@arcjet/analyze 1.0.0-alpha.21 → 1.0.0-alpha.22

package/_virtual/arcjet_analyze_js_req.component.core2.js

@@ -24,7 +24,7 @@
  * properly support consistent asset bundling techniques.
  */
 
-const wasmBase64 = "data:application/wasm;base64,AGFzbQEAAAABDAJgAn9/AGACf38BfwMHBgAAAQEBAQQFAXABBgYHJAcBMAAAATEAAQEyAAIBMwADATQABAE1AAUIJGltcG9ydHMBAApJBgsAIAAgAUEAEQAACwsAIAAgAUEBEQAACwsAIAAgAUECEQEACwsAIAAgAUEDEQEACwsAIAAgAUEEEQEACwsAIAAgAUEFEQEACwAvCXByb2R1Y2VycwEMcHJvY2Vzc2VkLWJ5AQ13aXQtY29tcG9uZW50BzAuMjEwLjAA7gIEbmFtZQATEndpdC1jb21wb25lbnQ6c2hpbQHRAgYAI2luZGlyZWN0LWFyY2pldDpqcy1yZXEvbG9nZ2VyLWRlYnVnASNpbmRpcmVjdC1hcmNqZXQ6anMtcmVxL2xvZ2dlci1lcnJvcgI+aW5kaXJlY3QtYXJjamV0OmpzLXJlcS9lbWFpbC12YWxpZGF0b3Itb3ZlcnJpZGVzLWlzLWZyZWUtZW1haWwDRGluZGlyZWN0LWFyY2pldDpqcy1yZXEvZW1haWwtdmFsaWRhdG9yLW92ZXJyaWRlcy1pcy1kaXNwb3NhYmxlLWVtYWlsBD9pbmRpcmVjdC1hcmNqZXQ6anMtcmVxL2VtYWlsLXZhbGlkYXRvci1vdmVycmlkZXMtaGFzLW14LXJlY29yZHMFPWluZGlyZWN0LWFyY2pldDpqcy1yZXEvZW1haWwtdmFsaWRhdG9yLW92ZXJyaWRlcy1oYXMtZ3JhdmF0YXI=";
+const wasmBase64 = "data:application/wasm;base64,AGFzbQEAAAABEgNgAn9/AGACf38Bf2ADf39/AAMIBwAAAQEBAQIEBQFwAQcHBygIATAAAAExAAEBMgACATMAAwE0AAQBNQAFATYABggkaW1wb3J0cwEAClcHCwAgACABQQARAAALCwAgACABQQERAAALCwAgACABQQIRAQALCwAgACABQQMRAQALCwAgACABQQQRAQALCwAgACABQQURAQALDQAgACABIAJBBhECAAsALwlwcm9kdWNlcnMBDHByb2Nlc3NlZC1ieQENd2l0LWNvbXBvbmVudAcwLjIxMC4wAK4DBG5hbWUAExJ3aXQtY29tcG9uZW50OnNoaW0BkQMHACNpbmRpcmVjdC1hcmNqZXQ6anMtcmVxL2xvZ2dlci1kZWJ1ZwEjaW5kaXJlY3QtYXJjamV0OmpzLXJlcS9sb2dnZXItZXJyb3ICPmluZGlyZWN0LWFyY2pldDpqcy1yZXEvZW1haWwtdmFsaWRhdG9yLW92ZXJyaWRlcy1pcy1mcmVlLWVtYWlsA0RpbmRpcmVjdC1hcmNqZXQ6anMtcmVxL2VtYWlsLXZhbGlkYXRvci1vdmVycmlkZXMtaXMtZGlzcG9zYWJsZS1lbWFpbAQ/aW5kaXJlY3QtYXJjamV0OmpzLXJlcS9lbWFpbC12YWxpZGF0b3Itb3ZlcnJpZGVzLWhhcy1teC1yZWNvcmRzBT1pbmRpcmVjdC1hcmNqZXQ6anMtcmVxL2VtYWlsLXZhbGlkYXRvci1vdmVycmlkZXMtaGFzLWdyYXZhdGFyBj5pbmRpcmVjdC1hcmNqZXQ6anMtcmVxL3NlbnNpdGl2ZS1pbmZvcm1hdGlvbi1pZGVudGlmaWVyLWRldGVjdA==";
 /**
  * Returns a WebAssembly.Module for an Arcjet Wasm binary, decoded from a base64
  * Data URL.

