
|
1018
1018
|
{
|
|
1019
1019
|
"name": "defensive-countermeasure-mapping",
|
|
@@ -1070,7 +1070,7 @@
|
|
|
1070
1070
|
],
|
|
1071
1071
|
"last_threat_review": "2026-05-11",
|
|
1072
1072
|
"signature": "Qe0Hg9BrX3Zm5pj0n2z/oiHbAXWdA2Dq461zc4izkkUjEX2CZ02rODjCI2ELbrVOU3GC7edxqAxA+5U/ObnHDQ==",
|
|
1073
|
-
"signed_at": "2026-06-
|
|
1073
|
+
"signed_at": "2026-06-06T00:30:06.276Z"
|
|
1074
1074
|
},
|
|
1075
1075
|
{
|
|
1076
1076
|
"name": "identity-assurance",
|
|
@@ -1137,7 +1137,7 @@
|
|
|
1137
1137
|
"d3fend_refs": [],
|
|
1138
1138
|
"last_threat_review": "2026-05-11",
|
|
1139
1139
|
"signature": "UV3458QXSkEpenzrOmdlTTfPHUD4hNyKMDHoeZDq/kiFb4mAG0ghQGTTgI9Ru8cJbSmYM1++m9N5TFIJ6JJPBg==",
|
|
1140
|
-
"signed_at": "2026-06-
|
|
1140
|
+
"signed_at": "2026-06-06T00:30:06.276Z"
|
|
1141
1141
|
},
|
|
1142
1142
|
{
|
|
1143
1143
|
"name": "ot-ics-security",
|
|
@@ -1193,7 +1193,7 @@
|
|
|
1193
1193
|
"d3fend_refs": [],
|
|
1194
1194
|
"last_threat_review": "2026-05-11",
|
|
1195
1195
|
"signature": "kIVzsPsJ72PzzWQwTuvjoHHoVEDCday5I52M9ohjB3/Ak+zlA8oyWLO/BKb/XuYY4fOApjfxTErSWv5uHQ2zDw==",
|
|
1196
|
-
"signed_at": "2026-06-
|
|
1196
|
+
"signed_at": "2026-06-06T00:30:06.276Z"
|
|
1197
1197
|
},
|
|
1198
1198
|
{
|
|
1199
1199
|
"name": "coordinated-vuln-disclosure",
|
|
@@ -1245,7 +1245,7 @@
|
|
|
1245
1245
|
"NYDFS 23 NYCRR 500 amendments potentially adding explicit CVD program requirements"
|
|
1246
1246
|
],
|
|
1247
1247
|
"signature": "bWr27Q1uN9xCe1ib4QulszBa7YIDNkGqo72k5nm2cK98LyPblicD+sO9MnGckAyB22BTN/cIB+FwFMcI5IxvBw==",
|
|
1248
|
-
"signed_at": "2026-06-
|
|
1248
|
+
"signed_at": "2026-06-06T00:30:06.277Z"
|
|
1249
1249
|
},
|
|
1250
1250
|
{
|
|
1251
1251
|
"name": "threat-modeling-methodology",
|
|
@@ -1295,7 +1295,7 @@
|
|
|
1295
1295
|
"PASTA v2 updates incorporating AI/ML application threats"
|
|
1296
1296
|
],
|
|
1297
1297
|
"signature": "Q854yzLqXdOazc6EyQbZzgAlivuq2vGFDVUCrxSldSvx/HX/ZM/uzmJyP7aBG7ZsMHxj6Lmj/H82YQoo1e+NCQ==",
|
|
1298
|
-
"signed_at": "2026-06-
|
|
1298
|
+
"signed_at": "2026-06-06T00:30:06.277Z"
|
|
1299
1299
|
},
|
|
1300
1300
|
{
|
|
1301
1301
|
"name": "webapp-security",
|
|
@@ -1369,7 +1369,7 @@
|
|
|
1369
1369
|
"d3fend_refs": [],
|
|
1370
1370
|
"last_threat_review": "2026-05-11",
|
|
1371
1371
|
"signature": "4ccahkJpGJZtwD7EBpnGcN0sEGPMEw8eqV+tvePVS04YAkLgYVWtlkasI/8n0be9xB+77x+Sjj3kIi2j2Lf9CA==",
