genai-security-crosswalk 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. package/LICENSE.md +28 -0
  2. package/README.md +618 -0
  3. package/data/entries/ASI01.json +911 -0
  4. package/data/entries/ASI02.json +850 -0
  5. package/data/entries/ASI03.json +854 -0
  6. package/data/entries/ASI04.json +759 -0
  7. package/data/entries/ASI05.json +764 -0
  8. package/data/entries/ASI06.json +817 -0
  9. package/data/entries/ASI07.json +789 -0
  10. package/data/entries/ASI08.json +788 -0
  11. package/data/entries/ASI09.json +754 -0
  12. package/data/entries/ASI10.json +833 -0
  13. package/data/entries/DSGAI01.json +779 -0
  14. package/data/entries/DSGAI02.json +728 -0
  15. package/data/entries/DSGAI03.json +671 -0
  16. package/data/entries/DSGAI04.json +752 -0
  17. package/data/entries/DSGAI05.json +689 -0
  18. package/data/entries/DSGAI06.json +673 -0
  19. package/data/entries/DSGAI07.json +680 -0
  20. package/data/entries/DSGAI08.json +698 -0
  21. package/data/entries/DSGAI09.json +687 -0
  22. package/data/entries/DSGAI10.json +627 -0
  23. package/data/entries/DSGAI11.json +663 -0
  24. package/data/entries/DSGAI12.json +695 -0
  25. package/data/entries/DSGAI13.json +688 -0
  26. package/data/entries/DSGAI14.json +703 -0
  27. package/data/entries/DSGAI15.json +655 -0
  28. package/data/entries/DSGAI16.json +716 -0
  29. package/data/entries/DSGAI17.json +690 -0
  30. package/data/entries/DSGAI18.json +613 -0
  31. package/data/entries/DSGAI19.json +638 -0
  32. package/data/entries/DSGAI20.json +671 -0
  33. package/data/entries/DSGAI21.json +881 -0
  34. package/data/entries/LLM01.json +975 -0
  35. package/data/entries/LLM02.json +868 -0
  36. package/data/entries/LLM03.json +817 -0
  37. package/data/entries/LLM04.json +797 -0
  38. package/data/entries/LLM05.json +761 -0
  39. package/data/entries/LLM06.json +848 -0
  40. package/data/entries/LLM07.json +749 -0
  41. package/data/entries/LLM08.json +750 -0
  42. package/data/entries/LLM09.json +760 -0
  43. package/data/entries/LLM10.json +763 -0
  44. package/data/incidents-schema.json +121 -0
  45. package/data/incidents.json +1484 -0
  46. package/data/schema.json +134 -0
  47. package/dist/index.d.ts +97 -0
  48. package/dist/index.d.ts.map +1 -0
  49. package/dist/index.js +124 -0
  50. package/dist/index.js.map +1 -0
  51. package/dist/index.test.d.ts +2 -0
  52. package/dist/index.test.d.ts.map +1 -0
  53. package/dist/index.test.js +97 -0
  54. package/dist/index.test.js.map +1 -0
  55. package/package.json +62 -0
package/data/schema.json ADDED
@@ -0,0 +1,134 @@
1
+ {
2
+ "$schema": "http://json-schema.org/draft-07/schema#",
3
+ "title": "GenAI Security Crosswalk Entry",
4
+ "description": "Schema for mapping OWASP GenAI vulnerabilities to security frameworks",
5
+ "type": "object",
6
+ "required": ["id", "name", "source_list", "severity", "mappings"],
7
+ "properties": {
8
+ "id": {
9
+ "type": "string",
10
+ "description": "Vulnerability identifier e.g. LLM01, ASI03, DSGAI07",
11
+ "pattern": "^(LLM\\d{2}|ASI\\d{2}|DSGAI\\d{2})$"
12
+ },
13
+ "name": {
14
+ "type": "string",
15
+ "description": "Short human-readable name e.g. Prompt Injection"
16
+ },
17
+ "source_list": {
18
+ "type": "string",
19
+ "enum": ["LLM-Top10-2025", "Agentic-Top10-2026", "DSGAI-2026"],
20
+ "description": "Which OWASP list this entry belongs to"
21
+ },
22
+ "version": {
23
+ "type": "string",
24
+ "description": "Mapping version e.g. 2026-Q1"
25
+ },
26
+ "severity": {
27
+ "type": "string",
28
+ "enum": ["Critical", "High", "Medium", "Low"],
29
+ "description": "Standardised severity aligned to AIVSS"
30
+ },
31
+ "aivss_score": {
32
