@browsertotal/scanner 1.0.0 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/README.md +14 -0
  2. package/dist/index.cjs +15 -0
  3. package/dist/index.d.cts +94 -0
  4. package/dist/index.d.ts +94 -10
  5. package/dist/index.js +15 -1
  6. package/package.json +7 -8
  7. package/dist/scanner.d.ts +0 -30
  8. package/dist/scanner.js +0 -1
  9. package/dist/types.d.ts +0 -53
  10. package/dist/types.js +0 -1
package/README.md CHANGED
@@ -14,6 +14,20 @@
14
14
 
15
15
  ---
16
16
 
17
+ ## Why BrowserTotal Scanner?
18
+
19
+ **Real Browser Analysis** - Unlike static analysis tools, BrowserTotal Scanner launches a **real browser instance** to analyze URLs and extensions exactly as they would execute in a user's environment. This catches threats that only activate in actual browser contexts.
20
+
21
+ **Dynamic Behavior Tracing** - Every network request, DOM manipulation, cookie access, and API call is traced and recorded. See what extensions and websites actually *do*, not just what their code looks like.
22
+
23
+ **Sandboxed Execution** - All analysis runs in an isolated, sandboxed browser environment. Test suspicious URLs and extensions safely without risking your system.
24
+
25
+ **AI-Powered Threat Detection** - Combines runtime behavior analysis with LLM-powered code review to identify obfuscated malware, data exfiltration, and sophisticated supply chain attacks.
26
+
27
+ **Multi-Platform Coverage** - Scan browser extensions (Chrome, Firefox, Edge, Safari, Opera, Brave), IDE plugins (VS Code, JetBrains), and packages (npm, PyPI, WordPress) - all through a unified API.
28
+
29
+ ---
30
+
17
31
  This package uses Puppeteer to automate browser interactions with BrowserTotal's analysis tools. It leverages a custom event system (`#automationEvent=true`) to receive complete scan results including AI/LLM analysis.
18
32
 
19
33
  ## Supported Platforms
package/dist/index.cjs ADDED
@@ -0,0 +1,15 @@
1
+ 'use strict';var S=require('puppeteer');function _interopDefault(e){return e&&e.__esModule?e:{default:e}}var S__default=/*#__PURE__*/_interopDefault(S);var h=Object.defineProperty;var y=(r,s)=>()=>(r&&(s=r(r=0)),s);var P=(r,s)=>{for(var t in s)h(r,t,{get:s[t],enumerable:true});};var l={};P(l,{BrowserTotalScanner:()=>exports.BrowserTotalScanner});function v(r){return Array.from(r).map(s=>s.charCodeAt(0).toString(16).padStart(2,"0")).join("")}var o,d,w;exports.BrowserTotalScanner=void 0;var c=y(()=>{o=process.env.BROWSERTOTAL_URL||"https://browsertotal.com",d=42e4,w={chrome:"google",firefox:"mozilla",edge:"microsoft",opera:"opera",safari:"safari",brave:"brave"};exports.BrowserTotalScanner=class{options;browser=null;constructor(s={}){this.options={headless:s.headless??true,timeout:s.timeout??d,waitForResults:s.waitForResults??true,disableAI:s.disableAI??true,userDataDir:s.userDataDir};}buildHashParams(){let s=["automationEvent=true"];return this.options.disableAI&&s.push("disableAI=true"),"#"+s.join("&")}async ensureBrowser(){return this.browser||(this.browser=await S__default.default.launch({headless:this.options.headless,args:["--no-sandbox","--disable-setuid-sandbox"],userDataDir:this.options.userDataDir})),this.browser}reportProgress(s,t){s&&s(t);}async scanUrl(s,t){let a=await(await this.ensureBrowser()).newPage();try{this.reportProgress(t,{phase:"initializing",message:"Starting URL scan..."});let n=v(s),i=`${o}/analysis/urls/${n}${this.buildHashParams()}`;this.reportProgress(t,{phase:"navigating",message:`Navigating to ${i}`});let p=this.waitForScanResultEvent(a,"url");if(await a.goto(i,{waitUntil:"networkidle2",timeout:this.options.timeout}),this.reportProgress(t,{phase:"scanning",message:"Waiting for scan results..."}),this.options.waitForResults){let u=await p;if(u)return this.reportProgress(t,{phase:"complete",message:"Scan complete"}),this.mapUrlEventResult(u,s,i)}throw this.reportProgress(t,{phase:"complete",message:"Scan error"}),new Error("Scan error")}finally{await a.close();}}async scanExtension(s,t="chrome",e){let a=w[t]||t,n=`${o}/analysis/live/store/${a}/${s}${this.buildHashParams()}`;return this.scanGenericExtension(s,n,`${t} extension`,e)}async scanVSCodeExtension(s,t){let e=`${o}/analysis/live/store/vscode/${s}${this.buildHashParams()}`;return this.scanGenericExtension(s,e,"VS Code extension",t)}async scanOpenVSXExtension(s,t){let e=`${o}/analysis/live/store/openvsx/${s}${this.buildHashParams()}`;return this.scanGenericExtension(s,e,"Open VSX extension",t)}async scanJetBrainsPlugin(s,t){let e=`${o}/analysis/live/store/jetbrains/${s}${this.buildHashParams()}`;return this.scanGenericExtension(s,e,"JetBrains plugin",t)}async scanNpmPackage(s,t){let e=`${o}/analysis/live/store/npmjs/${encodeURIComponent(s)}${this.buildHashParams()}`;return this.scanGenericPackage(s,"npmjs",e,"npm package",t)}async scanPyPIPackage(s,t){let e=`${o}/analysis/live/store/pypi/${encodeURIComponent(s)}${this.buildHashParams()}`;return this.scanGenericPackage(s,"pypi",e,"PyPI package",t)}async scanWordPressPlugin(s,t){let e=`${o}/analysis/live/store/wordpress/${encodeURIComponent(s)}${this.buildHashParams()}`;return this.scanGenericExtension(s,e,"WordPress plugin",t)}async scanHuggingFace(s,t){let e=`${o}/analysis/live/store/huggingface/${encodeURIComponent(s)}${this.buildHashParams()}`;return this.scanGenericExtension(s,e,"Hugging Face model",t)}async scanAppSourceAddin(s,t){let e=`${o}/analysis/live/store/appsource/${s}${this.buildHashParams()}`;return this.scanGenericExtension(s,e,"AppSource add-in",t)}async scanPowerShellModule(s,t){let e=`${o}/analysis/live/store/powershellgallery/${encodeURIComponent(s)}${this.buildHashParams()}`;return this.scanGenericPackage(s,"powershellgallery",e,"PowerShell module",t)}async scanSalesforceApp(s,t){let e=`${o}/analysis/live/store/salesforce/${s}${this.buildHashParams()}`;return this.scanGenericExtension(s,e,"Salesforce app",t)}async scanByPlatform(s,t,e){if(t in w)return this.scanExtension(s,t,e);switch(t){case "vscode":return this.scanVSCodeExtension(s,e);case "openvsx":return this.scanOpenVSXExtension(s,e);case "jetbrains":return this.scanJetBrainsPlugin(s,e);case "npmjs":return this.scanNpmPackage(s,e);case "pypi":return this.scanPyPIPackage(s,e);case "wordpress":return this.scanWordPressPlugin(s,e);case "huggingface":return this.scanHuggingFace(s,e);case "appsource":return this.scanAppSourceAddin(s,e);case "powershellgallery":return this.scanPowerShellModule(s,e);default:throw new Error(`Unsupported platform: ${t}`)}}async scanGenericExtension(s,t,e,a){let i=await(await this.ensureBrowser()).newPage();try{this.reportProgress(a,{phase:"initializing",message:`Starting ${e} scan...