@zerothreatai/vulnerability-registry 1.0.0

package/src/types.d.ts

@@ -0,0 +1,86 @@
+/**
+ * Vulnerability Registry - Core Types
+ *
+ * Central type definitions for all vulnerability definitions.
+ */
+/**
+ * Vulnerability severity levels
+ */
+export type Severity = 'critical' | 'high' | 'medium' | 'low' | 'info';
+/**
+ * CVSS v3.1 severity ratings
+ */
+export type CVSSSeverity = 'CRITICAL' | 'HIGH' | 'MEDIUM' | 'LOW' | 'NONE';
+/**
+ * Vulnerability categories
+ */
+export type VulnerabilityCategory = 'injection' | 'xss' | 'authentication' | 'access_control' | 'configuration' | 'information_disclosure' | 'cryptographic' | 'business_logic' | 'ssrf' | 'file_inclusion';
+/**
+ * CVSS v3.1 Score data
+ */
+export interface CVSSProfile {
+    /** Base score (0.0 - 10.0) */
+    score: number;
+    /** Full CVSS vector string */
+    vector: string;
+    /** Severity rating derived from score */
+    severity: CVSSSeverity;
+}
+/**
+ * CWE (Common Weakness Enumeration) reference
+ */
+export interface CWEReference {
+    /** CWE ID (e.g., "CWE-89") */
+    id: string;
+    /** CWE name */
+    name: string;
+    /** URL to CWE definition */
+    url: string;
+}
+/**
+ * OWASP reference
+ */
+export interface OWASPReference {
+    /** OWASP ID (e.g., "A03:2021") */
+    id: string;
+    /** OWASP category name */
+    name: string;
+    /** URL to OWASP definition */
+    url: string;
+}
+/**
+ * Complete vulnerability definition
+ */
+export interface VulnerabilityDefinition {
+    /** Unique numeric identifier */
+    id: number;
+    /** Unique vulnerability code */
+    code: string;
+    /** Human-readable title */
+    title: string;
+    /** Detailed description (100+ characters) */
+    description: string;
+    /** Severity level */
+    severity: Severity;
+    /** Vulnerability category */
+    category: VulnerabilityCategory;
+    /** Scanner that detects this vulnerability */
+    scanner: string;
+    /** CVSS v3.1 profile */
+    cvss: CVSSProfile;
+    /** Associated CWE references */
+    cwe: CWEReference[];
+    /** Associated OWASP references */
+    owasp: OWASPReference[];
+    /** Remediation guidance */
+    remediation: string;
+    /** Additional reference URLs */
+    references?: string[];
+}
+/**
+ * Vulnerability registry lookup result
+ */
+export interface VulnerabilityLookup {
+    found: boolean;
+    definition?: VulnerabilityDefinition;
+}

package/src/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;GAEG;AACH,MAAM,MAAM,QAAQ,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;AAEvE;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;AAE3E;;GAEG;AACH,MAAM,MAAM,qBAAqB,GAC3B,WAAW,GACX,KAAK,GACL,gBAAgB,GAChB,gBAAgB,GAChB,eAAe,GACf,wBAAwB,GACxB,eAAe,GACf,gBAAgB,GAChB,MAAM,GACN,gBAAgB,CAAC;AAEvB;;GAEG;AACH,MAAM,WAAW,WAAW;IACxB,8BAA8B;IAC9B,KAAK,EAAE,MAAM,CAAC;IACd,8BAA8B;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,yCAAyC;IACzC,QAAQ,EAAE,YAAY,CAAC;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IACzB,8BAA8B;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,eAAe;IACf,IAAI,EAAE,MAAM,CAAC;IACb,4BAA4B;IAC5B,GAAG,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC3B,kCAAkC;IAClC,EAAE,EAAE,MAAM,CAAC;IACX,0BAA0B;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,8BAA8B;IAC9B,GAAG,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACpC,gCAAgC;IAChC,EAAE,EAAE,MAAM,CAAC;IACX,gCAAgC;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,2BAA2B;IAC3B,KAAK,EAAE,MAAM,CAAC;IACd,6CAA6C;IAC7C,WAAW,EAAE,MAAM,CAAC;IACpB,qBAAqB;IACrB,QAAQ,EAAE,QAAQ,CAAC;IACnB,6BAA6B;IAC7B,QAAQ,EAAE,qBAAqB,CAAC;IAChC,8CAA8C;IAC9C,OAAO,EAAE,MAAM,CAAC;IAEhB,wBAAwB;IACxB,IAAI,EAAE,WAAW,CAAC;IAElB,gCAAgC;IAChC,GAAG,EAAE,YAAY,EAAE,CAAC;IAEpB,kCAAkC;IAClC,KAAK,EAAE,cAAc,EAAE,CAAC;IAExB,2BAA2B;IAC3B,WAAW,EAAE,MAAM,CAAC;IAEpB,gCAAgC;IAChC,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAChC,KAAK,EAAE,OAAO,CAAC;IACf,UAAU,CAAC,EAAE,uBAAuB,CAAC;CACxC"}