package/_virtual/arcjet_analyze_js_req.component.core3.js

@@ -24,7 +24,7 @@
  * properly support consistent asset bundling techniques.
  */
 
-const wasmBase64 = "data:application/wasm;base64,AGFzbQEAAAABDAJgAn9/AGACf38BfwIuBwABMAAAAAExAAAAATIAAQABMwABAAE0AAEAATUAAQAIJGltcG9ydHMBcAEGBgkMAQBBAAsGAAECAwQFAC8JcHJvZHVjZXJzAQxwcm9jZXNzZWQtYnkBDXdpdC1jb21wb25lbnQHMC4yMTAuMAAcBG5hbWUAFRR3aXQtY29tcG9uZW50OmZpeHVwcw==";
+const wasmBase64 = "data:application/wasm;base64,AGFzbQEAAAABEgNgAn9/AGACf38Bf2ADf39/AAIzCAABMAAAAAExAAAAATIAAQABMwABAAE0AAEAATUAAQABNgACAAgkaW1wb3J0cwFwAQcHCQ0BAEEACwcAAQIDBAUGAC8JcHJvZHVjZXJzAQxwcm9jZXNzZWQtYnkBDXdpdC1jb21wb25lbnQHMC4yMTAuMAAcBG5hbWUAFRR3aXQtY29tcG9uZW50OmZpeHVwcw==";
 /**
  * Returns a WebAssembly.Module for an Arcjet Wasm binary, decoded from a base64
  * Data URL.

package/edge-light.d.ts

@@ -1,9 +1,11 @@
 import type { ArcjetLogger, ArcjetRequestDetails } from "@arcjet/protocol";
-import type { EmailValidationConfig, BotDetectionResult, BotType, EmailValidationResult } from "./wasm/arcjet_analyze_js_req.component.js";
+import type { EmailValidationConfig, BotDetectionResult, BotType, EmailValidationResult, DetectedSensitiveInfoEntity, SensitiveInfoEntities, SensitiveInfoEntity, SensitiveInfoResult } from "./wasm/arcjet_analyze_js_req.component.js";
+import type { ArcjetJsReqSensitiveInformationIdentifier } from "./wasm/interfaces/arcjet-js-req-sensitive-information-identifier.js";
 interface AnalyzeContext {
     log: ArcjetLogger;
     characteristics: string[];
 }
+type DetectSensitiveInfoFunction = typeof ArcjetJsReqSensitiveInformationIdentifier.detect;
 export { type EmailValidationConfig, type BotType, 
 /**
  * Represents the result of the bot detection.
@@ -17,7 +19,7 @@ export { type EmailValidationConfig, type BotType,
  * confidence level. `BotType.LikelyNotABot` with a score of 99 means we are
  * almost certain this request was not a bot.
  */
-type BotDetectionResult, };
+type BotDetectionResult, type DetectedSensitiveInfoEntity, type SensitiveInfoEntity, type DetectSensitiveInfoFunction, };
 /**
  * Generate a fingerprint for the client. This is used to identify the client
  * across multiple requests.
@@ -28,3 +30,4 @@ type BotDetectionResult, };
 export declare function generateFingerprint(context: AnalyzeContext, request: Partial<ArcjetRequestDetails>): Promise<string>;
 export declare function isValidEmail(context: AnalyzeContext, candidate: string, options?: EmailValidationConfig): Promise<EmailValidationResult>;
 export declare function detectBot(context: AnalyzeContext, headers: string, patterns_add: string, patterns_remove: string): Promise<BotDetectionResult>;
+export declare function detectSensitiveInfo(context: AnalyzeContext, candidate: string, entities: SensitiveInfoEntities, contextWindowSize: number, detect?: DetectSensitiveInfoFunction): Promise<SensitiveInfoResult>;