|
|
1372
|
-
"signed_at": "2026-06-
|
|
1372
|
+
"signed_at": "2026-06-06T00:30:06.277Z",
|
|
1373
1373
|
"forward_watch": [
|
|
1374
1374
|
"NGINX Rift CVE-2026-42945 (disclosed 2026-05-13, source depthfirst) — KEV-watch predicted CISA KEV listing by 2026-05-29; AI-assisted discovery angle; track for active-exploitation confirmation and patch advisory affecting front-door web app deployments"
|
|
1375
1375
|
]
|
|
@@ -1422,7 +1422,7 @@
|
|
|
1422
1422
|
"d3fend_refs": [],
|
|
1423
1423
|
"last_threat_review": "2026-05-15",
|
|
1424
1424
|
"signature": "SBB7c3wNYfIdkyOp4g4nW0WP7xS+YokMzg32aaeJdbf14LTGQRzQUvSqb2TCj2HFUSHESOyKT1JpkAfyHLSQBQ==",
|
|
1425
|
-
"signed_at": "2026-06-
|
|
1425
|
+
"signed_at": "2026-06-06T00:30:06.278Z"
|
|
1426
1426
|
},
|
|
1427
1427
|
{
|
|
1428
1428
|
"name": "sector-healthcare",
|
|
@@ -1482,7 +1482,7 @@
|
|
|
1482
1482
|
"d3fend_refs": [],
|
|
1483
1483
|
"last_threat_review": "2026-05-11",
|
|
1484
1484
|
"signature": "U04GNLyRas1VmfEsB8khH4iqFZPwx96sPY0Kw9iVsSPU+KTeEFqwgtWK1X1pzgb+T16Pc7HSrCaXDOpTFvQEDw==",
|
|
1485
|
-
"signed_at": "2026-06-
|
|
1485
|
+
"signed_at": "2026-06-06T00:30:06.278Z"
|
|
1486
1486
|
},
|
|
1487
1487
|
{
|
|
1488
1488
|
"name": "sector-financial",
|
|
@@ -1563,7 +1563,7 @@
|
|
|
1563
1563
|
"TIBER-EU framework v2.0 alignment with DORA TLPT RTS (JC 2024/40); cross-recognition with CBEST and iCAST"
|
|
1564
1564
|
],
|
|
1565
1565
|
"signature": "xbylLqNPBuEsFE/MNVeGy/01K6yiJXMxQbzC1F4RWU5aseDGbNy5HrAv2JWI2+Aft05ozreNPjccvu66yJ5EBw==",
|
|
1566
|
-
"signed_at": "2026-06-
|
|
1566
|
+
"signed_at": "2026-06-06T00:30:06.279Z"
|
|
1567
1567
|
},
|
|
1568
1568
|
{
|
|
1569
1569
|
"name": "sector-federal-government",
|
|
@@ -1632,7 +1632,7 @@
|
|
|
1632
1632
|
"Australia PSPF 2024 revision and ISM quarterly updates — track for Essential Eight Maturity Level requirements for federal entities"
|
|
1633
1633
|
],
|
|
1634
1634
|
"signature": "C9c3JuBhUbwcb7uZpDdy+PNT8sYmYIxzD4uRHu421ePW1aSFJ8fkMvuTzSO8vD/F/jOOg5opM4kov/xSAn+qCg==",
|
|
1635
|
-
"signed_at": "2026-06-
|
|
1635
|
+
"signed_at": "2026-06-06T00:30:06.279Z"
|
|
1636
1636
|
},
|
|
1637
1637
|
{
|
|
1638
1638
|
"name": "sector-energy",
|
|
@@ -1697,7 +1697,7 @@
|
|
|
1697
1697
|
"ICS-CERT advisory feed (https://www.cisa.gov/news-events/cybersecurity-advisories/ics-advisories) for vendor CVEs in Siemens, Rockwell, Schneider Electric, ABB, GE Vernova, Hitachi Energy, AVEVA / OSIsoft PI"