package/src/types.js

@@ -0,0 +1,7 @@
+"use strict";
+/**
+ * Vulnerability Registry - Core Types
+ *
+ * Central type definitions for all vulnerability definitions.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });

package/src/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["types.ts"],"names":[],"mappings":"AAAA;;;;GAIG"}

package/src/types.ts

@@ -0,0 +1,109 @@
+/**
+ * Vulnerability Registry - Core Types
+ * 
+ * Central type definitions for all vulnerability definitions.
+ */
+
+/**
+ * Vulnerability severity levels
+ */
+export type Severity = 'critical' | 'high' | 'medium' | 'low' | 'info';
+
+/**
+ * CVSS v3.1 severity ratings
+ */
+export type CVSSSeverity = 'CRITICAL' | 'HIGH' | 'MEDIUM' | 'LOW' | 'NONE';
+
+/**
+ * Vulnerability categories
+ */
+export type VulnerabilityCategory =
+    | 'injection'
+    | 'xss'
+    | 'authentication'
+    | 'access_control'
+    | 'configuration'
+    | 'information_disclosure'
+    | 'cryptographic'
+    | 'business_logic'
+    | 'ssrf'
+    | 'file_inclusion';
+
+/**
+ * CVSS v3.1 Score data
+ */
+export interface CVSSProfile {
+    /** Base score (0.0 - 10.0) */
+    score: number;
+    /** Full CVSS vector string */
+    vector: string;
+    /** Severity rating derived from score */
+    severity: CVSSSeverity;
+}
+
+/**
+ * CWE (Common Weakness Enumeration) reference
+ */
+export interface CWEReference {
+    /** CWE ID (e.g., "CWE-89") */
+    id: string;
+    /** CWE name */
+    name: string;
+    /** URL to CWE definition */
+    url: string;
+}
+
+/**
+ * OWASP reference
+ */
+export interface OWASPReference {
+    /** OWASP ID (e.g., "A03:2021") */
+    id: string;
+    /** OWASP category name */
+    name: string;
+    /** URL to OWASP definition */
+    url: string;
+}
+
+/**
+ * Complete vulnerability definition
+ */
+export interface VulnerabilityDefinition {
+    /** Unique numeric identifier */
+    id: number;
+    /** Unique vulnerability code */
+    code: string;
+    /** Human-readable title */
+    title: string;
+    /** Detailed description (100+ characters) */
+    description: string;
+    /** Severity level */
+    severity: Severity;
+    /** Vulnerability category */
+    category: VulnerabilityCategory;
+    /** Scanner that detects this vulnerability */
+    scanner: string;
+
+    /** CVSS v3.1 profile */
+    cvss: CVSSProfile;
+
+    /** Associated CWE references */
+    cwe: CWEReference[];
+
+    /** Associated OWASP references */
+    owasp: OWASPReference[];
+
+    /** Remediation guidance */
+    remediation: string;
+
+    /** Additional reference URLs */
+    references?: string[];
+}
+
+/**
+ * Vulnerability registry lookup result
+ */
+export interface VulnerabilityLookup {
+    found: boolean;
+    definition?: VulnerabilityDefinition;
+}

package/tsconfig.cjs.json

@@ -0,0 +1,8 @@
+{
+    "extends": "./tsconfig.json",
+    "compilerOptions": {
+        "module": "CommonJS",
+        "outDir": "./dist-cjs",
+        "declaration": false
+    }
+}

package/tsconfig.json

@@ -0,0 +1,21 @@
+{
+    "compilerOptions": {
+        "target": "ES2022",
+        "module": "ESNext",
+        "moduleResolution": "node",
+        "declaration": true,
+        "outDir": "./dist",
+        "strict": true,
+        "esModuleInterop": true,
+        "skipLibCheck": true,
+        "forceConsistentCasingInFileNames": true,
+        "rootDir": "./src"
+    },
+    "include": [
+        "src/**/*"
+    ],
+    "exclude": [
+        "node_modules",
+        "dist"
+    ]
+}