@zerothreatai/vulnerability-registry 2.0.0 → 4.0.0

package/src/category.ts

@@ -0,0 +1,16 @@
+/**
+ * Category registry - human-friendly titles for categories.
+ */
+
+export const CATEGORY_REGISTRY: Record<string, { title: string }> = {
+  "injection": { title: "Injection" },
+  "xss": { title: "Cross-Site Scripting" },
+  "authentication": { title: "Authentication" },
+  "access_control": { title: "Access Control" },
+  "configuration": { title: "Configuration" },
+  "information_disclosure": { title: "Information Disclosure" },
+  "cryptographic": { title: "Cryptographic" },
+  "business_logic": { title: "Business Logic" },
+  "ssrf": { title: "Server-Side Request Forgery" },
+  "file_inclusion": { title: "File Inclusion" },
+};

package/src/error-codes.d.ts

@@ -84,13 +84,31 @@ export declare enum VulnerabilityCode {
     HEADER_MISSING_REFERRER_POLICY = "HEADER_MISSING_REFERRER_POLICY",
     HEADER_MISSING_PERMISSIONS_POLICY = "HEADER_MISSING_PERMISSIONS_POLICY",
     HEADER_WEAK_CSP = "HEADER_WEAK_CSP",
+    HEADER_CSP_REPORT_ONLY = "HEADER_CSP_REPORT_ONLY",
+    HEADER_CSP_WEAK_DIRECTIVES = "HEADER_CSP_WEAK_DIRECTIVES",
+    HEADER_CSP_DATA_URI_SCRIPT = "HEADER_CSP_DATA_URI_SCRIPT",
+    HEADER_CSP_BLOB_URI_SCRIPT = "HEADER_CSP_BLOB_URI_SCRIPT",
+    HEADER_CSP_WILDCARD_DEFAULT = "HEADER_CSP_WILDCARD_DEFAULT",
+    HEADER_CSP_NO_BASE_URI = "HEADER_CSP_NO_BASE_URI",
+    HEADER_CSP_NO_OBJECT_SRC = "HEADER_CSP_NO_OBJECT_SRC",
+    HEADER_CSP_NO_FRAME_ANCESTORS = "HEADER_CSP_NO_FRAME_ANCESTORS",
     HEADER_CORS_MISCONFIGURED = "HEADER_CORS_MISCONFIGURED",
+    HEADER_CORS_STAR_WITH_CREDENTIALS = "HEADER_CORS_STAR_WITH_CREDENTIALS",
+    HEADER_CORS_ORIGIN_REFLECT_NO_VARY = "HEADER_CORS_ORIGIN_REFLECT_NO_VARY",
+    HEADER_CORS_NULL_ORIGIN = "HEADER_CORS_NULL_ORIGIN",
+    HEADER_CORS_WILDCARD_SUBDOMAIN = "HEADER_CORS_WILDCARD_SUBDOMAIN",
     HEADER_COEP_WITHOUT_COOP = "HEADER_COEP_WITHOUT_COOP",
     HEADER_CORP_UNUSUAL = "HEADER_CORP_UNUSUAL",
     HEADER_EXPECT_CT_PRESENT = "HEADER_EXPECT_CT_PRESENT",
     HEADER_SERVER_HEADER_PRESENT = "HEADER_SERVER_HEADER_PRESENT",