package/edge-light.js

@@ -22,8 +22,14 @@ async function moduleFromPath(path) {
     }
     throw new Error(`Unknown path: ${path}`);
 }
-async function init(context) {
+function noOpDetect() {
+    return [];
+}
+async function init(context, detectSensitiveInfo) {
     const { log } = context;
+    if (typeof detectSensitiveInfo !== "function") {
+        detectSensitiveInfo = noOpDetect;
+    }
     const coreImports = {
         "arcjet:js-req/logger": {
             debug(msg) {
@@ -50,6 +56,9 @@ async function init(context) {
                 return "unknown";
             },
         },
+        "arcjet:js-req/sensitive-information-identifier": {
+            detect: detectSensitiveInfo,
+        },
     };
     try {
         return instantiate(moduleFromPath, coreImports);
@@ -104,5 +113,19 @@ async function detectBot(context, headers, patterns_add, patterns_remove) {
         };
     }
 }
+async function detectSensitiveInfo(context, candidate, entities, contextWindowSize, detect) {
+    const analyze = await init(context, detect);
+    if (typeof analyze !== "undefined") {
+        const skipCustomDetect = typeof detect !== "function";
+        return analyze.detectSensitiveInfo(candidate, {
+            entities,
+            contextWindowSize,
+            skipCustomDetect,
+        });
+    }
+    else {
+        throw new Error("SENSITIVE_INFO rule failed to run because Wasm is not supported in this environment.");
+    }
+}
 
-export { detectBot, generateFingerprint, isValidEmail };
+export { detectBot, detectSensitiveInfo, generateFingerprint, isValidEmail };

package/edge-light.ts

@@ -1,13 +1,18 @@
 import type { ArcjetLogger, ArcjetRequestDetails } from "@arcjet/protocol";
 
-import * as core from "./wasm/arcjet_analyze_js_req.component.js";
+import { instantiate } from "./wasm/arcjet_analyze_js_req.component.js";
 import type {
   ImportObject,
   EmailValidationConfig,
   BotDetectionResult,
   BotType,
   EmailValidationResult,
+  DetectedSensitiveInfoEntity,
+  SensitiveInfoEntities,
+  SensitiveInfoEntity,
+  SensitiveInfoResult,
 } from "./wasm/arcjet_analyze_js_req.component.js";
+import type { ArcjetJsReqSensitiveInformationIdentifier } from "./wasm/interfaces/arcjet-js-req-sensitive-information-identifier.js";
 
 import componentCoreWasm from "./wasm/arcjet_analyze_js_req.component.core.wasm?module";
 import componentCore2Wasm from "./wasm/arcjet_analyze_js_req.component.core2.wasm?module";
@@ -26,6 +31,9 @@ interface AnalyzeContext {
   characteristics: string[];
 }
 
+type DetectSensitiveInfoFunction =
+  typeof ArcjetJsReqSensitiveInformationIdentifier.detect;
+
 async function moduleFromPath(path: string): Promise<WebAssembly.Module> {
   if (path === "arcjet_analyze_js_req.component.core.wasm") {
     return componentCoreWasm;
@@ -40,9 +48,20 @@ async function moduleFromPath(path: string): Promise<WebAssembly.Module> {
   throw new Error(`Unknown path: ${path}`);
 }
 
-async function init(context: AnalyzeContext) {
+function noOpDetect(): SensitiveInfoEntity[] {
+  return [];
+}
+
+async function init(
+  context: AnalyzeContext,
+  detectSensitiveInfo?: DetectSensitiveInfoFunction,
+) {
   const { log } = context;
 
+  if (typeof detectSensitiveInfo !== "function") {
+    detectSensitiveInfo = noOpDetect;
+  }
+
   const coreImports: ImportObject = {
     "arcjet:js-req/logger": {
       debug(msg) {
@@ -69,10 +88,13 @@ async function init(context: AnalyzeContext) {
         return "unknown";
       },
     },
+    "arcjet:js-req/sensitive-information-identifier": {
+      detect: detectSensitiveInfo,
+    },
   };
 
   try {
-    return core.instantiate(moduleFromPath, coreImports);
+    return instantiate(moduleFromPath, coreImports);
   } catch {
     log.debug("WebAssembly is not supported in this runtime");
   }
@@ -94,6 +116,9 @@ export {
    * almost certain this request was not a bot.
    */
   type BotDetectionResult,
+  type DetectedSensitiveInfoEntity,
+  type SensitiveInfoEntity,
+  type DetectSensitiveInfoFunction,
 };
 