+ "type": ["number", "null"],
33
+ "minimum": 0,
34
+ "maximum": 10,
35
+ "description": "OWASP AIVSS score where available"
36
+ },
37
+ "audience": {
38
+ "type": "array",
39
+ "items": {
40
+ "type": "string",
41
+ "enum": [
42
+ "developer", "security-engineer", "auditor",
43
+ "ciso", "red-teamer", "data-engineer",
44
+ "ml-engineer", "ot-engineer", "compliance"
45
+ ]
46
+ }
47
+ },
48
+ "mappings": {
49
+ "type": "array",
50
+ "description": "One entry per framework control",
51
+ "items": {
52
+ "type": "object",
53
+ "required": ["framework", "control_id", "control_name", "tier", "scope"],
54
+ "properties": {
55
+ "framework": {
56
+ "type": "string",
57
+ "description": "Framework identifier e.g. MITRE-ATLAS, ISO-42001, AIUC-1"
58
+ },
59
+ "control_id": {
60
+ "type": "string",
61
+ "description": "Control or clause ID within the framework"
62
+ },
63
+ "control_name": {
64
+ "type": "string",
65
+ "description": "Human-readable control name"
66
+ },
67
+ "url": {
68
+ "type": "string",
69
+ "format": "uri",
70
+ "description": "Direct link to the control"
71
+ },
72
+ "tier": {
73
+ "type": "string",
74
+ "enum": ["Foundational", "Hardening", "Advanced"],
75
+ "description": "Implementation maturity tier"
76
+ },
77
+ "scope": {
78
+ "type": "string",
79
+ "enum": ["Buy", "Build", "Both"],
80
+ "description": "Whether this is addressed by vendor capability, internal engineering, or both"
81
+ },
82
+ "notes": {
83
+ "type": "string",
84
+ "description": "Optional implementation notes"
85
+ }
86
+ }
87
+ }
88
+ },
89
+ "tools": {
90
+ "type": "array",
91
+ "items": {
92
+ "type": "object",
93
+ "properties": {
94
+ "name": { "type": "string" },
95
+ "url": { "type": "string", "format": "uri" },
96
+ "type": { "type": "string", "enum": ["open-source", "commercial", "both"] }
97
+ }
98
+ }
99
+ },
100
+ "incidents": {
101
+ "type": "array",
102
+ "description": "Known real-world incidents referencing this vulnerability",
103
+ "items": {
104
+ "type": "object",
105
+ "properties": {
106
+ "name": { "type": "string" },
107
+ "url": { "type": "string", "format": "uri" },
108
+ "year": { "type": "integer" }
109
+ }
110
+ }
111
+ },
112
+ "crossrefs": {
113
+ "type": "object",
114
+ "description": "Links to related entries in other OWASP lists",
115
+ "properties": {
116
+ "llm_top10": { "type": "array", "items": { "type": "string" } },
117
+ "agentic_top10": { "type": "array", "items": { "type": "string" } },
118
+ "dsgai_2026": { "type": "array", "items": { "type": "string" } }
119
+ }
120
+ },
121
+ "changelog": {
122
+ "type": "array",
123
+ "items": {
124
+ "type": "object",
125
+ "properties": {
126
+ "date": { "type": "string", "format": "date" },
127
+ "version": { "type": "string" },
128
+ "change": { "type": "string" },
129
+ "author": { "type": "string" }
130
+ }
131
+ }
132
+ }
133
+ }
134
+ }
package/dist/index.d.ts ADDED
@@ -0,0 +1,97 @@
1
+ /**
2
+ * @owasp/genai-crosswalk
3
+ * Machine-readable GenAI security risk mappings across 18 frameworks
4
+ */
5
+ export interface Mapping {
6
+ framework: string;
7
+ control_id: string;
8
+ control_name: string;
9
+ tier?: string;
10
+ notes?: string;
11
+ }
12
+ export interface Tool {
13
+ name: string;
14
+ url: string;
15
+ type?: string;
16
+ }
17
+ export interface IncidentRef {
18
+ name: string;
19
+ url: string;
20
+ year: number;
21
+ incident_id: string;
22
+ }
23
+ export interface Entry {
24
+ id: string;
25
+ name: string;
26
+ source_list: string;
27
+ severity: 'Critical' | 'High' | 'Medium' | 'Low';
28
+ aivss_score?: number;
29
+ audience: string[];
30
+ mappings: Mapping[];
31
+ tools: Tool[];
32
+ incidents: IncidentRef[];