     HEADER_X_POWERED_BY_PRESENT = "HEADER_X_POWERED_BY_PRESENT",
     HEADER_X_XSS_PROTECTION_ENABLED = "HEADER_X_XSS_PROTECTION_ENABLED",
+    HEADER_XCONTENT_TYPE_INVALID = "HEADER_XCONTENT_TYPE_INVALID",
+    HEADER_REFERRER_POLICY_UNSAFE = "HEADER_REFERRER_POLICY_UNSAFE",
+    HEADER_HSTS_BAD_MAX_AGE = "HEADER_HSTS_BAD_MAX_AGE",
+    HEADER_HSTS_SHORT_MAX_AGE = "HEADER_HSTS_SHORT_MAX_AGE",
+    HEADER_HSTS_NO_INCLUDESUBDOMAINS = "HEADER_HSTS_NO_INCLUDESUBDOMAINS",
+    HEADER_HSTS_PRELOAD_LOW_MAX_AGE = "HEADER_HSTS_PRELOAD_LOW_MAX_AGE",
     COOKIE_SAMESITE_NONE_WITHOUT_SECURE = "COOKIE_SAMESITE_NONE_WITHOUT_SECURE",
     COOKIE_SESSION_MISSING_SECURE = "COOKIE_SESSION_MISSING_SECURE",
     COOKIE_MISSING_SECURE = "COOKIE_MISSING_SECURE",
@@ -111,6 +129,26 @@ export declare enum VulnerabilityCode {
     HOST_CACHE_POISONING = "HOST_CACHE_POISONING",
     HOST_PASSWORD_RESET = "HOST_PASSWORD_RESET",
     HOST_REDIRECT = "HOST_REDIRECT",
+    DIRBROWSE_GENERIC = "DIRBROWSE_GENERIC",
+    DIRBROWSE_GENERIC_SENSITIVE = "DIRBROWSE_GENERIC_SENSITIVE",
+    DIRBROWSE_APACHE = "DIRBROWSE_APACHE",
+    DIRBROWSE_APACHE_SENSITIVE = "DIRBROWSE_APACHE_SENSITIVE",
+    DIRBROWSE_NGINX = "DIRBROWSE_NGINX",
+    DIRBROWSE_NGINX_SENSITIVE = "DIRBROWSE_NGINX_SENSITIVE",
+    DIRBROWSE_IIS = "DIRBROWSE_IIS",
+    DIRBROWSE_IIS_SENSITIVE = "DIRBROWSE_IIS_SENSITIVE",
+    DIRBROWSE_TOMCAT = "DIRBROWSE_TOMCAT",
+    DIRBROWSE_TOMCAT_SENSITIVE = "DIRBROWSE_TOMCAT_SENSITIVE",
+    DIRBROWSE_CADDY = "DIRBROWSE_CADDY",
+    DIRBROWSE_CADDY_SENSITIVE = "DIRBROWSE_CADDY_SENSITIVE",
+    DIRBROWSE_WEBDAV = "DIRBROWSE_WEBDAV",
+    DIRBROWSE_WEBDAV_SENSITIVE = "DIRBROWSE_WEBDAV_SENSITIVE",
+    DIRBROWSE_S3 = "DIRBROWSE_S3",
+    DIRBROWSE_S3_SENSITIVE = "DIRBROWSE_S3_SENSITIVE",
+    DIRBROWSE_GCS = "DIRBROWSE_GCS",
+    DIRBROWSE_GCS_SENSITIVE = "DIRBROWSE_GCS_SENSITIVE",
+    DIRBROWSE_AZURE_BLOB = "DIRBROWSE_AZURE_BLOB",
+    DIRBROWSE_AZURE_BLOB_SENSITIVE = "DIRBROWSE_AZURE_BLOB_SENSITIVE",
     DIRBROWSE_ENABLED = "DIRBROWSE_ENABLED",
     DIRBROWSE_SENSITIVE = "DIRBROWSE_SENSITIVE",
     MASSASSIGN_PROTOTYPE_POLLUTION = "MASSASSIGN_PROTOTYPE_POLLUTION",