|
|
1698
1698
|
],
|
|
1699
1699
|
"signature": "oz8Q5WVaY8au4IjbaZahx/DSaC00Q44ylSL3mDkTerCEpW/EyPUeiLeGxSrWxBCwVFEKSSJvnhJjhvX5lDPcCg==",
|
|
1700
|
-
"signed_at": "2026-06-
|
|
1700
|
+
"signed_at": "2026-06-06T00:30:06.280Z"
|
|
1701
1701
|
},
|
|
1702
1702
|
{
|
|
1703
1703
|
"name": "sector-telecom",
|
|
@@ -1783,7 +1783,7 @@
|
|
|
1783
1783
|
"O-RAN SFG / WG11 security specifications"
|
|
1784
1784
|
],
|
|
1785
1785
|
"signature": "NAtyzfLPXlUuB78Snb9nWmbZalC1CNlIYN9rYhdEmtB/xQGC6vVnThgrEAHlm7v/jMCFuknvEpUHKdscUnUADw==",
|
|
1786
|
-
"signed_at": "2026-06-
|
|
1786
|
+
"signed_at": "2026-06-06T00:30:06.280Z"
|
|
1787
1787
|
},
|
|
1788
1788
|
{
|
|
1789
1789
|
"name": "api-security",
|
|
@@ -1852,7 +1852,7 @@
|
|
|
1852
1852
|
"d3fend_refs": [],
|
|
1853
1853
|
"last_threat_review": "2026-05-18",
|
|
1854
1854
|
"signature": "1UTjZNC5Lyrgw93LAizdXVeSmv3jS8YQNT1db5OKsldub50+o1FXmAH4+3MxZozaOGDCX3yXbdDJSJaaSmfuAA==",
|
|
1855
|
-
"signed_at": "2026-06-
|
|
1855
|
+
"signed_at": "2026-06-06T00:30:06.280Z",
|
|
1856
1856
|
"forward_watch": [
|
|
1857
1857
|
"NGINX Rift CVE-2026-42945 (disclosed 2026-05-13, source depthfirst) — KEV-watch predicted CISA KEV listing by 2026-05-29; track for active-exploitation confirmation and patch advisory affecting API gateway / reverse-proxy deployments",
|
|
1858
1858
|
"Pwn2Own Berlin 2026 (disclosed 2026-05-14, embargo ends 2026-08-12) — LiteLLM 3-bug SSRF + Code Injection chain by k3vg3n; LLM-proxy API surface; track upstream patch and CVE assignments",
|
|
@@ -1938,7 +1938,7 @@
|
|
|
1938
1938
|
"CISA KEV additions for cloud-control-plane CVEs (IMDSv1 abuses, federation token mishandling, cross-tenant boundary failures); CISA Cybersecurity Advisories for cross-cloud advisories"
|
|
1939
1939
|
],
|
|
1940
1940
|
"signature": "EdsY4xe7YA8X8m+KZUbq49JwoCXgRKEz2eg3m86O37rvBmpm8ppvl9hrsekygvpBh2VmCHL2dEYiOD8OM2n7CA==",
|
|
1941
|
-
"signed_at": "2026-06-
|
|
1941
|
+
"signed_at": "2026-06-06T00:30:06.281Z"
|
|
1942
1942
|
},
|
|
1943
1943
|
{
|
|
1944
1944
|
"name": "container-runtime-security",
|
|
@@ -2000,7 +2000,7 @@
|
|
|
2000
2000
|
"d3fend_refs": [],
|
|
2001
2001
|
"last_threat_review": "2026-05-15",
|
|
2002
2002
|
"signature": "fnLKPLkjjRCJ/F9wdmZ1w1lXmqEJvTYkv6Uu+9OTd5vZTWKz3QMuxKOsas+ctCdOvTaeloqPUUprXx+ZZdDpCg==",