33
+ cross_references?: string[];
34
+ }
35
+ export interface MaestroLayer {
36
+ layer: string;
37
+ label: string;
38
+ role: 'origin' | 'propagation' | 'impact' | 'blind-spot';
39
+ notes: string;
40
+ }
41
+ export interface Reference {
42
+ title: string;
43
+ url: string;
44
+ type: string;
45
+ }
46
+ export interface Incident {
47
+ id: string;
48
+ title: string;
49
+ date: string;
50
+ year: number;
51
+ category: 'real-world' | 'research-demonstrated' | 'red-team';
52
+ description: string;
53
+ owasp_entries: string[];
54
+ maestro_layers: MaestroLayer[];
55
+ attack_vector: string;
56
+ affected: string;
57
+ impact: string;
58
+ severity: 'Critical' | 'High' | 'Medium' | 'Low';
59
+ mitigations: string[];
60
+ references: Reference[];
61
+ tags: string[];
62
+ }
63
+ export interface CrosswalkDB {
64
+ entries: Entry[];
65
+ incidents: Incident[];
66
+ frameworks: string[];
67
+ version: string;
68
+ }
69
+ /** All 41 OWASP GenAI entries */
70
+ export declare const entries: Entry[];
71
+ /** All documented incidents */
72
+ export declare const incidents: Incident[];
73
+ /** All framework names found in mappings */
74
+ export declare const frameworks: string[];
75
+ /** Package version */
76
+ export declare const version = "1.6.0";
77
+ /** Get a single entry by ID (e.g. 'LLM01', 'ASI01', 'DSGAI04') */
78
+ export declare function getEntry(id: string): Entry | undefined;
79
+ /** Get all entries mapped to a specific framework */
80
+ export declare function getFramework(framework: string): {
81
+ framework: string;
82
+ entries: Entry[];
83
+ controls: Mapping[];
84
+ };
85
+ /** Search entries by keyword in name, mappings, or tools */
86
+ export declare function searchEntries(query: string): Entry[];
87
+ /** Get entries by severity */
88
+ export declare function getBySeverity(severity: 'Critical' | 'High' | 'Medium' | 'Low'): Entry[];
89
+ /** Get entries by source list */
90
+ export declare function getBySourceList(sourceList: string): Entry[];
91
+ /** Get incidents for a specific OWASP entry */
92
+ export declare function getIncidentsForEntry(id: string): Incident[];
93
+ /** Get incidents by MAESTRO layer */
94
+ export declare function getIncidentsByLayer(layer: string): Incident[];
95
+ /** Full database export */
96
+ export declare function getDatabase(): CrosswalkDB;
97
+ //# sourceMappingURL=index.d.ts.map
package/dist/index.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,MAAM,WAAW,OAAO;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,IAAI;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,KAAK;IACpB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACjD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,KAAK,EAAE,IAAI,EAAE,CAAC;IACd,SAAS,EAAE,WAAW,EAAE,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC7B;AAED,MAAM,WAAW,YAAY;IAC3B,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,QAAQ,GAAG,aAAa,GAAG,QAAQ,GAAG,YAAY,CAAC;IACzD,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,SAAS;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,YAAY,GAAG,uBAAuB,GAAG,UAAU,CAAC;IAC9D,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,cAAc,EAAE,YAAY,EAAE,CAAC;IAC/B,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACjD,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,UAAU,EAAE,SAAS,EAAE,CAAC;IACxB,IAAI,EAAE,MAAM,EAAE,CAAC;CAChB;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,KAAK,EAAE,CAAC;IACjB,SAAS,EAAE,QAAQ,EAAE,CAAC;IACtB,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;CACjB;AAgCD,iCAAiC;AACjC,eAAO,MAAM,OAAO,EAAE,KAAK,EAAkB,CAAC;AAE9C,+BAA+B;AAC/B,eAAO,MAAM,SAAS,EAAE,QAAQ,EAAoB,CAAC;AAErD,4CAA4C;AAC5C,eAAO,MAAM,UAAU,EAAE,MAAM,EAEtB,CAAC;AAEV,sBAAsB;AACtB,eAAO,MAAM,OAAO,UAAU,CAAC;AAE/B,kEAAkE;AAClE,wBAAgB,QAAQ,CAAC,EAAE,EAAE,MAAM,GAAG,KAAK,GAAG,SAAS,CAEtD;AAED,qDAAqD;AACrD,wBAAgB,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG;IAAE,SAAS,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,KAAK,EAAE,CAAC;IAAC,QAAQ,EAAE,OAAO,EAAE,CAAA;CAAE,CAU5G;AAED,4DAA4D;AAC5D,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,KAAK,EAAE,CAQpD;AAED,8BAA8B;AAC9B,wBAAgB,aAAa,CAAC,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,KAAK,EAAE,CAEvF;AAED,iCAAiC;AACjC,wBAAgB,eAAe,CAAC,UAAU,EAAE,MAAM,GAAG,KAAK,EAAE,CAG3D;AAED,+CAA+C;AAC/C,wBAAgB,oBAAoB,CAAC,EAAE,EAAE,MAAM,GAAG,QAAQ,EAAE,CAG3D;AAED,qCAAqC;AACrC,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,MAAM,GAAG,QAAQ,EAAE,CAE7D;AAED,2BAA2B;AAC3B,wBAAgB,WAAW,IAAI,WAAW,CAEzC"}
package/dist/index.js ADDED
@@ -0,0 +1,124 @@
1
+ "use strict";
2
+ /**
3
+ * @owasp/genai-crosswalk
4
+ * Machine-readable GenAI security risk mappings across 18 frameworks
5
+ */
6
+ var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
7
+ if (k2 === undefined) k2 = k;
8
+ var desc = Object.getOwnPropertyDescriptor(m, k);
9
+ if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
10
+ desc = { enumerable: true, get: function() { return m[k]; } };
11
+ }
12
+ Object.defineProperty(o, k2, desc);
13
+ }) : (function(o, m, k, k2) {
14
+ if (k2 === undefined) k2 = k;
15
+ o[k2] = m[k];
16
+ }));
17
+ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
18
+ Object.defineProperty(o, "default", { enumerable: true, value: v });
19
+ }) : function(o, v) {
20
+ o["default"] = v;
21
+ });
22
+ var __importStar = (this && this.__importStar) || (function () {
23
+ var ownKeys = function(o) {
24
+ ownKeys = Object.getOwnPropertyNames || function (o) {
25
+ var ar = [];
26
+ for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
27
+ return ar;
28
+ };
29
+ return ownKeys(o);
30
+ };
31
+ return function (mod) {
32
+ if (mod && mod.__esModule) return mod;
33
+ var result = {};
34
+ if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
35
+ __setModuleDefault(result, mod);
36
+ return result;
37
+ };
38
+ })();
39
+ Object.defineProperty(exports, "__esModule", { value: true });
40
+ exports.version = exports.frameworks = exports.incidents = exports.entries = void 0;
41
+ exports.getEntry = getEntry;
42
+ exports.getFramework = getFramework;
43
+ exports.searchEntries = searchEntries;
44
+ exports.getBySeverity = getBySeverity;
45
+ exports.getBySourceList = getBySourceList;
46
+ exports.getIncidentsForEntry = getIncidentsForEntry;
47
+ exports.getIncidentsByLayer = getIncidentsByLayer;
48
+ exports.getDatabase = getDatabase;
49
+ // ── Data loading ────────────────────────────────────────────────────────────
50
+ const fs = __importStar(require("fs"));
51
+ const path = __importStar(require("path"));
52
+ const DATA_DIR = path.join(__dirname, '..', 'data');
53
+ let _entries;
54
+ let _incidents;
55
+ function loadEntries() {
56
+ if (_entries)
57
+ return _entries;
58
+ const dir = path.join(DATA_DIR, 'entries');
59
+ _entries = fs.readdirSync(dir)
60
+ .filter((f) => f.endsWith('.json'))
61
+ .map((f) => JSON.parse(fs.readFileSync(path.join(dir, f), 'utf8')))
62
+ .sort((a, b) => a.id.localeCompare(b.id));
63
+ return _entries;
64
+ }
65
+ function loadIncidents() {
66
+ if (_incidents)
67
+ return _incidents;
68
+ const file = path.join(DATA_DIR, 'incidents.json');
69
+ const db = JSON.parse(fs.readFileSync(file, 'utf8'));
70
+ _incidents = db.incidents;
71
+ return _incidents;
72
+ }
73
+ // ── Public API ──────────────────────────────────────────────────────────────
74
+ /** All 41 OWASP GenAI entries */
75