package/src/error-codes.js

@@ -1,13 +1,10 @@
-"use strict";
 /**
  * Vulnerability Registry - Error Codes
  *
  * Central enum containing all vulnerability error codes across all scanners.
  * Each code maps to a complete VulnerabilityDefinition.
  */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.VulnerabilityCode = void 0;
-var VulnerabilityCode;
+export var VulnerabilityCode;
 (function (VulnerabilityCode) {
     // ========================================
     // SQL INJECTION (SQLI_*)
@@ -124,13 +121,31 @@ var VulnerabilityCode;
     VulnerabilityCode["HEADER_MISSING_REFERRER_POLICY"] = "HEADER_MISSING_REFERRER_POLICY";
     VulnerabilityCode["HEADER_MISSING_PERMISSIONS_POLICY"] = "HEADER_MISSING_PERMISSIONS_POLICY";
     VulnerabilityCode["HEADER_WEAK_CSP"] = "HEADER_WEAK_CSP";
+    VulnerabilityCode["HEADER_CSP_REPORT_ONLY"] = "HEADER_CSP_REPORT_ONLY";
+    VulnerabilityCode["HEADER_CSP_WEAK_DIRECTIVES"] = "HEADER_CSP_WEAK_DIRECTIVES";
+    VulnerabilityCode["HEADER_CSP_DATA_URI_SCRIPT"] = "HEADER_CSP_DATA_URI_SCRIPT";
+    VulnerabilityCode["HEADER_CSP_BLOB_URI_SCRIPT"] = "HEADER_CSP_BLOB_URI_SCRIPT";
+    VulnerabilityCode["HEADER_CSP_WILDCARD_DEFAULT"] = "HEADER_CSP_WILDCARD_DEFAULT";
+    VulnerabilityCode["HEADER_CSP_NO_BASE_URI"] = "HEADER_CSP_NO_BASE_URI";
+    VulnerabilityCode["HEADER_CSP_NO_OBJECT_SRC"] = "HEADER_CSP_NO_OBJECT_SRC";
+    VulnerabilityCode["HEADER_CSP_NO_FRAME_ANCESTORS"] = "HEADER_CSP_NO_FRAME_ANCESTORS";
     VulnerabilityCode["HEADER_CORS_MISCONFIGURED"] = "HEADER_CORS_MISCONFIGURED";
+    VulnerabilityCode["HEADER_CORS_STAR_WITH_CREDENTIALS"] = "HEADER_CORS_STAR_WITH_CREDENTIALS";
+    VulnerabilityCode["HEADER_CORS_ORIGIN_REFLECT_NO_VARY"] = "HEADER_CORS_ORIGIN_REFLECT_NO_VARY";
+    VulnerabilityCode["HEADER_CORS_NULL_ORIGIN"] = "HEADER_CORS_NULL_ORIGIN";
+    VulnerabilityCode["HEADER_CORS_WILDCARD_SUBDOMAIN"] = "HEADER_CORS_WILDCARD_SUBDOMAIN";
     VulnerabilityCode["HEADER_COEP_WITHOUT_COOP"] = "HEADER_COEP_WITHOUT_COOP";
     VulnerabilityCode["HEADER_CORP_UNUSUAL"] = "HEADER_CORP_UNUSUAL";
     VulnerabilityCode["HEADER_EXPECT_CT_PRESENT"] = "HEADER_EXPECT_CT_PRESENT";
     VulnerabilityCode["HEADER_SERVER_HEADER_PRESENT"] = "HEADER_SERVER_HEADER_PRESENT";
     VulnerabilityCode["HEADER_X_POWERED_BY_PRESENT"] = "HEADER_X_POWERED_BY_PRESENT";
     VulnerabilityCode["HEADER_X_XSS_PROTECTION_ENABLED"] = "HEADER_X_XSS_PROTECTION_ENABLED";
+    VulnerabilityCode["HEADER_XCONTENT_TYPE_INVALID"] = "HEADER_XCONTENT_TYPE_INVALID";
+    VulnerabilityCode["HEADER_REFERRER_POLICY_UNSAFE"] = "HEADER_REFERRER_POLICY_UNSAFE";
+    VulnerabilityCode["HEADER_HSTS_BAD_MAX_AGE"] = "HEADER_HSTS_BAD_MAX_AGE";
+    VulnerabilityCode["HEADER_HSTS_SHORT_MAX_AGE"] = "HEADER_HSTS_SHORT_MAX_AGE";