 /**
@@ -161,3 +186,25 @@ export async function detectBot(
     };
   }
 }
+export async function detectSensitiveInfo(
+  context: AnalyzeContext,
+  candidate: string,
+  entities: SensitiveInfoEntities,
+  contextWindowSize: number,
+  detect?: DetectSensitiveInfoFunction,
+): Promise<SensitiveInfoResult> {
+  const analyze = await init(context, detect);
+
+  if (typeof analyze !== "undefined") {
+    const skipCustomDetect = typeof detect !== "function";
+    return analyze.detectSensitiveInfo(candidate, {
+      entities,
+      contextWindowSize,
+      skipCustomDetect,
+    });
+  } else {
+    throw new Error(
+      "SENSITIVE_INFO rule failed to run because Wasm is not supported in this environment.",
+    );
+  }
+}

package/index.d.ts

@@ -1,9 +1,11 @@
 import type { ArcjetLogger, ArcjetRequestDetails } from "@arcjet/protocol";
-import type { EmailValidationConfig, BotDetectionResult, BotType, EmailValidationResult } from "./wasm/arcjet_analyze_js_req.component.js";
+import type { EmailValidationConfig, BotDetectionResult, BotType, EmailValidationResult, DetectedSensitiveInfoEntity, SensitiveInfoEntities, SensitiveInfoEntity, SensitiveInfoResult } from "./wasm/arcjet_analyze_js_req.component.js";
+import type { ArcjetJsReqSensitiveInformationIdentifier } from "./wasm/interfaces/arcjet-js-req-sensitive-information-identifier.js";
 interface AnalyzeContext {
     log: ArcjetLogger;
     characteristics: string[];
 }
+type DetectSensitiveInfoFunction = typeof ArcjetJsReqSensitiveInformationIdentifier.detect;
 export { type EmailValidationConfig, type BotType, 
 /**
  * Represents the result of the bot detection.
@@ -17,7 +19,7 @@ export { type EmailValidationConfig, type BotType,
  * confidence level. `BotType.LikelyNotABot` with a score of 99 means we are
  * almost certain this request was not a bot.
  */
-type BotDetectionResult, };
+type BotDetectionResult, type DetectedSensitiveInfoEntity, type SensitiveInfoEntity, type DetectSensitiveInfoFunction, };
 /**
  * Generate a fingerprint for the client. This is used to identify the client
  * across multiple requests.
@@ -28,3 +30,4 @@ type BotDetectionResult, };
 export declare function generateFingerprint(context: AnalyzeContext, request: Partial<ArcjetRequestDetails>): Promise<string>;
 export declare function isValidEmail(context: AnalyzeContext, candidate: string, options?: EmailValidationConfig): Promise<EmailValidationResult>;
 export declare function detectBot(context: AnalyzeContext, headers: string, patterns_add: string, patterns_remove: string): Promise<BotDetectionResult>;
+export declare function detectSensitiveInfo(context: AnalyzeContext, candidate: string, entities: SensitiveInfoEntities, contextWindowSize: number, detect?: DetectSensitiveInfoFunction): Promise<SensitiveInfoResult>;

package/index.js

@@ -34,8 +34,14 @@ async function moduleFromPath(path) {
     }
     throw new Error(`Unknown path: ${path}`);
 }
-async function init(context) {
+function noOpDetect() {
+    return [];
+}
+async function init(context, detectSensitiveInfo) {
     const { log } = context;
+    if (typeof detectSensitiveInfo !== "function") {
+        detectSensitiveInfo = noOpDetect;
+    }
     const coreImports = {
         "arcjet:js-req/logger": {
             debug(msg) {
@@ -62,6 +68,9 @@ async function init(context) {
                 return "unknown";
             },
         },
+        "arcjet:js-req/sensitive-information-identifier": {
+            detect: detectSensitiveInfo,
+        },
     };
     try {
         return instantiate(moduleFromPath, coreImports);
@@ -116,5 +125,19 @@ async function detectBot(context, headers, patterns_add, patterns_remove) {
         };
     }
 }
+async function detectSensitiveInfo(context, candidate, entities, contextWindowSize, detect) {
+    const analyze = await init(context, detect);
+    if (typeof analyze !== "undefined") {
+        const skipCustomDetect = typeof detect !== "function";
+        return analyze.detectSensitiveInfo(candidate, {
+            entities,
+            contextWindowSize,
+            skipCustomDetect,
+        });
+    }
+    else {
+        throw new Error("SENSITIVE_INFO rule failed to run because Wasm is not supported in this environment.");
+    }
+}
 
-export { detectBot, generateFingerprint, isValidEmail };
+export { detectBot, detectSensitiveInfo, generateFingerprint, isValidEmail };

package/index.ts

@@ -1,13 +1,18 @@
 import type { ArcjetLogger, ArcjetRequestDetails } from "@arcjet/protocol";
 