+ exports.entries = loadEntries();
76
+ /** All documented incidents */
77
+ exports.incidents = loadIncidents();
78
+ /** All framework names found in mappings */
79
+ exports.frameworks = [...new Set(exports.entries.flatMap(e => e.mappings.map(m => m.framework)))].sort();
80
+ /** Package version */
81
+ exports.version = '1.6.0';
82
+ /** Get a single entry by ID (e.g. 'LLM01', 'ASI01', 'DSGAI04') */
83
+ function getEntry(id) {
84
+ return exports.entries.find(e => e.id === id.toUpperCase());
85
+ }
86
+ /** Get all entries mapped to a specific framework */
87
+ function getFramework(framework) {
88
+ const query = framework.toLowerCase();
89
+ const matched = exports.entries.filter(e => e.mappings.some(m => m.framework.toLowerCase().includes(query)));
90
+ const controls = matched.flatMap(e => e.mappings.filter(m => m.framework.toLowerCase().includes(query)));
91
+ const fwName = controls[0]?.framework || framework;
92
+ return { framework: fwName, entries: matched, controls };
93
+ }
94
+ /** Search entries by keyword in name, mappings, or tools */
95
+ function searchEntries(query) {
96
+ const q = query.toLowerCase();
97
+ return exports.entries.filter(e => e.id.toLowerCase().includes(q) ||
98
+ e.name.toLowerCase().includes(q) ||
99
+ e.mappings.some(m => m.control_id?.toLowerCase().includes(q) || m.control_name?.toLowerCase().includes(q)) ||
100
+ e.tools.some(t => t.name.toLowerCase().includes(q)));
101
+ }
102
+ /** Get entries by severity */
103
+ function getBySeverity(severity) {
104
+ return exports.entries.filter(e => e.severity === severity);
105
+ }
106
+ /** Get entries by source list */
107
+ function getBySourceList(sourceList) {
108
+ const q = sourceList.toLowerCase();
109
+ return exports.entries.filter(e => e.source_list.toLowerCase().includes(q));
110
+ }
111
+ /** Get incidents for a specific OWASP entry */
112
+ function getIncidentsForEntry(id) {
113
+ const uid = id.toUpperCase();
114
+ return exports.incidents.filter(i => i.owasp_entries.includes(uid));
115
+ }
116
+ /** Get incidents by MAESTRO layer */
117
+ function getIncidentsByLayer(layer) {
118
+ return exports.incidents.filter(i => i.maestro_layers.some(l => l.layer === layer));
119
+ }
120
+ /** Full database export */
121
+ function getDatabase() {
122
+ return { entries: exports.entries, incidents: exports.incidents, frameworks: exports.frameworks, version: exports.version };
123
+ }
124
+ //# sourceMappingURL=index.js.map
package/dist/index.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAyHH,4BAEC;AAGD,oCAUC;AAGD,sCAQC;AAGD,sCAEC;AAGD,0CAGC;AAGD,oDAGC;AAGD,kDAEC;AAGD,kCAEC;AAlGD,+EAA+E;AAE/E,uCAAyB;AACzB,2CAA6B;AAE7B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;AAEpD,IAAI,QAA6B,CAAC;AAClC,IAAI,UAAkC,CAAC;AAEvC,SAAS,WAAW;IAClB,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAC3C,QAAQ,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC;SAC3B,MAAM,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;SAC1C,GAAG,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,MAAM,CAAC,CAAU,CAAC;SACnF,IAAI,CAAC,CAAC,CAAQ,EAAE,CAAQ,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAC1D,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,aAAa;IACpB,IAAI,UAAU;QAAE,OAAO,UAAU,CAAC;IAClC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC;IACnD,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;IACrD,UAAU,GAAG,EAAE,CAAC,SAAuB,CAAC;IACxC,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,+EAA+E;AAE/E,iCAAiC;AACpB,QAAA,OAAO,GAAY,WAAW,EAAE,CAAC;AAE9C,+BAA+B;AAClB,QAAA,SAAS,GAAe,aAAa,EAAE,CAAC;AAErD,4CAA4C;AAC/B,QAAA,UAAU,GAAa,CAAC,GAAG,IAAI,GAAG,CAC7C,eAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