+    VulnerabilityCode["HEADER_HSTS_NO_INCLUDESUBDOMAINS"] = "HEADER_HSTS_NO_INCLUDESUBDOMAINS";
+    VulnerabilityCode["HEADER_HSTS_PRELOAD_LOW_MAX_AGE"] = "HEADER_HSTS_PRELOAD_LOW_MAX_AGE";
     VulnerabilityCode["COOKIE_SAMESITE_NONE_WITHOUT_SECURE"] = "COOKIE_SAMESITE_NONE_WITHOUT_SECURE";
     VulnerabilityCode["COOKIE_SESSION_MISSING_SECURE"] = "COOKIE_SESSION_MISSING_SECURE";
     VulnerabilityCode["COOKIE_MISSING_SECURE"] = "COOKIE_MISSING_SECURE";
@@ -157,6 +172,26 @@ var VulnerabilityCode;
     // ========================================
     // DIRECTORY BROWSING (DIRBROWSE_*)
     // ========================================
+    VulnerabilityCode["DIRBROWSE_GENERIC"] = "DIRBROWSE_GENERIC";
+    VulnerabilityCode["DIRBROWSE_GENERIC_SENSITIVE"] = "DIRBROWSE_GENERIC_SENSITIVE";
+    VulnerabilityCode["DIRBROWSE_APACHE"] = "DIRBROWSE_APACHE";
+    VulnerabilityCode["DIRBROWSE_APACHE_SENSITIVE"] = "DIRBROWSE_APACHE_SENSITIVE";
+    VulnerabilityCode["DIRBROWSE_NGINX"] = "DIRBROWSE_NGINX";
+    VulnerabilityCode["DIRBROWSE_NGINX_SENSITIVE"] = "DIRBROWSE_NGINX_SENSITIVE";
+    VulnerabilityCode["DIRBROWSE_IIS"] = "DIRBROWSE_IIS";
+    VulnerabilityCode["DIRBROWSE_IIS_SENSITIVE"] = "DIRBROWSE_IIS_SENSITIVE";
+    VulnerabilityCode["DIRBROWSE_TOMCAT"] = "DIRBROWSE_TOMCAT";
+    VulnerabilityCode["DIRBROWSE_TOMCAT_SENSITIVE"] = "DIRBROWSE_TOMCAT_SENSITIVE";
+    VulnerabilityCode["DIRBROWSE_CADDY"] = "DIRBROWSE_CADDY";
+    VulnerabilityCode["DIRBROWSE_CADDY_SENSITIVE"] = "DIRBROWSE_CADDY_SENSITIVE";
+    VulnerabilityCode["DIRBROWSE_WEBDAV"] = "DIRBROWSE_WEBDAV";
+    VulnerabilityCode["DIRBROWSE_WEBDAV_SENSITIVE"] = "DIRBROWSE_WEBDAV_SENSITIVE";
+    VulnerabilityCode["DIRBROWSE_S3"] = "DIRBROWSE_S3";
+    VulnerabilityCode["DIRBROWSE_S3_SENSITIVE"] = "DIRBROWSE_S3_SENSITIVE";
+    VulnerabilityCode["DIRBROWSE_GCS"] = "DIRBROWSE_GCS";
+    VulnerabilityCode["DIRBROWSE_GCS_SENSITIVE"] = "DIRBROWSE_GCS_SENSITIVE";
+    VulnerabilityCode["DIRBROWSE_AZURE_BLOB"] = "DIRBROWSE_AZURE_BLOB";
+    VulnerabilityCode["DIRBROWSE_AZURE_BLOB_SENSITIVE"] = "DIRBROWSE_AZURE_BLOB_SENSITIVE";
     VulnerabilityCode["DIRBROWSE_ENABLED"] = "DIRBROWSE_ENABLED";
     VulnerabilityCode["DIRBROWSE_SENSITIVE"] = "DIRBROWSE_SENSITIVE";
     // ========================================
@@ -311,5 +346,5 @@ var VulnerabilityCode;
     // ========================================
     VulnerabilityCode["CLICK_FRAMEABLE"] = "CLICK_FRAMEABLE";
     VulnerabilityCode["CLICK_PARTIAL_PROTECTION"] = "CLICK_PARTIAL_PROTECTION";
-})(VulnerabilityCode || (exports.VulnerabilityCode = VulnerabilityCode = {}));
-exports.default = VulnerabilityCode;
+})(VulnerabilityCode || (VulnerabilityCode = {}));
+export default VulnerabilityCode;