-import * as core from "./wasm/arcjet_analyze_js_req.component.js";
+import { instantiate } from "./wasm/arcjet_analyze_js_req.component.js";
 import type {
   ImportObject,
   EmailValidationConfig,
   BotDetectionResult,
   BotType,
   EmailValidationResult,
+  DetectedSensitiveInfoEntity,
+  SensitiveInfoEntities,
+  SensitiveInfoEntity,
+  SensitiveInfoResult,
 } from "./wasm/arcjet_analyze_js_req.component.js";
+import type { ArcjetJsReqSensitiveInformationIdentifier } from "./wasm/interfaces/arcjet-js-req-sensitive-information-identifier.js";
 
 import { wasm as componentCoreWasm } from "./wasm/arcjet_analyze_js_req.component.core.wasm?js";
 import { wasm as componentCore2Wasm } from "./wasm/arcjet_analyze_js_req.component.core2.wasm?js";
@@ -26,6 +31,9 @@ interface AnalyzeContext {
   characteristics: string[];
 }
 
+type DetectSensitiveInfoFunction =
+  typeof ArcjetJsReqSensitiveInformationIdentifier.detect;
+
 // TODO: Do we actually need this wasmCache or does `import` cache correctly?
 const wasmCache = new Map<string, WebAssembly.Module>();
 
@@ -54,9 +62,20 @@ async function moduleFromPath(path: string): Promise<WebAssembly.Module> {
   throw new Error(`Unknown path: ${path}`);
 }
 
-async function init(context: AnalyzeContext) {
+function noOpDetect(): SensitiveInfoEntity[] {
+  return [];
+}
+
+async function init(
+  context: AnalyzeContext,
+  detectSensitiveInfo?: DetectSensitiveInfoFunction,
+) {
   const { log } = context;
 
+  if (typeof detectSensitiveInfo !== "function") {
+    detectSensitiveInfo = noOpDetect;
+  }
+
   const coreImports: ImportObject = {
     "arcjet:js-req/logger": {
       debug(msg) {
@@ -83,10 +102,13 @@ async function init(context: AnalyzeContext) {
         return "unknown";
       },
     },
+    "arcjet:js-req/sensitive-information-identifier": {
+      detect: detectSensitiveInfo,
+    },
   };
 
   try {
-    return core.instantiate(moduleFromPath, coreImports);
+    return instantiate(moduleFromPath, coreImports);
   } catch {
     log.debug("WebAssembly is not supported in this runtime");
   }
@@ -108,6 +130,9 @@ export {
    * almost certain this request was not a bot.
    */
   type BotDetectionResult,
+  type DetectedSensitiveInfoEntity,
+  type SensitiveInfoEntity,
+  type DetectSensitiveInfoFunction,
 };
 
 /**
@@ -175,3 +200,26 @@ export async function detectBot(
     };
   }
 }
+
+export async function detectSensitiveInfo(
+  context: AnalyzeContext,
+  candidate: string,
+  entities: SensitiveInfoEntities,
+  contextWindowSize: number,
+  detect?: DetectSensitiveInfoFunction,
+): Promise<SensitiveInfoResult> {
+  const analyze = await init(context, detect);
+
+  if (typeof analyze !== "undefined") {
+    const skipCustomDetect = typeof detect !== "function";
+    return analyze.detectSensitiveInfo(candidate, {
+      entities,
+      contextWindowSize,
+      skipCustomDetect,
+    });
+  } else {
+    throw new Error(
+      "SENSITIVE_INFO rule failed to run because Wasm is not supported in this environment.",
+    );
+  }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@arcjet/analyze",
-  "version": "1.0.0-alpha.21",
+  "version": "1.0.0-alpha.22",
   "description": "Arcjet local analysis engine",
   "license": "Apache-2.0",
   "homepage": "https://arcjet.com",
@@ -51,15 +51,15 @@
     "./wasm/arcjet_analyze_js_req_bg.js"
   ],
   "dependencies": {
-    "@arcjet/protocol": "1.0.0-alpha.21"
+    "@arcjet/protocol": "1.0.0-alpha.22"
   },
   "devDependencies": {
-    "@arcjet/eslint-config": "1.0.0-alpha.21",
-    "@arcjet/rollup-config": "1.0.0-alpha.21",
-    "@arcjet/tsconfig": "1.0.0-alpha.21",
-    "@bytecodealliance/jco": "1.2.4",
+    "@arcjet/eslint-config": "1.0.0-alpha.22",
+    "@arcjet/rollup-config": "1.0.0-alpha.22",
+    "@arcjet/tsconfig": "1.0.0-alpha.22",
+    "@bytecodealliance/jco": "1.4.4",
     "@jest/globals": "29.7.0",
-    "@rollup/wasm-node": "4.20.0",
+    "@rollup/wasm-node": "4.21.0",
     "@types/node": "18.18.0",
     "jest": "29.7.0",
     "typescript": "5.5.4"