`}),this.reportProgress(a,{phase:"navigating",message:`Navigating to ${t}`});let p=this.waitForScanResultEvent(i,"extension");if(await i.goto(t,{waitUntil:"networkidle2",timeout:this.options.timeout}),this.reportProgress(a,{phase:"scanning",message:`Waiting for ${e} analysis...`}),this.options.waitForResults){let u=await p;if(u)return this.reportProgress(a,{phase:"complete",message:"Scan complete"}),this.mapExtensionEventResult(u,s,t)}throw this.reportProgress(a,{phase:"complete",message:"Scan error"}),new Error("Scan error")}finally{await i.close();}}async scanGenericPackage(s,t,e,a,n){let p=await(await this.ensureBrowser()).newPage();try{this.reportProgress(n,{phase:"initializing",message:`Starting ${a} scan...`}),this.reportProgress(n,{phase:"navigating",message:`Navigating to ${e}`});let u=this.waitForScanResultEvent(p,"extension");if(await p.goto(e,{waitUntil:"networkidle2",timeout:this.options.timeout}),this.reportProgress(n,{phase:"scanning",message:`Waiting for ${a} analysis...`}),this.options.waitForResults){let m=await u;if(m)return this.reportProgress(n,{phase:"complete",message:"Scan complete"}),this.mapPackageEventResult(m,s,t,e)}throw this.reportProgress(n,{phase:"complete",message:"Scan error"}),new Error("Scan error")}finally{await p.close();}}async waitForScanResultEvent(s,t){return new Promise(e=>{let a=setTimeout(()=>{console.log("[Scanner] Timeout waiting for scan_result event"),e(null);},this.options.timeout);s.exposeFunction("__browsertotalScanResult",n=>{clearTimeout(a),n?.type===t?(console.log("[Scanner] Received scan_result event:",n.type),e(n)):(console.log("[Scanner] Received wrong event type:",n?.type,"expected:",t),e(null));}).catch(()=>{}),s.evaluateOnNewDocument(`
2
+ window.addEventListener('scan_result', function(event) {
3
+ console.log('[BrowserTotal] scan_result event fired');
4
+ if (typeof window.__browsertotalScanResult === 'function') {
5
+ window.__browsertotalScanResult(event.detail);
6
+ }
7
+ });
8
+ `).catch(()=>{s.evaluate(`
9
+ window.addEventListener('scan_result', function(event) {
10
+ console.log('[BrowserTotal] scan_result event fired (late binding)');
11
+ if (typeof window.__browsertotalScanResult === 'function') {
12
+ window.__browsertotalScanResult(event.detail);
13
+ }
14
+ });
15
+ `).catch(()=>{});});})}mapUrlEventResult(s,t,e){let a=s.data||{};return {url:t,status:this.mapStatus(s.status,a.riskLevel),score:a.score,threats:a.threats?.map(n=>({type:typeof n=="string"?n:n.type||n.description,severity:n.severity||"medium",description:n.description}))||a.vulnerabilities?.map(n=>({type:n.type||n.vulnerability||n.description,severity:n.severity||"medium",description:n.description})),categories:a.categories,scanUrl:e.replace(/#.*$/,""),timestamp:new Date(s.timestamp||Date.now()),raw:s}}mapExtensionEventResult(s,t,e){let a=s.data||{};return {extensionId:t,name:a.name,status:this.mapStatus(s.status,a.riskLevel),score:a.score,permissions:a.permissions,threats:a.threats?.map(n=>({type:typeof n=="string"?n:n.type||n.description,severity:n.severity||"medium",description:n.description}))||a.vulnerabilities?.map(n=>({type:n.type||n.vulnerability||n.description,severity:n.severity||"medium",description:n.description})),scanUrl:e.replace(/#.*$/,""),timestamp:new Date(s.timestamp||Date.now()),raw:s}}mapPackageEventResult(s,t,e,a){let n=s.data||{};return {packageName:t,platform:e,name:n.name,version:n.version,status:this.mapStatus(s.status,n.riskLevel),score:n.score,dependencies:n.dependencies,threats:n.threats?.map(i=>({type:typeof i=="string"?i:i.type||i.description,severity:i.severity||"medium",description:i.description}))||n.vulnerabilities?.map(i=>({type:i.type||i.vulnerability||i.description,severity:i.severity||"medium",description:i.description})),scanUrl:a.replace(/#.*$/,""),timestamp:new Date(s.timestamp||Date.now()),raw:s}}mapStatus(s,t){if(s==="error")return "error";let e=(t||"").toLowerCase();return e==="critical"||e==="malicious"?"malicious":e==="high"||e==="suspicious"?"suspicious":e==="safe"||e==="low"||e==="clean"?"safe":e==="medium"?"suspicious":"unknown"}async close(){this.browser&&(await this.browser.close(),this.browser=null);}async[Symbol.asyncDispose](){await this.close();}};});c();async function x(r,s){let{BrowserTotalScanner:t}=await Promise.resolve().then(()=>(c(),l)),e=new t(s);try{return await e.scanUrl(r)}finally{await e.close();}}async function k(r,s="chrome",t){let{BrowserTotalScanner:e}=await Promise.resolve().then(()=>(c(),l)),a=new e(t);try{return await a.scanExtension(r,s)}finally{await a.close();}}async function $(r,s){let{BrowserTotalScanner:t}=await Promise.resolve().then(()=>(c(),l)),e=new t(s);try{return await e.scanVSCodeExtension(r)}finally{await e.close();}}async function U(r,s){let{BrowserTotalScanner:t}=await Promise.resolve().then(()=>(c(),l)),e=new t(s);try{return await e.scanJetBrainsPlugin(r)}finally{await e.close();}}async function B(r,s){let{BrowserTotalScanner:t}=await Promise.resolve().then(()=>(c(),l)),e=new t(s);try{return await e.scanNpmPackage(r)}finally{await e.close();}}async function C(r,s){let{BrowserTotalScanner:t}=await Promise.resolve().then(()=>(c(),l)),e=new t(s);try{return await e.scanPyPIPackage(r)}finally{await e.close();}}async function _(r,s){let{BrowserTotalScanner:t}=await Promise.resolve().then(()=>(c(),l)),e=new t(s);try{return await e.scanWordPressPlugin(r)}finally{await e.close();}}exports.scanExtension=k;exports.scanJetBrainsPlugin=U;exports.scanNpmPackage=B;exports.scanPyPIPackage=C;exports.scanUrl=x;exports.scanVSCodeExtension=$;exports.scanWordPressPlugin=_;