package/src/error-codes.ts

@@ -182,11 +182,31 @@ export enum VulnerabilityCode {
     HOST_PASSWORD_RESET = 'HOST_PASSWORD_RESET',
     HOST_REDIRECT = 'HOST_REDIRECT',
 
-    // ========================================
-    // DIRECTORY BROWSING (DIRBROWSE_*)
-    // ========================================
-    DIRBROWSE_ENABLED = 'DIRBROWSE_ENABLED',
-    DIRBROWSE_SENSITIVE = 'DIRBROWSE_SENSITIVE',
+    // ========================================
+    // DIRECTORY BROWSING (DIRBROWSE_*)
+    // ========================================
+    DIRBROWSE_GENERIC = 'DIRBROWSE_GENERIC',
+    DIRBROWSE_GENERIC_SENSITIVE = 'DIRBROWSE_GENERIC_SENSITIVE',
+    DIRBROWSE_APACHE = 'DIRBROWSE_APACHE',
+    DIRBROWSE_APACHE_SENSITIVE = 'DIRBROWSE_APACHE_SENSITIVE',
+    DIRBROWSE_NGINX = 'DIRBROWSE_NGINX',
+    DIRBROWSE_NGINX_SENSITIVE = 'DIRBROWSE_NGINX_SENSITIVE',
+    DIRBROWSE_IIS = 'DIRBROWSE_IIS',
+    DIRBROWSE_IIS_SENSITIVE = 'DIRBROWSE_IIS_SENSITIVE',
+    DIRBROWSE_TOMCAT = 'DIRBROWSE_TOMCAT',
+    DIRBROWSE_TOMCAT_SENSITIVE = 'DIRBROWSE_TOMCAT_SENSITIVE',
+    DIRBROWSE_CADDY = 'DIRBROWSE_CADDY',
+    DIRBROWSE_CADDY_SENSITIVE = 'DIRBROWSE_CADDY_SENSITIVE',
+    DIRBROWSE_WEBDAV = 'DIRBROWSE_WEBDAV',
+    DIRBROWSE_WEBDAV_SENSITIVE = 'DIRBROWSE_WEBDAV_SENSITIVE',
+    DIRBROWSE_S3 = 'DIRBROWSE_S3',
+    DIRBROWSE_S3_SENSITIVE = 'DIRBROWSE_S3_SENSITIVE',
+    DIRBROWSE_GCS = 'DIRBROWSE_GCS',
+    DIRBROWSE_GCS_SENSITIVE = 'DIRBROWSE_GCS_SENSITIVE',
+    DIRBROWSE_AZURE_BLOB = 'DIRBROWSE_AZURE_BLOB',
+    DIRBROWSE_AZURE_BLOB_SENSITIVE = 'DIRBROWSE_AZURE_BLOB_SENSITIVE',
+    DIRBROWSE_ENABLED = 'DIRBROWSE_ENABLED',
+    DIRBROWSE_SENSITIVE = 'DIRBROWSE_SENSITIVE',
 