|
|
2003
|
-
"signed_at": "2026-06-
|
|
2003
|
+
"signed_at": "2026-06-06T00:30:06.281Z",
|
|
2004
2004
|
"forward_watch": [
|
|
2005
2005
|
"Pwn2Own Berlin 2026 (disclosed 2026-05-14, embargo ends 2026-08-12) — NVIDIA Container Toolkit container escape ($50K award) by chompie / IBM X-Force XOR; high-severity container/hypervisor boundary break; track patch and KEV add post-embargo"
|
|
2006
2006
|
]
|
|
@@ -2074,7 +2074,7 @@
|
|
|
2074
2074
|
"MITRE ATLAS v5.6.0 (released May 2026) shipped the AML.T0010 sub-technique expansion this forecast tracked plus new techniques (\"Publish Poisoned AI Agent Tool\", \"Escape to Host\"); inventory now 16 tactics, 84 techniques, 56 sub-techniques. Forward watch: subsequent ATLAS minor and major releases — track next-cadence updates to agentic-AI TTPs and MLOps-pipeline-specific techniques"
|
|
2075
2075
|
],
|
|
2076
2076
|
"signature": "t3dkdpTX04zvjitEeOJThpgjurLd1UO9GOut4LXSZgY3ULhfknI4zT7G5+m2RSZZTo7yyeZrwpg+7vEg9K6mAw==",
|
|
2077
|
-
"signed_at": "2026-06-
|
|
2077
|
+
"signed_at": "2026-06-06T00:30:06.281Z"
|
|
2078
2078
|
},
|
|
2079
2079
|
{
|
|
2080
2080
|
"name": "incident-response-playbook",
|
|
@@ -2136,7 +2136,7 @@
|
|
|
2136
2136
|
"NYDFS 23 NYCRR 500.17 amendments tightening ransom-payment 24h disclosure operationalization"
|
|
2137
2137
|
],
|
|
2138
2138
|
"signature": "+1kmtA6rAvIyDjjy+cJHK6BcfylyVsa5cUjRFijlFR9GsQfB93JnmkEJOqML50pdlcxtJI3yUodHpL3/YJGtCA==",
|
|
2139
|
-
"signed_at": "2026-06-
|
|
2139
|
+
"signed_at": "2026-06-06T00:30:06.282Z"
|
|
2140
2140
|
},
|
|
2141
2141
|
{
|
|
2142
2142
|
"name": "ransomware-response",
|
|
@@ -2216,7 +2216,7 @@
|
|
|
2216
2216
|
],
|
|
2217
2217
|
"last_threat_review": "2026-05-22",
|
|
2218
2218
|
"signature": "h48ASCz63aBfHzLKxMVDADMuT4atriK0iE6bJeVzZTsx/e8+hyv4fLP7+zYxT9Oe0Gss3v/Xy+t+Wd9uwzV+Aw==",
|
|
2219
|
-
"signed_at": "2026-06-
|
|
2219
|
+
"signed_at": "2026-06-06T00:30:06.282Z"
|
|
2220
2220
|
},
|
|
2221
2221
|
{
|
|
2222
2222
|
"name": "email-security-anti-phishing",
|
|
@@ -2269,7 +2269,7 @@
|
|
|
2269
2269
|
"d3fend_refs": [],
|
|
2270
2270
|
"last_threat_review": "2026-05-18",
|
|
2271
2271
|
"signature": "FVBn4ex2qPIo9SHMVJ6tntoz4tVwjbIq3m6wDjjZyv2JODlS+90GBYCOkNamxxkmw/6de6SMs0YHQiF/xjo/DQ==",
|
|
2272
|
-
"signed_at": "2026-06-
|
|
2272
|
+
"signed_at": "2026-06-06T00:30:06.283Z"
|
|
2273
2273
|
},
|
|
2274
2274