package/dist/index.d.cts ADDED
@@ -0,0 +1,94 @@
1
+ interface ScannerOptions {
2
+ headless?: boolean;
3
+ timeout?: number;
4
+ waitForResults?: boolean;
5
+ disableAI?: boolean;
6
+ userDataDir?: string;
7
+ }
8
+ type BrowserStore = 'chrome' | 'firefox' | 'edge' | 'opera' | 'safari' | 'brave';
9
+ type Platform = 'vscode' | 'openvsx' | 'jetbrains' | 'npmjs' | 'pypi' | 'wordpress' | 'huggingface' | 'appsource' | 'powershellgallery' | 'salesforce';
10
+ interface ThreatInfo {
11
+ type: string;
12
+ severity: 'low' | 'medium' | 'high' | 'critical';
13
+ description?: string;
14
+ }
15
+ interface UrlScanResult {
16
+ url: string;
17
+ status: 'safe' | 'suspicious' | 'malicious' | 'unknown' | 'error';
18
+ score?: number;
19
+ threats?: ThreatInfo[];
20
+ categories?: string[];
21
+ scanUrl: string;
22
+ timestamp: Date;
23
+ raw?: Record<string, unknown>;
24
+ }
25
+ interface ExtensionScanResult {
26
+ extensionId: string;
27
+ name?: string;
28
+ status: 'safe' | 'suspicious' | 'malicious' | 'unknown' | 'error';
29
+ score?: number;
30
+ permissions?: string[];
31
+ threats?: ThreatInfo[];
32
+ scanUrl: string;
33
+ timestamp: Date;
34
+ raw?: Record<string, unknown>;
35
+ }
36
+ interface PackageScanResult {
37
+ packageName: string;
38
+ platform: string;
39
+ name?: string;
40
+ version?: string;
41
+ status: 'safe' | 'suspicious' | 'malicious' | 'unknown' | 'error';
42
+ score?: number;
43
+ dependencies?: Record<string, string>;
44
+ threats?: ThreatInfo[];
45
+ scanUrl: string;
46
+ timestamp: Date;
47
+ raw?: Record<string, unknown>;
48
+ }
49
+ interface ScanProgress {
50
+ phase: 'initializing' | 'navigating' | 'scanning' | 'extracting' | 'complete';
51
+ message: string;
52
+ }
53
+ type ProgressCallback = (progress: ScanProgress) => void;
54
+
55
+ declare class BrowserTotalScanner {
56
+ private options;
57
+ private browser;
58
+ constructor(options?: ScannerOptions);
59
+ private buildHashParams;
60
+ private ensureBrowser;
61
+ private reportProgress;
62
+ scanUrl(url: string, onProgress?: ProgressCallback): Promise<UrlScanResult>;
63
+ scanExtension(extensionId: string, store?: BrowserStore, onProgress?: ProgressCallback): Promise<ExtensionScanResult>;
64
+ scanVSCodeExtension(extensionId: string, onProgress?: ProgressCallback): Promise<ExtensionScanResult>;
65
+ scanOpenVSXExtension(extensionId: string, onProgress?: ProgressCallback): Promise<ExtensionScanResult>;
66
+ scanJetBrainsPlugin(pluginId: string, onProgress?: ProgressCallback): Promise<ExtensionScanResult>;
67
+ scanNpmPackage(packageName: string, onProgress?: ProgressCallback): Promise<PackageScanResult>;
68
+ scanPyPIPackage(packageName: string, onProgress?: ProgressCallback): Promise<PackageScanResult>;
69
+ scanWordPressPlugin(pluginSlug: string, onProgress?: ProgressCallback): Promise<ExtensionScanResult>;
70
+ scanHuggingFace(modelId: string, onProgress?: ProgressCallback): Promise<ExtensionScanResult>;
71
+ scanAppSourceAddin(addinId: string, onProgress?: ProgressCallback): Promise<ExtensionScanResult>;
72
+ scanPowerShellModule(moduleName: string, onProgress?: ProgressCallback): Promise<PackageScanResult>;
73
+ scanSalesforceApp(appId: string, onProgress?: ProgressCallback): Promise<ExtensionScanResult>;
74
+ scanByPlatform(identifier: string, platform: Platform | BrowserStore, onProgress?: ProgressCallback): Promise<ExtensionScanResult | PackageScanResult>;
75
+ private scanGenericExtension;
76
+ private scanGenericPackage;
77
+ private waitForScanResultEvent;
78
+ private mapUrlEventResult;
79
+ private mapExtensionEventResult;
80
+ private mapPackageEventResult;
81
+ private mapStatus;
82
+ close(): Promise<void>;
83
+ [Symbol.asyncDispose](): Promise<void>;
84
+ }
85
+
86
+ declare function scanUrl(url: string, options?: ScannerOptions): Promise<UrlScanResult>;
87
+ declare function scanExtension(extensionId: string, store?: BrowserStore, options?: ScannerOptions): Promise<ExtensionScanResult>;
88
+ declare function scanVSCodeExtension(extensionId: string, options?: ScannerOptions): Promise<ExtensionScanResult>;
89
+ declare function scanJetBrainsPlugin(pluginId: string, options?: ScannerOptions): Promise<ExtensionScanResult>;
90
+ declare function scanNpmPackage(packageName: string, options?: ScannerOptions): Promise<PackageScanResult>;
91
+ declare function scanPyPIPackage(packageName: string, options?: ScannerOptions): Promise<PackageScanResult>;
92
+ declare function scanWordPressPlugin(pluginSlug: string, options?: ScannerOptions): Promise<ExtensionScanResult>;
93
+
94
+ export { type BrowserStore, BrowserTotalScanner, type ExtensionScanResult, type PackageScanResult, type Platform, type ProgressCallback, type ScanProgress, type ScannerOptions, type ThreatInfo, type UrlScanResult, scanExtension, scanJetBrainsPlugin, scanNpmPackage, scanPyPIPackage, scanUrl, scanVSCodeExtension, scanWordPressPlugin };
package/dist/index.d.ts CHANGED
@@ -1,10 +1,94 @@
1
- export { BrowserTotalScanner } from './scanner.js';
2
- export { ScannerOptions, UrlScanResult, ExtensionScanResult, PackageScanResult, ThreatInfo, ScanProgress, ProgressCallback, BrowserStore, Platform, } from './types.js';
3
- import type { ScannerOptions, UrlScanResult, ExtensionScanResult, PackageScanResult, BrowserStore } from './types.js';
4
- export declare function scanUrl(url: string, options?: ScannerOptions): Promise<UrlScanResult>;
5
- export declare function scanExtension(extensionId: string, store?: BrowserStore, options?: ScannerOptions): Promise<ExtensionScanResult>;
6
- export declare function scanVSCodeExtension(extensionId: string, options?: ScannerOptions): Promise<ExtensionScanResult>;
7
- export declare function scanJetBrainsPlugin(pluginId: string, options?: ScannerOptions): Promise<ExtensionScanResult>;
8
- export declare function scanNpmPackage(packageName: string, options?: ScannerOptions): Promise<PackageScanResult>;
9
- export declare function scanPyPIPackage(packageName: string, options?: ScannerOptions): Promise<PackageScanResult>;
10
- export declare function scanWordPressPlugin(pluginSlug: string, options?: ScannerOptions): Promise<ExtensionScanResult>;