     // ========================================
     // MASS ASSIGNMENT (MASSASSIGN_*)

package/src/index.js

@@ -1,48 +1,32 @@
-"use strict";
 /**
  * Vulnerability Registry - Main Entry Point
  *
  * Exports all vulnerability codes, definitions, and lookup utilities
  */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.SENSITIVE_PATH_VULNERABILITIES = exports.CONFIG_VULNERABILITIES = exports.AUTH_VULNERABILITIES = exports.SSRF_VULNERABILITIES = exports.XSS_VULNERABILITIES = exports.INJECTION_VULNERABILITIES = exports.VulnerabilityCode = exports.VULNERABILITY_REGISTRY = void 0;
-exports.getVulnerabilityDefinition = getVulnerabilityDefinition;
-exports.getVulnerabilitiesByScanner = getVulnerabilitiesByScanner;
-exports.getVulnerabilitiesByCategory = getVulnerabilitiesByCategory;
-exports.getVulnerabilitiesBySeverity = getVulnerabilitiesBySeverity;
-exports.getAllVulnerabilityCodes = getAllVulnerabilityCodes;
-exports.getVulnerabilityCount = getVulnerabilityCount;
-exports.createFinding = createFinding;
-const error_codes_js_1 = require("./error-codes.js");
+import { VulnerabilityCode } from './error-codes.js';
 // Import all category definitions
-const injection_js_1 = require("./categories/injection.js");
-Object.defineProperty(exports, "INJECTION_VULNERABILITIES", { enumerable: true, get: function () { return injection_js_1.INJECTION_VULNERABILITIES; } });
-const xss_js_1 = require("./categories/xss.js");
-Object.defineProperty(exports, "XSS_VULNERABILITIES", { enumerable: true, get: function () { return xss_js_1.XSS_VULNERABILITIES; } });
-const ssrf_js_1 = require("./categories/ssrf.js");
-Object.defineProperty(exports, "SSRF_VULNERABILITIES", { enumerable: true, get: function () { return ssrf_js_1.SSRF_VULNERABILITIES; } });
-const authentication_js_1 = require("./categories/authentication.js");
-Object.defineProperty(exports, "AUTH_VULNERABILITIES", { enumerable: true, get: function () { return authentication_js_1.AUTH_VULNERABILITIES; } });
-const configuration_js_1 = require("./categories/configuration.js");
-Object.defineProperty(exports, "CONFIG_VULNERABILITIES", { enumerable: true, get: function () { return configuration_js_1.CONFIG_VULNERABILITIES; } });
-const sensitive_paths_js_1 = require("./categories/sensitive-paths.js");
-Object.defineProperty(exports, "SENSITIVE_PATH_VULNERABILITIES", { enumerable: true, get: function () { return sensitive_paths_js_1.SENSITIVE_PATH_VULNERABILITIES; } });
+import { INJECTION_VULNERABILITIES } from './categories/injection.js';
+import { XSS_VULNERABILITIES } from './categories/xss.js';
+import { SSRF_VULNERABILITIES } from './categories/ssrf.js';
+import { AUTH_VULNERABILITIES } from './categories/authentication.js';
+import { CONFIG_VULNERABILITIES } from './categories/configuration.js';
+import { SENSITIVE_PATH_VULNERABILITIES } from './categories/sensitive-paths.js';
 /**
  * Complete vulnerability registry combining all categories
  */
-exports.VULNERABILITY_REGISTRY = {
-    ...injection_js_1.INJECTION_VULNERABILITIES,
-    ...xss_js_1.XSS_VULNERABILITIES,
-    ...ssrf_js_1.SSRF_VULNERABILITIES,
-    ...authentication_js_1.AUTH_VULNERABILITIES,
-    ...configuration_js_1.CONFIG_VULNERABILITIES,
-    ...sensitive_paths_js_1.SENSITIVE_PATH_VULNERABILITIES,
+export const VULNERABILITY_REGISTRY = {