CACvD,CAAC,CAAC,IAAI,EAAE,CAAC;AAEV,sBAAsB;AACT,QAAA,OAAO,GAAG,OAAO,CAAC;AAE/B,kEAAkE;AAClE,SAAgB,QAAQ,CAAC,EAAU;IACjC,OAAO,eAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;AACtD,CAAC;AAED,qDAAqD;AACrD,SAAgB,YAAY,CAAC,SAAiB;IAC5C,MAAM,KAAK,GAAG,SAAS,CAAC,WAAW,EAAE,CAAC;IACtC,MAAM,OAAO,GAAG,eAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CACjC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAChE,CAAC;IACF,MAAM,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CACnC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAClE,CAAC;IACF,MAAM,MAAM,GAAG,QAAQ,CAAC,CAAC,CAAC,EAAE,SAAS,IAAI,SAAS,CAAC;IACnD,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC;AAC3D,CAAC;AAED,4DAA4D;AAC5D,SAAgB,aAAa,CAAC,KAAa;IACzC,MAAM,CAAC,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;IAC9B,OAAO,eAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CACxB,CAAC,CAAC,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC9B,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC;QAChC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,EAAE,WAAW,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,YAAY,EAAE,WAAW,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QAC1G,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CACpD,CAAC;AACJ,CAAC;AAED,8BAA8B;AAC9B,SAAgB,aAAa,CAAC,QAAgD;IAC5E,OAAO,eAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;AACtD,CAAC;AAED,iCAAiC;AACjC,SAAgB,eAAe,CAAC,UAAkB;IAChD,MAAM,CAAC,GAAG,UAAU,CAAC,WAAW,EAAE,CAAC;IACnC,OAAO,eAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;AACtE,CAAC;AAED,+CAA+C;AAC/C,SAAgB,oBAAoB,CAAC,EAAU;IAC7C,MAAM,GAAG,GAAG,EAAE,CAAC,WAAW,EAAE,CAAC;IAC7B,OAAO,iBAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;AAC9D,CAAC;AAED,qCAAqC;AACrC,SAAgB,mBAAmB,CAAC,KAAa;IAC/C,OAAO,iBAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,KAAK,CAAC,CAAC,CAAC;AAC9E,CAAC;AAED,2BAA2B;AAC3B,SAAgB,WAAW;IACzB,OAAO,EAAE,OAAO,EAAP,eAAO,EAAE,SAAS,EAAT,iBAAS,EAAE,UAAU,EAAV,kBAAU,EAAE,OAAO,EAAP,eAAO,EAAE,CAAC;AACrD,CAAC"}
package/dist/index.test.d.ts ADDED
@@ -0,0 +1,2 @@
1
+ export {};
2
+ //# sourceMappingURL=index.test.d.ts.map
package/dist/index.test.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.test.d.ts","sourceRoot":"","sources":["../src/index.test.ts"],"names":[],"mappings":""}
package/dist/index.test.js ADDED
@@ -0,0 +1,97 @@
1
+ "use strict";
2
+ var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
3
+ if (k2 === undefined) k2 = k;
4
+ var desc = Object.getOwnPropertyDescriptor(m, k);
5
+ if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
6
+ desc = { enumerable: true, get: function() { return m[k]; } };
7
+ }
8
+ Object.defineProperty(o, k2, desc);
9
+ }) : (function(o, m, k, k2) {
10
+ if (k2 === undefined) k2 = k;
11
+ o[k2] = m[k];
12
+ }));
13
+ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
14
+ Object.defineProperty(o, "default", { enumerable: true, value: v });
15
+ }) : function(o, v) {
16
+ o["default"] = v;
17
+ });
18
+ var __importStar = (this && this.__importStar) || (function () {
19
+ var ownKeys = function(o) {
20
+ ownKeys = Object.getOwnPropertyNames || function (o) {
21
+ var ar = [];
22
+ for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
23
+ return ar;
24
+ };
25
+ return ownKeys(o);
26
+ };
27
+ return function (mod) {
28
+ if (mod && mod.__esModule) return mod;
29
+ var result = {};
30
+ if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
31
+ __setModuleDefault(result, mod);
32
+ return result;
33
+ };
34
+ })();
35
+ Object.defineProperty(exports, "__esModule", { value: true });
36
+ const node_test_1 = require("node:test");
37
+ const assert = __importStar(require("node:assert/strict"));