1
+ interface ScannerOptions {
2
+ headless?: boolean;
3
+ timeout?: number;
4
+ waitForResults?: boolean;
5
+ disableAI?: boolean;
6
+ userDataDir?: string;
7
+ }
8
+ type BrowserStore = 'chrome' | 'firefox' | 'edge' | 'opera' | 'safari' | 'brave';
9
+ type Platform = 'vscode' | 'openvsx' | 'jetbrains' | 'npmjs' | 'pypi' | 'wordpress' | 'huggingface' | 'appsource' | 'powershellgallery' | 'salesforce';
10
+ interface ThreatInfo {
11
+ type: string;
12
+ severity: 'low' | 'medium' | 'high' | 'critical';
13
+ description?: string;
14
+ }
15
+ interface UrlScanResult {
16
+ url: string;
17
+ status: 'safe' | 'suspicious' | 'malicious' | 'unknown' | 'error';
18
+ score?: number;
19
+ threats?: ThreatInfo[];
20
+ categories?: string[];
21
+ scanUrl: string;
22
+ timestamp: Date;
23
+ raw?: Record<string, unknown>;
24
+ }
25
+ interface ExtensionScanResult {
26
+ extensionId: string;
27
+ name?: string;
28
+ status: 'safe' | 'suspicious' | 'malicious' | 'unknown' | 'error';
29
+ score?: number;
30
+ permissions?: string[];
31
+ threats?: ThreatInfo[];
32
+ scanUrl: string;
33
+ timestamp: Date;
34
+ raw?: Record<string, unknown>;
35
+ }
36
+ interface PackageScanResult {
37
+ packageName: string;
38
+ platform: string;
39
+ name?: string;
40
+ version?: string;
41
+ status: 'safe' | 'suspicious' | 'malicious' | 'unknown' | 'error';
42
+ score?: number;
43
+ dependencies?: Record<string, string>;
44
+ threats?: ThreatInfo[];
45
+ scanUrl: string;
46
+ timestamp: Date;
47
+ raw?: Record<string, unknown>;
48
+ }
49
+ interface ScanProgress {
50
+ phase: 'initializing' | 'navigating' | 'scanning' | 'extracting' | 'complete';
51
+ message: string;
52
+ }
53
+ type ProgressCallback = (progress: ScanProgress) => void;
54
+
55
+ declare class BrowserTotalScanner {
56
+ private options;
57
+ private browser;
58
+ constructor(options?: ScannerOptions);
59
+ private buildHashParams;
60
+ private ensureBrowser;
61
+ private reportProgress;
62
+ scanUrl(url: string, onProgress?: ProgressCallback): Promise<UrlScanResult>;
63
+ scanExtension(extensionId: string, store?: BrowserStore, onProgress?: ProgressCallback): Promise<ExtensionScanResult>;
64
+ scanVSCodeExtension(extensionId: string, onProgress?: ProgressCallback): Promise<ExtensionScanResult>;
65
+ scanOpenVSXExtension(extensionId: string, onProgress?: ProgressCallback): Promise<ExtensionScanResult>;
66
+ scanJetBrainsPlugin(pluginId: string, onProgress?: ProgressCallback): Promise<ExtensionScanResult>;
67
+ scanNpmPackage(packageName: string, onProgress?: ProgressCallback): Promise<PackageScanResult>;
68
+ scanPyPIPackage(packageName: string, onProgress?: ProgressCallback): Promise<PackageScanResult>;
69
+ scanWordPressPlugin(pluginSlug: string, onProgress?: ProgressCallback): Promise<ExtensionScanResult>;
70
+ scanHuggingFace(modelId: string, onProgress?: ProgressCallback): Promise<ExtensionScanResult>;
71
+ scanAppSourceAddin(addinId: string, onProgress?: ProgressCallback): Promise<ExtensionScanResult>;
72
+ scanPowerShellModule(moduleName: string, onProgress?: ProgressCallback): Promise<PackageScanResult>;
73
+ scanSalesforceApp(appId: string, onProgress?: ProgressCallback): Promise<ExtensionScanResult>;
74
+ scanByPlatform(identifier: string, platform: Platform | BrowserStore, onProgress?: ProgressCallback): Promise<ExtensionScanResult | PackageScanResult>;
75
+ private scanGenericExtension;
76
+ private scanGenericPackage;
77
+ private waitForScanResultEvent;
78
+ private mapUrlEventResult;
79
+ private mapExtensionEventResult;
80
+ private mapPackageEventResult;
81
+ private mapStatus;
82
+ close(): Promise<void>;
83
+ [Symbol.asyncDispose](): Promise<void>;
84
+ }
85
+
86
+ declare function scanUrl(url: string, options?: ScannerOptions): Promise<UrlScanResult>;
87
+ declare function scanExtension(extensionId: string, store?: BrowserStore, options?: ScannerOptions): Promise<ExtensionScanResult>;
88
+ declare function scanVSCodeExtension(extensionId: string, options?: ScannerOptions): Promise<ExtensionScanResult>;
89
+ declare function scanJetBrainsPlugin(pluginId: string, options?: ScannerOptions): Promise<ExtensionScanResult>;
90
+ declare function scanNpmPackage(packageName: string, options?: ScannerOptions): Promise<PackageScanResult>;
91
+ declare function scanPyPIPackage(packageName: string, options?: ScannerOptions): Promise<PackageScanResult>;
92
+ declare function scanWordPressPlugin(pluginSlug: string, options?: ScannerOptions): Promise<ExtensionScanResult>;
93
+
94
+ export { type BrowserStore, BrowserTotalScanner, type ExtensionScanResult, type PackageScanResult, type Platform, type ProgressCallback, type ScanProgress, type ScannerOptions, type ThreatInfo, type UrlScanResult, scanExtension, scanJetBrainsPlugin, scanNpmPackage, scanPyPIPackage, scanUrl, scanVSCodeExtension, scanWordPressPlugin };
package/dist/index.js CHANGED
@@ -1 +1,15 @@
1
- export{BrowserTotalScanner}from"./scanner.js";export async function scanUrl(n,a){const{BrowserTotalScanner:r}=await import("./scanner.js"),t=new r(a);try{return await t.scanUrl(n)}finally{await t.close()}}export async function scanExtension(n,a="chrome",r){const{BrowserTotalScanner:t}=await import("./scanner.js"),s=new t(r);try{return await s.scanExtension(n,a)}finally{await s.close()}}export async function scanVSCodeExtension(n,a){const{BrowserTotalScanner:r}=await import("./scanner.js"),t=new r(a);try{return await t.scanVSCodeExtension(n)}finally{await t.close()}}export async function scanJetBrainsPlugin(n,a){const{BrowserTotalScanner:r}=await import("./scanner.js"),t=new r(a);try{return await t.scanJetBrainsPlugin(n)}finally{await t.close()}}export async function scanNpmPackage(n,a){const{BrowserTotalScanner:r}=await import("./scanner.js"),t=new r(a);try{return await t.scanNpmPackage(n)}finally{await t.close()}}export async function scanPyPIPackage(n,a){const{BrowserTotalScanner:r}=await import("./scanner.js"),t=new r(a);try{return await t.scanPyPIPackage(n)}finally{await t.close()}}export async function scanWordPressPlugin(n,a){const{BrowserTotalScanner:r}=await import("./scanner.js"),t=new r(a);try{return await t.scanWordPressPlugin(n)}finally{await t.close()}}