+    ...INJECTION_VULNERABILITIES,
+    ...XSS_VULNERABILITIES,
+    ...SSRF_VULNERABILITIES,
+    ...AUTH_VULNERABILITIES,
+    ...CONFIG_VULNERABILITIES,
+    ...SENSITIVE_PATH_VULNERABILITIES,
 };
 /**
  * Get vulnerability definition by code
  */
-function getVulnerabilityDefinition(code) {
-    const definition = exports.VULNERABILITY_REGISTRY[code];
+export function getVulnerabilityDefinition(code) {
+    const definition = VULNERABILITY_REGISTRY[code];
     if (definition) {
         return { found: true, definition };
     }
@@ -51,37 +35,37 @@ function getVulnerabilityDefinition(code) {
 /**
  * Get all vulnerabilities for a specific scanner
  */
-function getVulnerabilitiesByScanner(scanner) {
-    return Object.values(exports.VULNERABILITY_REGISTRY).filter(v => v.scanner === scanner);
+export function getVulnerabilitiesByScanner(scanner) {
+    return Object.values(VULNERABILITY_REGISTRY).filter(v => v.scanner === scanner);
 }
 /**
  * Get all vulnerabilities for a specific category
  */
-function getVulnerabilitiesByCategory(category) {
-    return Object.values(exports.VULNERABILITY_REGISTRY).filter(v => v.category === category);
+export function getVulnerabilitiesByCategory(category) {
+    return Object.values(VULNERABILITY_REGISTRY).filter(v => v.category === category);
 }
 /**
  * Get all vulnerabilities for a specific severity
  */
-function getVulnerabilitiesBySeverity(severity) {
-    return Object.values(exports.VULNERABILITY_REGISTRY).filter(v => v.severity === severity);
+export function getVulnerabilitiesBySeverity(severity) {
+    return Object.values(VULNERABILITY_REGISTRY).filter(v => v.severity === severity);
 }
 /**
  * Get all vulnerability codes
  */
-function getAllVulnerabilityCodes() {
-    return Object.values(error_codes_js_1.VulnerabilityCode);
+export function getAllVulnerabilityCodes() {
+    return Object.values(VulnerabilityCode);
 }
 /**
  * Get total count of registered vulnerabilities
  */
-function getVulnerabilityCount() {
-    return Object.keys(exports.VULNERABILITY_REGISTRY).length;
+export function getVulnerabilityCount() {
+    return Object.keys(VULNERABILITY_REGISTRY).length;
 }
 /**
  * Create a finding with vulnerability definition
  */
-function createFinding(code, overrides) {
+export function createFinding(code, overrides) {
     const lookup = getVulnerabilityDefinition(code);
     if (!lookup.found || !lookup.definition) {
         return null;
@@ -92,11 +76,12 @@ function createFinding(code, overrides) {
     };
 }
 // Re-export all types and enums
-var error_codes_js_2 = require("./error-codes.js");
-Object.defineProperty(exports, "VulnerabilityCode", { enumerable: true, get: function () { return error_codes_js_2.VulnerabilityCode; } });
-exports.default = {
-    VulnerabilityCode: error_codes_js_1.VulnerabilityCode,
-    VULNERABILITY_REGISTRY: exports.VULNERABILITY_REGISTRY,
+export { VulnerabilityCode } from './error-codes.js';
+// Export category definitions for direct access
+export { INJECTION_VULNERABILITIES, XSS_VULNERABILITIES, SSRF_VULNERABILITIES, AUTH_VULNERABILITIES, CONFIG_VULNERABILITIES, SENSITIVE_PATH_VULNERABILITIES, };
+export default {
+    VulnerabilityCode,
+    VULNERABILITY_REGISTRY,
     getVulnerabilityDefinition,
     getVulnerabilitiesByScanner,
     getVulnerabilitiesByCategory,