38
+ const index_1 = require("./index");
39
+ (0, node_test_1.describe)('@owasp/genai-crosswalk', () => {
40
+ (0, node_test_1.it)('loads all 41 entries', () => {
41
+ assert.equal(index_1.entries.length, 41);
42
+ });
43
+ (0, node_test_1.it)('loads 31 incidents', () => {
44
+ assert.ok(index_1.incidents.length >= 31);
45
+ });
46
+ (0, node_test_1.it)('getEntry returns LLM01', () => {
47
+ const e = (0, index_1.getEntry)('LLM01');
48
+ assert.ok(e);
49
+ assert.equal(e.id, 'LLM01');
50
+ assert.equal(e.severity, 'Critical');
51
+ });
52
+ (0, node_test_1.it)('getEntry is case-insensitive', () => {
53
+ assert.ok((0, index_1.getEntry)('llm01'));
54
+ assert.ok((0, index_1.getEntry)('asi01'));
55
+ });
56
+ (0, node_test_1.it)('getEntry returns undefined for unknown ID', () => {
57
+ assert.equal((0, index_1.getEntry)('FAKE99'), undefined);
58
+ });
59
+ (0, node_test_1.it)('frameworks includes all 18', () => {
60
+ assert.ok(index_1.frameworks.length >= 18);
61
+ assert.ok(index_1.frameworks.includes('EU AI Act'));
62
+ assert.ok(index_1.frameworks.includes('NIST SP 800-218A'));
63
+ });
64
+ (0, node_test_1.it)('getFramework returns entries for EU AI Act', () => {
65
+ const r = (0, index_1.getFramework)('EU AI Act');
66
+ assert.ok(r.entries.length > 0);
67
+ assert.ok(r.controls.length > 0);
68
+ });
69
+ (0, node_test_1.it)('searchEntries finds prompt injection', () => {
70
+ const r = (0, index_1.searchEntries)('prompt injection');
71
+ assert.ok(r.length > 0);
72
+ assert.ok(r.some(e => e.id === 'LLM01'));
73
+ });
74
+ (0, node_test_1.it)('getBySeverity returns Critical entries', () => {
75
+ const r = (0, index_1.getBySeverity)('Critical');
76
+ assert.ok(r.length > 0);
77
+ assert.ok(r.every(e => e.severity === 'Critical'));
78
+ });
79
+ (0, node_test_1.it)('getIncidentsForEntry returns incidents for LLM01', () => {
80
+ const r = (0, index_1.getIncidentsForEntry)('LLM01');
81
+ assert.ok(r.length > 0);
82
+ });
83
+ (0, node_test_1.it)('every entry has mappings array', () => {
84
+ for (const e of index_1.entries) {
85
+ assert.ok(Array.isArray(e.mappings), `${e.id} missing mappings`);
86
+ }
87
+ });
88
+ (0, node_test_1.it)('every incident has required fields', () => {
89
+ for (const i of index_1.incidents) {
90
+ assert.ok(i.id, 'missing id');
91
+ assert.ok(i.title, 'missing title');
92
+ assert.ok(i.owasp_entries.length > 0, `${i.id} missing owasp_entries`);
93
+ assert.ok(i.maestro_layers.length > 0, `${i.id} missing maestro_layers`);
94
+ }
95
+ });
96
+ });
97
+ //# sourceMappingURL=index.test.js.map
package/dist/index.test.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.test.js","sourceRoot":"","sources":["../src/index.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,yCAAyC;AACzC,2DAA6C;AAC7C,mCAAqI;AAErI,IAAA,oBAAQ,EAAC,wBAAwB,EAAE,GAAG,EAAE;IACtC,IAAA,cAAE,EAAC,sBAAsB,EAAE,GAAG,EAAE;QAC9B,MAAM,CAAC,KAAK,CAAC,eAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACnC,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,oBAAoB,EAAE,GAAG,EAAE;QAC5B,MAAM,CAAC,EAAE,CAAC,iBAAS,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,wBAAwB,EAAE,GAAG,EAAE;QAChC,MAAM,CAAC,GAAG,IAAA,gBAAQ,EAAC,OAAO,CAAC,CAAC;QAC5B,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QACb,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;QAC5B,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,8BAA8B,EAAE,GAAG,EAAE;QACtC,MAAM,CAAC,EAAE,CAAC,IAAA,gBAAQ,EAAC,OAAO,CAAC,CAAC,CAAC;QAC7B,MAAM,CAAC,EAAE,CAAC,IAAA,gBAAQ,EAAC,OAAO,CAAC,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,2CAA2C,EAAE,GAAG,EAAE;QACnD,MAAM,CAAC,KAAK,CAAC,IAAA,gBAAQ,EAAC,QAAQ,CAAC,EAAE,SAAS,