1
+ import S from'puppeteer';var h=Object.defineProperty;var y=(r,s)=>()=>(r&&(s=r(r=0)),s);var P=(r,s)=>{for(var t in s)h(r,t,{get:s[t],enumerable:true});};var l={};P(l,{BrowserTotalScanner:()=>g});function v(r){return Array.from(r).map(s=>s.charCodeAt(0).toString(16).padStart(2,"0")).join("")}var o,d,w,g,c=y(()=>{o=process.env.BROWSERTOTAL_URL||"https://browsertotal.com",d=42e4,w={chrome:"google",firefox:"mozilla",edge:"microsoft",opera:"opera",safari:"safari",brave:"brave"};g=class{options;browser=null;constructor(s={}){this.options={headless:s.headless??true,timeout:s.timeout??d,waitForResults:s.waitForResults??true,disableAI:s.disableAI??true,userDataDir:s.userDataDir};}buildHashParams(){let s=["automationEvent=true"];return this.options.disableAI&&s.push("disableAI=true"),"#"+s.join("&")}async ensureBrowser(){return this.browser||(this.browser=await S.launch({headless:this.options.headless,args:["--no-sandbox","--disable-setuid-sandbox"],userDataDir:this.options.userDataDir})),this.browser}reportProgress(s,t){s&&s(t);}async scanUrl(s,t){let a=await(await this.ensureBrowser()).newPage();try{this.reportProgress(t,{phase:"initializing",message:"Starting URL scan..."});let n=v(s),i=`${o}/analysis/urls/${n}${this.buildHashParams()}`;this.reportProgress(t,{phase:"navigating",message:`Navigating to ${i}`});let p=this.waitForScanResultEvent(a,"url");if(await a.goto(i,{waitUntil:"networkidle2",timeout:this.options.timeout}),this.reportProgress(t,{phase:"scanning",message:"Waiting for scan results..."}),this.options.waitForResults){let u=await p;if(u)return this.reportProgress(t,{phase:"complete",message:"Scan complete"}),this.mapUrlEventResult(u,s,i)}throw this.reportProgress(t,{phase:"complete",message:"Scan error"}),new Error("Scan error")}finally{await a.close();}}async scanExtension(s,t="chrome",e){let a=w[t]||t,n=`${o}/analysis/live/store/${a}/${s}${this.buildHashParams()}`;return this.scanGenericExtension(s,n,`${t} extension`,e)}async scanVSCodeExtension(s,t){let e=`${o}/analysis/live/store/vscode/${s}${this.buildHashParams()}`;return this.scanGenericExtension(s,e,"VS Code extension",t)}async scanOpenVSXExtension(s,t){let e=`${o}/analysis/live/store/openvsx/${s}${this.buildHashParams()}`;return this.scanGenericExtension(s,e,"Open VSX extension",t)}async scanJetBrainsPlugin(s,t){let e=`${o}/analysis/live/store/jetbrains/${s}${this.buildHashParams()}`;return this.scanGenericExtension(s,e,"JetBrains plugin",t)}async scanNpmPackage(s,t){let e=`${o}/analysis/live/store/npmjs/${encodeURIComponent(s)}${this.buildHashParams()}`;return this.scanGenericPackage(s,"npmjs",e,"npm package",t)}async scanPyPIPackage(s,t){let e=`${o}/analysis/live/store/pypi/${encodeURIComponent(s)}${this.buildHashParams()}`;return this.scanGenericPackage(s,"pypi",e,"PyPI package",t)}async scanWordPressPlugin(s,t){let e=`${o}/analysis/live/store/wordpress/${encodeURIComponent(s)}${this.buildHashParams()}`;return this.scanGenericExtension(s,e,"WordPress plugin",t)}async scanHuggingFace(s,t){let e=`${o}/analysis/live/store/huggingface/${encodeURIComponent(s)}${this.buildHashParams()}`;return this.scanGenericExtension(s,e,"Hugging Face model",t)}async scanAppSourceAddin(s,t){let e=`${o}/analysis/live/store/appsource/${s}${this.buildHashParams()}`;return this.scanGenericExtension(s,e,"AppSource add-in",t)}async scanPowerShellModule(s,t){let e=`${o}/analysis/live/store/powershellgallery/${encodeURIComponent(s)}${this.buildHashParams()}`;return this.scanGenericPackage(s,"powershellgallery",e,"PowerShell module",t)}async scanSalesforceApp(s,t){let e=`${o}/analysis/live/store/salesforce/${s}${this.buildHashParams()}`;return this.scanGenericExtension(s,e,"Salesforce app",t)}async scanByPlatform(s,t,e){if(t in w)return this.scanExtension(s,t,e);switch(t){case "vscode":return this.scanVSCodeExtension(s,e);case "openvsx":return this.scanOpenVSXExtension(s,e);case "jetbrains":return this.scanJetBrainsPlugin(s,e);case "npmjs":return this.scanNpmPackage(s,e);case "pypi":return this.scanPyPIPackage(s,e);case "wordpress":return this.scanWordPressPlugin(s,e);case "huggingface":return this.scanHuggingFace(s,e);case "appsource":return this.scanAppSourceAddin(s,e);case "powershellgallery":return this.scanPowerShellModule(s,e);default:throw new Error(`Unsupported platform: ${t}`)}}async scanGenericExtension(s,t,e,a){let i=await(await this.ensureBrowser()).newPage();try{this.reportProgress(a,{phase:"initializing",message:`Starting ${e} scan...`}),this.reportProgress(a,{phase:"navigating",message:`Navigating to ${t}`});let p=this.waitForScanResultEvent(i,"extension");if(await i.goto(t,{waitUntil:"networkidle2",timeout:this.options.timeout}),this.reportProgress(a,{phase:"scanning",message:`Waiting for ${e} analysis...`}),this.options.waitForResults){let u=await p;if(u)return this.reportProgress(a,{phase:"complete",message:"Scan complete"}),this.mapExtensionEventResult(u,s,t)}throw this.reportProgress(a,{phase:"complete",message:"Scan error"}),new Error("Scan error")}finally{await i.close();}}async scanGenericPackage(s,t,e,a,n){let p=await(await this.ensureBrowser()).newPage();try{this.reportProgress(n,{phase:"initializing",message:`Starting ${a} scan...`}),this.reportProgress(n,{phase:"navigating",message:`Navigating to ${e}`});let u=this.waitForScanResultEvent(p,"extension");if(await p.goto(e,{waitUntil:"networkidle2",timeout:this.options.timeout}),this.reportProgress(n,{phase:"scanning",message:`Waiting for ${a} analysis...`}),this.options.waitForResults){let m=await u;if(m)return this.reportProgress(n,{phase:"complete",message:"Scan complete"}),this.mapPackageEventResult(m,s,t,e)}throw this.reportProgress(n,{phase:"complete",message:"Scan error"}),new Error("Scan error")}finally{await p.close();}}async waitForScanResultEvent(s,t){return new Promise(e=>{let a=setTimeout(()=>{console.log("[Scanner] Timeout waiting for scan_result event"),e(null);},this.options.timeout);s.exposeFunction("__browsertotalScanResult",n=>{clearTimeout(a),n?.type===t?(console.log("[Scanner] Received scan_result event:",n.type),e(n)):(console.log("[Scanner] Received wrong event type:",n?.type,"expected:",t),e(null));}).catch(()=>{}),s.evaluateOnNewDocument(`