|
{
|
|
2275
2275
|
"name": "age-gates-child-safety",
|
|
@@ -2337,7 +2337,7 @@
|
|
|
2337
2337
|
"US state adult-site age-verification laws — 19+ states by mid-2026 (TX HB 18 upheld by SCOTUS June 2025 in Free Speech Coalition v. Paxton); track ongoing challenges in remaining states"
|
|
2338
2338
|
],
|
|
2339
2339
|
"signature": "ZHVdGWCcfG98tSVB0b9mwrsYwv71V3uUEl+6ss7omSQhmNvqV5s6MAZM5YladBt9MK/8T/zBrTYN4gAonOP+BQ==",
|
|
2340
|
-
"signed_at": "2026-06-
|
|
2340
|
+
"signed_at": "2026-06-06T00:30:06.283Z"
|
|
2341
2341
|
},
|
|
2342
2342
|
{
|
|
2343
2343
|
"name": "cloud-iam-incident",
|
|
@@ -2417,7 +2417,7 @@
|
|
|
2417
2417
|
],
|
|
2418
2418
|
"last_threat_review": "2026-05-15",
|
|
2419
2419
|
"signature": "r9ii4nb3HJELdtKCGF5qy9PHOiot3GC24yfxfGAKlLENHkdRvRkvvL99eV/6RXyfUaMyrnc2Te8tPQcNu5bsDg==",
|
|
2420
|
-
"signed_at": "2026-06-
|
|
2420
|
+
"signed_at": "2026-06-06T00:30:06.284Z",
|
|
2421
2421
|
"forward_watch": [
|
|
2422
2422
|
"AWS IAM Identity Center session-policy refresh and step-up-on-admin enforcement (anticipated 2026-H2 release)",
|
|
2423
2423
|
"GCP Workload Identity Federation principal-set attribute mapping tightening (post-2026 Q3 Federation hardening guide)",
|
|
@@ -2511,7 +2511,7 @@
|
|
|
2511
2511
|
],
|
|
2512
2512
|
"last_threat_review": "2026-05-15",
|
|
2513
2513
|
"signature": "9mfDtMApMAg9V/lmwpniNxo/6gNZoOEoYDfyFvyWvKrPMtc7H9F8uz06FVoARe/J49saAKTVXOurNE1D/KtpCQ==",
|
|
2514
|
-
"signed_at": "2026-06-
|
|
2514
|
+
"signed_at": "2026-06-06T00:30:06.284Z",
|
|
2515
2515
|
"forward_watch": [
|
|
2516
2516
|
"Entra ID conditional access evolution post-Midnight Blizzard — Microsoft's 2025-2026 commitments on legacy-tenant MFA enforcement and OAuth-app consent gating",
|
|
2517
2517
|
"Okta IPSIE (Interoperability Profile for Secure Identity in the Enterprise) OpenID Foundation working-group output and adoption timeline",
|
|
@@ -2583,7 +2583,7 @@
|
|
|
2583
2583
|
"d3fend_refs": [],
|
|
2584
2584
|
"last_threat_review": "2026-06-02",
|
|
2585
2585
|
"signature": "dOFgANMtHm64uSFRjMfeA0fWZS9ISwMTt59I2CbjaF1PgTtbtb8yg/f+3pC4eXcXIET0KPGxRRmENycfIz3rAw==",
|
|
2586
|
-
"signed_at": "2026-06-
|
|
2586
|
+
"signed_at": "2026-06-06T00:30:06.284Z"
|
|
2587
2587
|
},
|
|
2588
2588
|
{
|
|
2589
2589
|
"name": "mail-server-hardening",
|
|
@@ -2642,7 +2642,7 @@
|
|
|
2642
2642
|
"d3fend_refs": [],
|
|
2643
2643