package/src/index.ts

@@ -13,7 +13,9 @@ import { XSS_VULNERABILITIES } from './categories/xss.js';
 import { SSRF_VULNERABILITIES } from './categories/ssrf.js';
 import { AUTH_VULNERABILITIES } from './categories/authentication.js';
 import { CONFIG_VULNERABILITIES } from './categories/configuration.js';
-import { SENSITIVE_PATH_VULNERABILITIES } from './categories/sensitive-paths.js';
+import { SENSITIVE_PATH_VULNERABILITIES } from './categories/sensitive-paths.js';
+import { CATEGORY_REGISTRY } from './category.js';
+import { SCANNER_REGISTRY } from './scanner.js';
 
 /**
  * Complete vulnerability registry combining all categories
@@ -104,14 +106,16 @@ export type {
 } from './types.js';
 
 // Export category definitions for direct access
-export {
-    INJECTION_VULNERABILITIES,
-    XSS_VULNERABILITIES,
-    SSRF_VULNERABILITIES,
-    AUTH_VULNERABILITIES,
-    CONFIG_VULNERABILITIES,
-    SENSITIVE_PATH_VULNERABILITIES,
-};
+export {
+    INJECTION_VULNERABILITIES,
+    XSS_VULNERABILITIES,
+    SSRF_VULNERABILITIES,
+    AUTH_VULNERABILITIES,
+    CONFIG_VULNERABILITIES,
+    SENSITIVE_PATH_VULNERABILITIES,
+    CATEGORY_REGISTRY,
+    SCANNER_REGISTRY,
+};
 
 export default {
     VulnerabilityCode,
@@ -119,8 +123,10 @@ export default {
     getVulnerabilityDefinition,
     getVulnerabilitiesByScanner,
     getVulnerabilitiesByCategory,
-    getVulnerabilitiesBySeverity,
-    getAllVulnerabilityCodes,
-    getVulnerabilityCount,
-    createFinding,
-};
+    getVulnerabilitiesBySeverity,
+    getAllVulnerabilityCodes,
+    getVulnerabilityCount,
+    createFinding,
+    CATEGORY_REGISTRY,
+    SCANNER_REGISTRY,
+};

package/src/scanner.ts

@@ -0,0 +1,23 @@
+/**
+ * Scanner registry - human-friendly titles for scanners.
+ */
+
+export const SCANNER_REGISTRY: Record<string, { title: string }> = {
+  "broken-access": { title: "Broken Access" },
+  "command-injection": { title: "Command Injection" },
+  "deserialization": { title: "Deserialization" },
+  "directory-browsing": { title: "Directory Browsing" },
+  "host-header": { title: "Host Header" },
+  "jwt": { title: "JSON WEB TOKEN" },
+  "local-file-inclusion": { title: "Local File Inclusion" },
+  "model-state": { title: "Model State" },
+  "redirect-route": { title: "Redirect Route" },
+  "security-headers": { title: "Security Headers" },
+  "sensitive-path-scout": { title: "Sensitive Path Scout" },
+  "sql-injection": { title: "SQL Injection" },
+  "ssrf": { title: "SSRF" },
+  "ssti": { title: "SSTI" },
+  "xpath-injection": { title: "XPath Injection" },
+  "xss": { title: "XSS" },
+  "xxe": { title: "XXE" },
+};

package/src/types.d.ts

@@ -62,6 +62,8 @@ export interface VulnerabilityDefinition {
     description: string;
     /** Severity level */
     severity: Severity;
+    /** Severity level numeric mapping (1=critical, 2=high, 3=medium, 4=low, 5=info) */
+    levelId: 1 | 2 | 3 | 4 | 5;
     /** Vulnerability category */
     category: VulnerabilityCategory;
     /** Scanner that detects this vulnerability */

package/src/types.js

@@ -1,7 +1,6 @@
-"use strict";
 /**
  * Vulnerability Registry - Core Types
  *
  * Central type definitions for all vulnerability definitions.
  */
-Object.defineProperty(exports, "__esModule", { value: true });
+export {};

package/src/types.ts

@@ -77,8 +77,10 @@ export interface VulnerabilityDefinition {
     title: string;
     /** Detailed description (100+ characters) */
     description: string;
-    /** Severity level */
-    severity: Severity;
+    /** Severity level */
+    severity: Severity;
+    /** Severity level numeric mapping (1=critical, 2=high, 3=medium, 4=low, 5=info) */
+    levelId: 1 | 2 | 3 | 4 | 5;
     /** Vulnerability category */
     category: VulnerabilityCategory;
     /** Scanner that detects this vulnerability */