2
+ window.addEventListener('scan_result', function(event) {
3
+ console.log('[BrowserTotal] scan_result event fired');
4
+ if (typeof window.__browsertotalScanResult === 'function') {
5
+ window.__browsertotalScanResult(event.detail);
6
+ }
7
+ });
8
+ `).catch(()=>{s.evaluate(`
9
+ window.addEventListener('scan_result', function(event) {
10
+ console.log('[BrowserTotal] scan_result event fired (late binding)');
11
+ if (typeof window.__browsertotalScanResult === 'function') {
12
+ window.__browsertotalScanResult(event.detail);
13
+ }
14
+ });
15
+ `).catch(()=>{});});})}mapUrlEventResult(s,t,e){let a=s.data||{};return {url:t,status:this.mapStatus(s.status,a.riskLevel),score:a.score,threats:a.threats?.map(n=>({type:typeof n=="string"?n:n.type||n.description,severity:n.severity||"medium",description:n.description}))||a.vulnerabilities?.map(n=>({type:n.type||n.vulnerability||n.description,severity:n.severity||"medium",description:n.description})),categories:a.categories,scanUrl:e.replace(/#.*$/,""),timestamp:new Date(s.timestamp||Date.now()),raw:s}}mapExtensionEventResult(s,t,e){let a=s.data||{};return {extensionId:t,name:a.name,status:this.mapStatus(s.status,a.riskLevel),score:a.score,permissions:a.permissions,threats:a.threats?.map(n=>({type:typeof n=="string"?n:n.type||n.description,severity:n.severity||"medium",description:n.description}))||a.vulnerabilities?.map(n=>({type:n.type||n.vulnerability||n.description,severity:n.severity||"medium",description:n.description})),scanUrl:e.replace(/#.*$/,""),timestamp:new Date(s.timestamp||Date.now()),raw:s}}mapPackageEventResult(s,t,e,a){let n=s.data||{};return {packageName:t,platform:e,name:n.name,version:n.version,status:this.mapStatus(s.status,n.riskLevel),score:n.score,dependencies:n.dependencies,threats:n.threats?.map(i=>({type:typeof i=="string"?i:i.type||i.description,severity:i.severity||"medium",description:i.description}))||n.vulnerabilities?.map(i=>({type:i.type||i.vulnerability||i.description,severity:i.severity||"medium",description:i.description})),scanUrl:a.replace(/#.*$/,""),timestamp:new Date(s.timestamp||Date.now()),raw:s}}mapStatus(s,t){if(s==="error")return "error";let e=(t||"").toLowerCase();return e==="critical"||e==="malicious"?"malicious":e==="high"||e==="suspicious"?"suspicious":e==="safe"||e==="low"||e==="clean"?"safe":e==="medium"?"suspicious":"unknown"}async close(){this.browser&&(await this.browser.close(),this.browser=null);}async[Symbol.asyncDispose](){await this.close();}};});c();async function x(r,s){let{BrowserTotalScanner:t}=await Promise.resolve().then(()=>(c(),l)),e=new t(s);try{return await e.scanUrl(r)}finally{await e.close();}}async function k(r,s="chrome",t){let{BrowserTotalScanner:e}=await Promise.resolve().then(()=>(c(),l)),a=new e(t);try{return await a.scanExtension(r,s)}finally{await a.close();}}async function $(r,s){let{BrowserTotalScanner:t}=await Promise.resolve().then(()=>(c(),l)),e=new t(s);try{return await e.scanVSCodeExtension(r)}finally{await e.close();}}async function U(r,s){let{BrowserTotalScanner:t}=await Promise.resolve().then(()=>(c(),l)),e=new t(s);try{return await e.scanJetBrainsPlugin(r)}finally{await e.close();}}async function B(r,s){let{BrowserTotalScanner:t}=await Promise.resolve().then(()=>(c(),l)),e=new t(s);try{return await e.scanNpmPackage(r)}finally{await e.close();}}async function C(r,s){let{BrowserTotalScanner:t}=await Promise.resolve().then(()=>(c(),l)),e=new t(s);try{return await e.scanPyPIPackage(r)}finally{await e.close();}}async function _(r,s){let{BrowserTotalScanner:t}=await Promise.resolve().then(()=>(c(),l)),e=new t(s);try{return await e.scanWordPressPlugin(r)}finally{await e.close();}}export{g as BrowserTotalScanner,k as scanExtension,U as scanJetBrainsPlugin,B as scanNpmPackage,C as scanPyPIPackage,x as scanUrl,$ as scanVSCodeExtension,_ as scanWordPressPlugin};
package/package.json CHANGED
@@ -1,16 +1,16 @@
1
1
  {
2
2
  "name": "@browsertotal/scanner",
3
- "version": "1.0.0",
3
+ "version": "1.0.2",
4
4
  "description": "Scan URLs and extensions using BrowserTotal.com",
5
5
  "type": "module",
6
- "main": "dist/index.js",
6
+ "main": "dist/index.cjs",
7
7
  "module": "dist/index.js",
8
8
  "types": "dist/index.d.ts",
9
9
  "exports": {
10
10
  ".": {
11
11
  "types": "./dist/index.d.ts",
12
12
  "import": "./dist/index.js",
13
- "default": "./dist/index.js"
13
+ "require": "./dist/index.cjs"
14
14
  }
15
15
  },
16
16
  "files": [
@@ -29,10 +29,9 @@
29
29
  "url": "https://github.com/SeraphicSecurity/BrowserTotal/issues"
30
30
  },
31
31
  "scripts": {
32
- "build": "tsc",
33
- "build:prod": "tsc && npm run minify",
34
- "minify": "terser dist/index.js -o dist/index.js -c -m && terser dist/scanner.js -o dist/scanner.js -c -m && terser dist/types.js -o dist/types.js -c -m",
35
- "dev": "tsc --watch",
32
+ "build": "tsup",
33
+ "build:prod": "tsup",
34
+ "dev": "tsup --watch",
36
35
  "test": "tsx test.ts",
37
36
  "clean": "rm -rf dist",
38
37
  "prepublishOnly": "npm run clean && npm run build:prod"
@@ -58,7 +57,7 @@
58
57
  },
59
58
  "devDependencies": {
60
59
  "@types/node": "^22.0.0",
61
- "terser": "^5.37.0",
60
+ "tsup": "^8.3.0",
62
61
  "tsx": "^4.21.0",
63
62
  "typescript": "^5.7.0"
64
63
  },
package/dist/scanner.d.ts DELETED
@@ -1,30 +0,0 @@
1
- import { ScannerOptions, UrlScanResult, ExtensionScanResult, PackageScanResult, ProgressCallback, BrowserStore, Platform } from './types.js';
2
- export declare class BrowserTotalScanner {
3
- private options;
4
- private browser;
5
- constructor(options?: ScannerOptions);
6
- private buildHashParams;
7
- private ensureBrowser;
8
- private reportProgress;
9
- scanUrl(url: string, onProgress?: ProgressCallback): Promise<UrlScanResult>;
10
- scanExtension(extensionId: string, store?: BrowserStore, onProgress?: ProgressCallback): Promise<ExtensionScanResult>;
11
- scanVSCodeExtension(extensionId: string, onProgress?: ProgressCallback): Promise<ExtensionScanResult>;