package/wasm/arcjet_analyze_js_req.component.d.ts

@@ -1,3 +1,5 @@
+import type { SensitiveInfoEntity } from './interfaces/arcjet-js-req-sensitive-information-identifier.js';
+export { SensitiveInfoEntity };
 /**
 * # Variants
 * 
@@ -28,23 +30,49 @@ export interface BotDetectionResult {
 export type EmailValidity = 'valid' | 'invalid';
 export interface EmailValidationResult {
   validity: EmailValidity,
-  blocked: string[],
+  blocked: Array<string>,
 }
 export interface EmailValidationConfig {
   requireTopLevelDomain: boolean,
   allowDomainLiteral: boolean,
-  blockedEmails: string[],
+  blockedEmails: Array<string>,
+}
+export type SensitiveInfoEntities = SensitiveInfoEntitiesAllow | SensitiveInfoEntitiesDeny;
+export interface SensitiveInfoEntitiesAllow {
+  tag: 'allow',
+  val: Array<SensitiveInfoEntity>,
+}
+export interface SensitiveInfoEntitiesDeny {
+  tag: 'deny',
+  val: Array<SensitiveInfoEntity>,
+}
+export interface SensitiveInfoConfig {
+  entities: SensitiveInfoEntities,
+  contextWindowSize?: number,
+  skipCustomDetect: boolean,
+}
+export interface DetectedSensitiveInfoEntity {
+  start: number,
+  end: number,
+  identifiedType: SensitiveInfoEntity,
+}
+export interface SensitiveInfoResult {
+  allowed: Array<DetectedSensitiveInfoEntity>,
+  denied: Array<DetectedSensitiveInfoEntity>,
 }
 import { ArcjetJsReqEmailValidatorOverrides } from './interfaces/arcjet-js-req-email-validator-overrides.js';
 import { ArcjetJsReqLogger } from './interfaces/arcjet-js-req-logger.js';
+import { ArcjetJsReqSensitiveInformationIdentifier } from './interfaces/arcjet-js-req-sensitive-information-identifier.js';
 export interface ImportObject {
   'arcjet:js-req/email-validator-overrides': typeof ArcjetJsReqEmailValidatorOverrides,
   'arcjet:js-req/logger': typeof ArcjetJsReqLogger,
+  'arcjet:js-req/sensitive-information-identifier': typeof ArcjetJsReqSensitiveInformationIdentifier,
 }
 export interface Root {
   detectBot(headers: string, patternsAdd: string, patternsRemove: string): BotDetectionResult,
-  generateFingerprint(request: string, characteristics: string[]): string,
+  generateFingerprint(request: string, characteristics: Array<string>): string,
   isValidEmail(candidate: string, options: EmailValidationConfig): EmailValidationResult,
+  detectSensitiveInfo(content: string, options: SensitiveInfoConfig): SensitiveInfoResult,
 }
 
 /**
@@ -67,8 +95,13 @@ export interface Root {
 * on the web, for example.
 */
 export function instantiate(
-getCoreModule: (path: string) => Promise<WebAssembly.Module>,
+getCoreModule: (path: string) => WebAssembly.Module,
+imports: ImportObject,
+instantiateCore?: (module: WebAssembly.Module, imports: Record<string, any>) => WebAssembly.Instance
+): Root;
+export function instantiate(
+getCoreModule: (path: string) => WebAssembly.Module | Promise<WebAssembly.Module>,
 imports: ImportObject,
-instantiateCore?: (module: WebAssembly.Module, imports: Record<string, any>) => Promise<WebAssembly.Instance>
-): Promise<Root>;
+instantiateCore?: (module: WebAssembly.Module, imports: Record<string, any>) => WebAssembly.Instance | Promise<WebAssembly.Instance>
+): Root | Promise<Root>;