|
"last_threat_review": "2026-06-02",
|
|
2644
2644
|
"signature": "5x8RGzKo/T2IbYnFkYMZs16ThD9a5FEdrKHsnwvtMuGxdyyfZsKNIJVWw2I8O0um0UOXwwkl17Z3zhch26ymCQ==",
|
|
2645
|
-
"signed_at": "2026-06-
|
|
2645
|
+
"signed_at": "2026-06-06T00:30:06.284Z"
|
|
2646
2646
|
},
|
|
2647
2647
|
{
|
|
2648
2648
|
"name": "network-trust",
|
|
@@ -2698,7 +2698,7 @@
|
|
|
2698
2698
|
"d3fend_refs": [],
|
|
2699
2699
|
"last_threat_review": "2026-06-02",
|
|
2700
2700
|
"signature": "C/RdmnGjXKreKiGkwJfUESIxUwQzisGJ9A7KBdE9cBRBHBYHkAcScV89L+Z3kOG032Qax6LeIQai7Lr3nrQBCA==",
|
|
2701
|
-
"signed_at": "2026-06-
|
|
2701
|
+
"signed_at": "2026-06-06T00:30:06.285Z"
|
|
2702
2702
|
},
|
|
2703
2703
|
{
|
|
2704
2704
|
"name": "audit-log-integrity",
|
|
@@ -2753,7 +2753,7 @@
|
|
|
2753
2753
|
"d3fend_refs": [],
|
|
2754
2754
|
"last_threat_review": "2026-06-02",
|
|
2755
2755
|
"signature": "LvUAq+rXCA8PgNy9lTKOmFqa8T9EJg4JEH0axXvEAf9MIHqbR51ergUkFMLaTuvFuApwsPu0r1C30QgScZbiAw==",
|
|
2756
|
-
"signed_at": "2026-06-
|
|
2756
|
+
"signed_at": "2026-06-06T00:30:06.285Z"
|
|
2757
2757
|
},
|
|
2758
2758
|
{
|
|
2759
2759
|
"name": "self-update-integrity",
|
|
@@ -2807,7 +2807,7 @@
|
|
|
2807
2807
|
"d3fend_refs": [],
|
|
2808
2808
|
"last_threat_review": "2026-06-02",
|
|
2809
2809
|
"signature": "BOQZ8G9LdyG/tfpz6rCU4THz5Dq2HGJkUV7uCqSTCMrqnXH6seNXKM41FWawYo0s2VUlXtRgaO7ETp5qgxw+CQ==",
|
|
2810
|
-
"signed_at": "2026-06-
|
|
2810
|
+
"signed_at": "2026-06-06T00:30:06.285Z"
|
|
2811
2811
|
},
|
|
2812
2812
|
{
|
|
2813
2813
|
"name": "multitenancy-isolation",
|
|
@@ -2865,7 +2865,7 @@
|
|
|
2865
2865
|
"d3fend_refs": [],
|
|
2866
2866
|
"last_threat_review": "2026-06-02",
|
|
2867
2867
|
"signature": "bncN0VE4ns0lxtPe48xDR33lerw54BPVkSwX7XlrLQcMHTrV94lmjO8z4ZP4Ko61n+KpuP2SNU8v9JT0bGMmAA==",
|
|
2868
|
-
"signed_at": "2026-06-
|
|
2868
|
+
"signed_at": "2026-06-06T00:30:06.285Z"
|
|
2869
2869
|
},
|
|
2870
2870
|
{
|
|
2871
2871
|
"name": "decompression-dos",
|
|
@@ -2923,7 +2923,7 @@
|
|
|
2923
2923
|
"d3fend_refs": [],
|
|
2924
2924
|
"last_threat_review": "2026-06-02",
|
|
2925
2925
|
"signature": "03i0ZO5ScHIOjGvDKUEsws6m+20fnlJrEhSBtMU7PJzQutrPpmW9gULE0wbayTD5H9URh5nSKZuuVjvjVhZNCg==",
|
|
2926
|
-
"signed_at": "2026-06-
|
|
2926
|
+
"signed_at": "2026-06-06T00:30:06.285Z"
|
|
2927
2927
|
},
|
|
2928
2928
|
{
|
|
2929
2929
|
"name": "log-injection-telemetry",