12
- scanOpenVSXExtension(extensionId: string, onProgress?: ProgressCallback): Promise<ExtensionScanResult>;
13
- scanJetBrainsPlugin(pluginId: string, onProgress?: ProgressCallback): Promise<ExtensionScanResult>;
14
- scanNpmPackage(packageName: string, onProgress?: ProgressCallback): Promise<PackageScanResult>;
15
- scanPyPIPackage(packageName: string, onProgress?: ProgressCallback): Promise<PackageScanResult>;
16
- scanWordPressPlugin(pluginSlug: string, onProgress?: ProgressCallback): Promise<ExtensionScanResult>;
17
- scanHuggingFace(modelId: string, onProgress?: ProgressCallback): Promise<ExtensionScanResult>;
18
- scanAppSourceAddin(addinId: string, onProgress?: ProgressCallback): Promise<ExtensionScanResult>;
19
- scanPowerShellModule(moduleName: string, onProgress?: ProgressCallback): Promise<PackageScanResult>;
20
- scanSalesforceApp(appId: string, onProgress?: ProgressCallback): Promise<ExtensionScanResult>;
21
- scanByPlatform(identifier: string, platform: Platform | BrowserStore, onProgress?: ProgressCallback): Promise<ExtensionScanResult | PackageScanResult>;
22
- private scanGenericExtension;
23
- private scanGenericPackage;
24
- private waitForScanResultEvent;
25
- private mapUrlEventResult;
26
- private mapExtensionEventResult;
27
- private mapPackageEventResult;
28
- private mapStatus;
29
- close(): Promise<void>;
30
- }
package/dist/scanner.js DELETED
@@ -1 +0,0 @@
1
- import puppeteer from"puppeteer";const BASE_URL=process.env.BROWSERTOTAL_URL||"https://browsertotal.com",DEFAULT_TIMEOUT=42e4,BROWSER_STORE_MAP={chrome:"google",firefox:"mozilla",edge:"microsoft",opera:"opera",safari:"safari",brave:"brave"},PLATFORM_PATH_MAP={vscode:"vscode",openvsx:"openvsx",jetbrains:"jetbrains",npmjs:"npmjs",pypi:"pypi",wordpress:"wordpress",huggingface:"huggingface",appsource:"appsource",powershellgallery:"powershellgallery",salesforce:"salesforce"};function toHex(e){return Array.from(e).map(e=>e.charCodeAt(0).toString(16).padStart(2,"0")).join("")}export class BrowserTotalScanner{options;browser=null;constructor(e={}){this.options={headless:e.headless??!0,timeout:e.timeout??42e4,waitForResults:e.waitForResults??!0,disableAI:e.disableAI??!0,userDataDir:e.userDataDir}}buildHashParams(){const e=["automationEvent=true"];return this.options.disableAI&&e.push("disableAI=true"),"#"+e.join("&")}async ensureBrowser(){return this.browser||(this.browser=await puppeteer.launch({headless:this.options.headless,args:["--no-sandbox","--disable-setuid-sandbox"],userDataDir:this.options.userDataDir})),this.browser}reportProgress(e,s){e&&e(s)}async scanUrl(e,s){const t=await this.ensureBrowser(),n=await t.newPage();try{this.reportProgress(s,{phase:"initializing",message:"Starting URL scan..."});const t=toHex(e),a=`${BASE_URL}/analysis/urls/${t}${this.buildHashParams()}`;this.reportProgress(s,{phase:"navigating",message:`Navigating to ${a}`});const r=this.waitForScanResultEvent(n,"url");if(await n.goto(a,{waitUntil:"networkidle2",timeout:this.options.timeout}),this.reportProgress(s,{phase:"scanning",message:"Waiting for scan results..."}),this.options.waitForResults){const t=await r;if(t)return this.reportProgress(s,{phase:"complete",message:"Scan complete"}),this.mapUrlEventResult(t,e,a)}throw this.reportProgress(s,{phase:"complete",message:"Scan error"}),new Error("Scan error")}finally{await n.close()}}async scanExtension(e,s="chrome",t){const n=`${BASE_URL}/analysis/live/store/${BROWSER_STORE_MAP[s]||s}/${e}${this.buildHashParams()}`;return this.scanGenericExtension(e,n,`${s} extension`,t)}async scanVSCodeExtension(e,s){const t=`${BASE_URL}/analysis/live/store/vscode/${e}${this.buildHashParams()}`;return this.scanGenericExtension(e,t,"VS Code extension",s)}async scanOpenVSXExtension(e,s){const t=`${BASE_URL}/analysis/live/store/openvsx/${e}${this.buildHashParams()}`;return this.scanGenericExtension(e,t,"Open VSX extension",s)}async scanJetBrainsPlugin(e,s){const t=`${BASE_URL}/analysis/live/store/jetbrains/${e}${this.buildHashParams()}`;return this.scanGenericExtension(e,t,"JetBrains plugin",s)}async scanNpmPackage(e,s){const t=`${BASE_URL}/analysis/live/store/npmjs/${encodeURIComponent(e)}${this.buildHashParams()}`;return this.scanGenericPackage(e,"npmjs",t,"npm package",s)}async scanPyPIPackage(e,s){const t=`${BASE_URL}/analysis/live/store/pypi/${encodeURIComponent(e)}${this.buildHashParams()}`;return this.scanGenericPackage(e,"pypi",t,"PyPI package",s)}async scanWordPressPlugin(e,s){const t=`${BASE_URL}/analysis/live/store/wordpress/${encodeURIComponent(e)}${this.buildHashParams()}`;return this.scanGenericExtension(e,t,"WordPress plugin",s)}async scanHuggingFace(e,s){const t=`${BASE_URL}/analysis/live/store/huggingface/${encodeURIComponent(e)}${this.buildHashParams()}`;return this.scanGenericExtension(e,t,"Hugging Face model",s)}async scanAppSourceAddin(e,s){const t=`${BASE_URL}/analysis/live/store/appsource/${e}${this.buildHashParams()}`;return this.scanGenericExtension(e,t,"AppSource add-in",s)}async scanPowerShellModule(e,s){const t=`${BASE_URL}/analysis/live/store/powershellgallery/${encodeURIComponent(e)}${this.buildHashParams()}`;return this.scanGenericPackage(e,"powershellgallery",t,"PowerShell module",s)}async scanSalesforceApp(e,s){const t=`${BASE_URL}/analysis/live/store/salesforce/${e}${this.buildHashParams()}`;return this.scanGenericExtension(e,t,"Salesforce app",s)}async scanByPlatform(e,s,t){if(s in BROWSER_STORE_MAP)return this.scanExtension(e,s,t);switch(s){case"vscode":return this.scanVSCodeExtension(e,t);case"openvsx":return this.scanOpenVSXExtension(e,t);case"jetbrains":return this.scanJetBrainsPlugin(e,t);case"npmjs":return this.scanNpmPackage(e,t);case"pypi":return this.scanPyPIPackage(e,t);case"wordpress":return this.scanWordPressPlugin(e,t);case"huggingface":return this.scanHuggingFace(e,t);case"appsource":return this.scanAppSourceAddin(e,t);case"powershellgallery":return this.scanPowerShellModule(e,t);default:throw new Error(`Unsupported platform: ${s}`)}}async scanGenericExtension(e,s,t,n){const a=await this.ensureBrowser(),r=await a.newPage();try{this.reportProgress(n,{phase:"initializing",message:`Starting ${t} scan...