@codeslick/security-knowledge

OWASP/CWE/CVSS mappings for comprehensive security vulnerability classification.

Features

- OWASP Top 10 2025: 95% coverage
- OWASP Top 10 2021: 100% coverage
- CWE Mappings: 85+ vulnerability types
- PCI-DSS Compliance: Payment Card Industry standards
- CVSS 3.1 Scoring: 0.0-10.0 severity scores
- Exploit Likelihood: High/Medium/Low classifications
- Security Impact: Data breach, RCE, XSS, DoS, etc.

Installation

``bash npm install @codeslick/security-knowledge`

`Usage`

`typescript import { getComplianceMapping, calculateSeverityScore, getSeverityLabel, getSeverityColor, } from '@codeslick/security-knowledge';

// Get compliance mapping for a vulnerability const mapping = getComplianceMapping('sql-injection'); console.log(mapping); // { // owasp: 'A03:2025 - Injection', // cwe: 'CWE-89', // pciDss: '6.5.1', // references: [...] // }

// Calculate severity score with context const score = calculateSeverityScore('sql-injection', { hasUserInput: true, isPublicFacing: true, containsSensitiveData: true }); console.log(score); // { // severity: 'critical', // cvssScore: 10.0, // exploitLikelihood: 'high', // impact: 'data-breach' // }

// Get UI labels and colors const label = getSeverityLabel('critical'); // 'CRITICAL' const colors = getSeverityColor('critical'); // { // bg: 'bg-red-100', // text: 'text-red-900', // border: 'border-red-500' // }`

`API`

`$3`

- getComplianceMapping(vulnerabilityType: string): ComplianceMapping-getOwaspCoverage(): Array<{ category: string; count: number }>

`$3`

- calculateSeverityScore(type: string, context?): SeverityScore-getSeverityLabel(severity: SecuritySeverity): string-getSeverityColor(severity: SecuritySeverity): { bg, text, border }-sortBySeverity(issues: Array<{severity, cvssScore?}>): Array<{...}>

`Supported Vulnerabilities (85+)`

`$3`


- SQL Injection, NoSQL Injection, Command Injection
- LDAP Injection, XPath Injection, Template Injection
- SSRF, XXE, XSS
$3

- Weak hashing (MD5, SHA1)
- Weak encryption (DES, ECB mode)
- Weak random number generation
- Hardcoded credentials
$3

- Plaintext password comparison
- Weak token generation
- Missing MFA, No rate limiting
- JWT vulnerabilities
$3

- Dynamic imports without integrity
- Malicious packages
- Dependency confusion
- Package typosquatting
$3

- Unhandled promise rejections
- Empty catch blocks
- Information exposure through errors
OWASP Coverage

`typescript import { getOwaspCoverage } from '@codeslick/security-knowledge';

const coverage = getOwaspCoverage(); // [ // { category: 'A01:2025 - Broken Access Control', count: 3 }, // { category: 'A02:2025 - Cryptographic Failures', count: 5 }, // { category: 'A03:2025 - Injection', count: 10 }, // ... // ]``

License

MIT © Vitor Lourenco

@codeslick/security-knowledge

OWASP/CWE/CVSS mappings for comprehensive security vulnerability classification.

Features

Installation

``bash npm install @codeslick/security-knowledge`

`Usage`

`typescript import { getComplianceMapping, calculateSeverityScore, getSeverityLabel, getSeverityColor, } from '@codeslick/security-knowledge';

`API`

`$3`

- getComplianceMapping(vulnerabilityType: string): ComplianceMapping-getOwaspCoverage(): Array<{ category: string; count: number }>

`$3`

`Supported Vulnerabilities (85+)`

`$3`


- SQL Injection, NoSQL Injection, Command Injection
- LDAP Injection, XPath Injection, Template Injection
- SSRF, XXE, XSS
$3

- Weak hashing (MD5, SHA1)
- Weak encryption (DES, ECB mode)
- Weak random number generation
- Hardcoded credentials
$3

- Plaintext password comparison
- Weak token generation
- Missing MFA, No rate limiting
- JWT vulnerabilities
$3

- Dynamic imports without integrity
- Malicious packages
- Dependency confusion
- Package typosquatting
$3

- Unhandled promise rejections
- Empty catch blocks
- Information exposure through errors
OWASP Coverage

`typescript import { getOwaspCoverage } from '@codeslick/security-knowledge';