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,4BAA4B,EAAE,GAAG,EAAE;QACpC,MAAM,CAAC,EAAE,CAAC,kBAAU,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC;QACnC,MAAM,CAAC,EAAE,CAAC,kBAAU,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC;QAC5C,MAAM,CAAC,EAAE,CAAC,kBAAU,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,4CAA4C,EAAE,GAAG,EAAE;QACpD,MAAM,CAAC,GAAG,IAAA,oBAAY,EAAC,WAAW,CAAC,CAAC;QACpC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAChC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACnC,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,sCAAsC,EAAE,GAAG,EAAE;QAC9C,MAAM,CAAC,GAAG,IAAA,qBAAa,EAAC,kBAAkB,CAAC,CAAC;QAC5C,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACxB,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,OAAO,CAAC,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,wCAAwC,EAAE,GAAG,EAAE;QAChD,MAAM,CAAC,GAAG,IAAA,qBAAa,EAAC,UAAU,CAAC,CAAC;QACpC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACxB,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,kDAAkD,EAAE,GAAG,EAAE;QAC1D,MAAM,CAAC,GAAG,IAAA,4BAAoB,EAAC,OAAO,CAAC,CAAC;QACxC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC1B,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,gCAAgC,EAAE,GAAG,EAAE;QACxC,KAAK,MAAM,CAAC,IAAI,eAAO,EAAE,CAAC;YACxB,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,mBAAmB,CAAC,CAAC;QACnE,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,oCAAoC,EAAE,GAAG,EAAE;QAC5C,KAAK,MAAM,CAAC,IAAI,iBAAS,EAAE,CAAC;YAC1B,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,YAAY,CAAC,CAAC;YAC9B,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;YACpC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,wBAAwB,CAAC,CAAC;YACvE,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,yBAAyB,CAAC,CAAC;QAC3E,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
package/package.json ADDED
@@ -0,0 +1,62 @@
1
+ {
2
+ "name": "genai-security-crosswalk",
3
+ "version": "2.0.0",
4
+ "description": "OWASP GenAI Security Crosswalk — mapping LLM Top 10, Agentic Top 10, and DSGAI 2026 to 17 industry frameworks",
5
+ "main": "dist/index.js",
6
+ "types": "dist/index.d.ts",
7
+ "files": [
8
+ "dist/",
9
+ "data/entries/",
10
+ "data/incidents.json",
11
+ "data/schema.json",
12
+ "data/incidents-schema.json"
13
+ ],
14
+ "engines": {
15
+ "node": ">=18.0.0"
16
+ },
17
+ "scripts": {
18
+ "generate": "node scripts/generate.js",
19
+ "validate": "node scripts/validate.js",
20
+ "compliance": "node scripts/compliance-report.js",
21
+ "incidents": "node scripts/incidents-report.js",
22
+ "query": "node scripts/query.js",
23
+ "watch": "node scripts/watch.js",
24
+ "build": "npm run generate && npm run validate",
25
+ "build:reports": "npm run compliance && npm run incidents",
26
+ "ci": "npm run build && npm run build:reports",
27
+ "compile": "tsc",
28
+ "prepublishOnly": "npm run compile"
29
+ },
30
+ "license": "CC-BY-SA-4.0",
31
+ "repository": {
32
+ "type": "git",
33
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk.git"
34
+ },
35
+ "bugs": {
36
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/issues"
37
+ },
38
+ "homepage": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk#readme",
39
+ "keywords": [
40
+ "owasp",
41
+ "llm-security",
42
+ "ai-security",
43
+ "genai",
44
+ "crosswalk",
45
+ "compliance",
46
+ "nist",
47
+ "eu-ai-act",
48
+ "prompt-injection",
49
+ "agentic-ai"
50
+ ],
51
+ "author": {
52
+ "name": "Emmanuel Guilherme Junior",
53
+ "url": "https://github.com/emmanuelgjr"
54
+ },
55
+ "contributors": [
56
+ "OWASP GenAI Data Security Initiative contributors"
57
+ ],
58
+ "devDependencies": {
59
+ "@types/node": "^25.5.0",
60
+ "typescript": "^5.4.0"
61
+ }
62
+ }