`}),this.reportProgress(n,{phase:"navigating",message:`Navigating to ${s}`});const a=this.waitForScanResultEvent(r,"extension");if(await r.goto(s,{waitUntil:"networkidle2",timeout:this.options.timeout}),this.reportProgress(n,{phase:"scanning",message:`Waiting for ${t} analysis...`}),this.options.waitForResults){const t=await a;if(t)return this.reportProgress(n,{phase:"complete",message:"Scan complete"}),this.mapExtensionEventResult(t,e,s)}throw this.reportProgress(n,{phase:"complete",message:"Scan error"}),new Error("Scan error")}finally{await r.close()}}async scanGenericPackage(e,s,t,n,a){const r=await this.ensureBrowser(),i=await r.newPage();try{this.reportProgress(a,{phase:"initializing",message:`Starting ${n} scan...`}),this.reportProgress(a,{phase:"navigating",message:`Navigating to ${t}`});const r=this.waitForScanResultEvent(i,"extension");if(await i.goto(t,{waitUntil:"networkidle2",timeout:this.options.timeout}),this.reportProgress(a,{phase:"scanning",message:`Waiting for ${n} analysis...`}),this.options.waitForResults){const n=await r;if(n)return this.reportProgress(a,{phase:"complete",message:"Scan complete"}),this.mapPackageEventResult(n,e,s,t)}throw this.reportProgress(a,{phase:"complete",message:"Scan error"}),new Error("Scan error")}finally{await i.close()}}async waitForScanResultEvent(e,s){return new Promise(t=>{const n=setTimeout(()=>{console.log("[Scanner] Timeout waiting for scan_result event"),t(null)},this.options.timeout);e.exposeFunction("__browsertotalScanResult",e=>{clearTimeout(n),e?.type===s?(console.log("[Scanner] Received scan_result event:",e.type),t(e)):(console.log("[Scanner] Received wrong event type:",e?.type,"expected:",s),t(null))}).catch(()=>{}),e.evaluateOnNewDocument("\n window.addEventListener('scan_result', function(event) {\n console.log('[BrowserTotal] scan_result event fired');\n if (typeof window.__browsertotalScanResult === 'function') {\n window.__browsertotalScanResult(event.detail);\n }\n });\n ").catch(()=>{e.evaluate("\n window.addEventListener('scan_result', function(event) {\n console.log('[BrowserTotal] scan_result event fired (late binding)');\n if (typeof window.__browsertotalScanResult === 'function') {\n window.__browsertotalScanResult(event.detail);\n }\n });\n ").catch(()=>{})})})}mapUrlEventResult(e,s,t){const n=e.data||{};return{url:s,status:this.mapStatus(e.status,n.riskLevel),score:n.score,threats:n.threats?.map(e=>({type:"string"==typeof e?e:e.type||e.description,severity:e.severity||"medium",description:e.description}))||n.vulnerabilities?.map(e=>({type:e.type||e.vulnerability||e.description,severity:e.severity||"medium",description:e.description})),categories:n.categories,scanUrl:t.replace(/#.*$/,""),timestamp:new Date(e.timestamp||Date.now()),raw:e}}mapExtensionEventResult(e,s,t){const n=e.data||{};return{extensionId:s,name:n.name,status:this.mapStatus(e.status,n.riskLevel),score:n.score,permissions:n.permissions,threats:n.threats?.map(e=>({type:"string"==typeof e?e:e.type||e.description,severity:e.severity||"medium",description:e.description}))||n.vulnerabilities?.map(e=>({type:e.type||e.vulnerability||e.description,severity:e.severity||"medium",description:e.description})),scanUrl:t.replace(/#.*$/,""),timestamp:new Date(e.timestamp||Date.now()),raw:e}}mapPackageEventResult(e,s,t,n){const a=e.data||{};return{packageName:s,platform:t,name:a.name,version:a.version,status:this.mapStatus(e.status,a.riskLevel),score:a.score,dependencies:a.dependencies,threats:a.threats?.map(e=>({type:"string"==typeof e?e:e.type||e.description,severity:e.severity||"medium",description:e.description}))||a.vulnerabilities?.map(e=>({type:e.type||e.vulnerability||e.description,severity:e.severity||"medium",description:e.description})),scanUrl:n.replace(/#.*$/,""),timestamp:new Date(e.timestamp||Date.now()),raw:e}}mapStatus(e,s){if("error"===e)return"error";const t=(s||"").toLowerCase();return"critical"===t||"malicious"===t?"malicious":"high"===t||"suspicious"===t?"suspicious":"safe"===t||"low"===t||"clean"===t?"safe":"medium"===t?"suspicious":"unknown"}async close(){this.browser&&(await this.browser.close(),this.browser=null)}}
package/dist/types.d.ts DELETED
@@ -1,53 +0,0 @@
1
- export interface ScannerOptions {
2
- headless?: boolean;
3
- timeout?: number;
4
- waitForResults?: boolean;
5
- disableAI?: boolean;
6
- userDataDir?: string;
7
- }
8
- export type BrowserStore = 'chrome' | 'firefox' | 'edge' | 'opera' | 'safari' | 'brave';
9
- export type Platform = 'vscode' | 'openvsx' | 'jetbrains' | 'npmjs' | 'pypi' | 'wordpress' | 'huggingface' | 'appsource' | 'powershellgallery' | 'salesforce';
10
- export interface ThreatInfo {
11
- type: string;
12
- severity: 'low' | 'medium' | 'high' | 'critical';
13
- description?: string;
14
- }
15
- export interface UrlScanResult {
16
- url: string;
17
- status: 'safe' | 'suspicious' | 'malicious' | 'unknown' | 'error';
18
- score?: number;
19
- threats?: ThreatInfo[];
20
- categories?: string[];
21
- scanUrl: string;
22
- timestamp: Date;
23
- raw?: Record<string, unknown>;
24
- }
25
- export interface ExtensionScanResult {
26
- extensionId: string;
27
- name?: string;
28
- status: 'safe' | 'suspicious' | 'malicious' | 'unknown' | 'error';
29
- score?: number;
30
- permissions?: string[];
31
- threats?: ThreatInfo[];
32
- scanUrl: string;
33
- timestamp: Date;
34
- raw?: Record<string, unknown>;
35
- }
36
- export interface PackageScanResult {
37
- packageName: string;
38
- platform: string;
39
- name?: string;
40
- version?: string;
41
- status: 'safe' | 'suspicious' | 'malicious' | 'unknown' | 'error';
42
- score?: number;
43
- dependencies?: Record<string, string>;
44
- threats?: ThreatInfo[];
45
- scanUrl: string;
46
- timestamp: Date;
47
- raw?: Record<string, unknown>;
48
- }
49
- export interface ScanProgress {
50
- phase: 'initializing' | 'navigating' | 'scanning' | 'extracting' | 'complete';
51
- message: string;
52
- }
53
- export type ProgressCallback = (progress: ScanProgress) => void;
package/dist/types.js DELETED
@@ -1 +0,0 @@
1
- export{};