|
|
@@ -2978,7 +2978,7 @@
|
|
|
2978
2978
|
"d3fend_refs": [],
|
|
2979
2979
|
"last_threat_review": "2026-06-02",
|
|
2980
2980
|
"signature": "twTmA2l+Am2k2PCzB2DNxDQwoYlGopJp/3QgQwBsP7h2LF+uNudisqfuOVV/bYnWfrUhuYZUWbsR3mhzbJCUBw==",
|
|
2981
|
-
"signed_at": "2026-06-
|
|
2981
|
+
"signed_at": "2026-06-06T00:30:06.286Z"
|
|
2982
2982
|
},
|
|
2983
2983
|
{
|
|
2984
2984
|
"name": "privacy-consent-ops",
|
|
@@ -3033,11 +3033,11 @@
|
|
|
3033
3033
|
"d3fend_refs": [],
|
|
3034
3034
|
"last_threat_review": "2026-06-02",
|
|
3035
3035
|
"signature": "0sfKSVrIf555c9bDGkXB96fUClN52fMAMYoQsNQ9eUUSzDiWUwdou+q0gYt43nObtj3m9Yb9X6q3oCXDVMgUDg==",
|
|
3036
|
-
"signed_at": "2026-06-
|
|
3036
|
+
"signed_at": "2026-06-06T00:30:06.286Z"
|
|
3037
3037
|
}
|
|
3038
3038
|
],
|
|
3039
3039
|
"manifest_signature": {
|
|
3040
3040
|
"algorithm": "Ed25519",
|
|
3041
|
-
"signature_base64": "
|
|
3041
|
+
"signature_base64": "yjbWNMCX7Be5GfNF5WciEnzDeuUyJ6NldTbYRA6nx5C2QXPJYyVJVCI1bZtH3EsxmgmM7Ap/Wjzb0kZ+UtiLAg=="
|
|
3042
3042
|
}
|
|
3043
3043
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@blamejs/exceptd-skills",
|
|
3
|
-
"version": "0.16.
|
|
3
|
+
"version": "0.16.25",
|
|
4
4
|
"description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 51 skills, 11 catalogs (439 CVEs / 177 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate, real XML parser + canonical-form diff + content-pattern regression detection, Ed25519-signed.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"ai-security",
|
package/sbom.cdx.json
CHANGED
|
@@ -1,22 +1,22 @@
|
|
|
1
1
|
{
|
|
2
2
|
"bomFormat": "CycloneDX",
|
|
3
3
|
"specVersion": "1.6",
|
|
4
|
-
"serialNumber": "urn:uuid:
|
|
4
|
+
"serialNumber": "urn:uuid:4be06296-b7a7-4bd7-9a37-610ea0d4f29b",
|
|
5
5
|
"version": 1,
|
|
6
6
|
"metadata": {
|
|
7
|
-
"timestamp": "
|
|
7
|
+
"timestamp": "2066-05-04T18:08:22.000Z",
|
|
8
8
|
"tools": [
|
|
9
9
|
{
|
|
10
10
|
"vendor": "blamejs",
|
|
11
11
|
"name": "scripts/refresh-sbom.js",
|
|
12
|
-
"version": "0.16.
|
|
12
|
+
"version": "0.16.25"
|
|
13
13
|
}
|
|
14
14
|
],
|
|
15
15
|
"component": {
|
|
16
|
-
"bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.16.
|
|
16
|
+
"bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.16.25",
|
|
17
17
|
"type": "application",
|
|
18
18
|
"name": "@blamejs/exceptd-skills",
|
|
19
|
-
"version": "0.16.
|
|
19
|
+
"version": "0.16.25",
|
|
20
20
|
"description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 51 skills, 11 catalogs (439 CVEs / 177 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate, real XML parser + canonical-form diff + content-pattern regression detection, Ed25519-signed.",
|
|
21
21
|
"licenses": [
|
|
22
22
|
{
|
|
@@ -25,17 +25,17 @@
|
|
|
25
25
|
}
|
|
26
26
|
}
|
|
27
27
|
],
|
|
28
|
-
"purl": "pkg:npm/%40blamejs/exceptd-skills@0.16.
|
|
28
|
+
"purl": "pkg:npm/%40blamejs/exceptd-skills@0.16.25",
|
|
29
29
|
"hashes": [
|
|
30
30
|
{
|
|
31
31
|
"alg": "SHA-256",
|
|
32
|
-
"content": "
|
|
32
|
+
"content": "5ef637e552a5ff3a2d5aa1f5eba8f27ffe7fbae273d5c849b57f8585a87c87a1"
|
|
33
33
|
}
|
|
34
34
|
],
|
|
35
35
|
"externalReferences": [
|
|
36
36
|
{
|
|
37
37
|
"type": "distribution",
|
|
38
|
-
"url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.16.
|
|
38
|
+
"url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.16.25"
|
|
39
39
|
},
|
|
40
40
|
{
|
|
41
41
|
"type": "vcs",
|
|
@@ -116,11 +116,11 @@
|
|
|
116
116
|
"hashes": [
|
|
117
117
|
{
|
|
118
118
|
"alg": "SHA-256",
|
|
119
|
-
"content": "
|
|
119
|
+
"content": "abc127f24f9df3b712d6bf1c3fc9a807e45d30dba6b4a4f36717eeabcf7ac5db"
|
|
120
120
|
},
|
|
121
121
|
{
|
|
122
122
|
"alg": "SHA3-512",
|
|
123
|
-
"content": "
|
|
123
|
+
"content": "8ef078cc62d24a611e4fbee7f78351e3b46c956a01c8f233f7a6c3694cb37b172763cd38e57e30ddd8b1d1a0ad020c6ec15d832c4a7a722f86c13f432bc1e1e8"
|
|
124
124
|
}
|
|
125
125
|
]
|
|
126
126
|
},
|
|
@@ -1481,11 +1481,11 @@
|
|
|
1481
1481
|
"hashes": [
|
|
1482
1482
|
{
|
|
1483
1483
|
"alg": "SHA-256",
|
|
1484
|
-
"content": "
|
|
1484
|
+
"content": "fd24753dbcacea52c27e3b9b14b7ee3b38618e321320b4ffc5521c6e186f40ea"
|
|
1485
1485
|
},
|
|
1486
1486
|
{
|
|
1487
1487
|
"alg": "SHA3-512",
|
|
1488
|
-
"content": "
|
|
1488
|
+
"content": "3222ecc66362e5beb02d0062a3d3ed3b6477e0d230558c0d6f60a09c0bfdaf38acc1fd0d7711227e0fa3ca23f348c8088b6ccdcc3e011d7c7f842e9e10e82c14"
|
|
1489
1489
|
}
|
|
1490
1490
|
]
|
|
1491
1491
|
},
|
|
@@ -1886,11 +1886,11 @@
|
|
|
1886
1886
|
"hashes": [
|
|
1887
1887
|
{
|
|
1888
1888
|
"alg": "SHA-256",
|
|
1889
|
-
"content": "
|
|
1889
|
+
"content": "9e5780f8d8bec94d6cff2d22e16c940f63e7a38d8dfefe17a201cf93eaeabf93"
|
|
1890
1890
|
},
|
|
1891
1891
|
{
|
|
1892
1892
|
"alg": "SHA3-512",
|
|
1893
|
-
"content": "
|
|
1893
|
+
"content": "293c8fa7baf29b0d170319cc726f7a0c4125de3f7e946ce7144fc9da0b20951dde1bb83883155649c640ccd5feb5450cb760c5a1d04738dfd654b431295a7a05"
|
|
1894
1894
|
}
|
|
1895
1895
|
]
|
|
1896
1896
|
},
|