discord-message-transcript 1.3.1-dev.3.35 → 1.3.1

package/dist/core/cdnResolver.d.ts

@@ -1,5 +1,5 @@
-import { CDNOptions } from "../types/types.js";
+import { CDNOptions, safeUrlReturn } from "@/types";
 import { TranscriptOptionsBase } from "discord-message-transcript-base";
-export declare function cdnResolver(url: string, options: TranscriptOptionsBase, cdnOptions: CDNOptions): Promise<string>;
+export declare function cdnResolver(safeUrlObject: safeUrlReturn, options: TranscriptOptionsBase, cdnOptions: CDNOptions): Promise<string>;
 export declare function uploadCareResolver(url: string, publicKey: string, cdnDomain: string, disableWarnings: boolean): Promise<string>;
 export declare function cloudinaryResolver(url: string, fileName: string, cloudName: string, apiKey: string, apiSecret: string, disableWarnings: boolean): Promise<string>;

package/dist/core/cdnResolver.js

@@ -1,21 +1,24 @@
-import https from 'https';
-import http from 'http';
 import { CustomWarn } from "discord-message-transcript-base";
 import crypto from 'crypto';
 import { getCDNLimiter } from "./limiter.js";
-export async function cdnResolver(url, options, cdnOptions) {
+import https from 'https';
+import http from 'http';
+import { createLookup } from "@/networkSecurity";
+export async function cdnResolver(safeUrlObject, options, cdnOptions) {
+    const url = safeUrlObject.url;
     const limit = getCDNLimiter();
     return limit(async () => {
         return new Promise((resolve, reject) => {
-            const client = url.startsWith('https') ? https : http;
-            const request = client.request(url, {
-                method: 'HEAD',
-                headers: { "User-Agent": "discord-message-transcript" }
+            const client = safeUrlObject.url.startsWith('https') ? https : http;
+            const lookup = createLookup(safeUrlObject.safeIps);
+            const request = client.get(url, {
+                headers: { "User-Agent": "discord-message-transcript" },
+                lookup: lookup
             }, async (response) => {
                 if (response.statusCode !== 200) {
                     response.destroy();
                     CustomWarn(`This is not an issue with the package. Using the original URL as fallback instead of uploading to CDN.
-Failed to fetch attachment with status code: ${response.statusCode} from ${url}.`, options.disableWarnings);
+Failed to fetch attachment with status code: ${response.statusCode} from ${safeUrlObject.url}.`, options.disableWarnings);
                     return resolve(url);
                 }
                 const contentType = response.headers["content-type"];
@@ -47,7 +50,7 @@ Error: ${err.message}`, options.disableWarnings);
                 request.destroy();
                 CustomWarn(`This is not an issue with the package. Using the original URL as fallback instead of uploading to CDN.
 Request timeout for ${url}.`, options.disableWarnings);
-                resolve(url);
+                return resolve(url);
             });
             request.end();
         });

package/dist/core/componentToJson.js

@@ -1,7 +1,7 @@
 import { ComponentType } from "discord.js";
 import { mapButtonStyle, mapSelectorType, mapSeparatorSpacing } from "./mappers.js";
 import { JsonComponentType } from "discord-message-transcript-base";
-import { isValidHexColor } from "../../../discord-message-transcript-base/src/core/sanitizer.js";
+import { isValidHexColor } from "discord-message-transcript-base";
 export async function componentsToJson(components, options) {
     const processedComponents = await Promise.all(components.filter(component => !(!options.includeV2Components && component.type != ComponentType.ActionRow))
         .map(async (component) => {

package/dist/core/fetchMessages.d.ts

@@ -1,6 +1,6 @@
 import { TextBasedChannel } from "discord.js";
 import { JsonAuthor, JsonMessage, TranscriptOptionsBase } from "discord-message-transcript-base";
-import { MapMentions } from "../types/types.js";
+import { MapMentions } from "@/types";
 export declare function fetchMessages(ctx: FetchMessagesContext): Promise<{
     messages: JsonMessage[];
     end: boolean;

package/dist/core/fetchMessages.js

@@ -1,7 +1,7 @@
 import { EmbedType } from "discord.js";
 import { componentsToJson } from "./componentToJson.js";
+import { isValidHexColor, sanitize } from "discord-message-transcript-base";
 import { getMentions } from "./getMentions.js";
-import { isValidHexColor, sanitize } from "../../../discord-message-transcript-base/src/core/sanitizer.js";
 export async function fetchMessages(ctx) {
     const { channel, options, transcriptState, lastMessageId } = ctx;
     const { authors, mentions } = transcriptState;

package/dist/core/getMentions.d.ts

@@ -1,3 +1,3 @@
 import { Message } from "discord.js";
-import { MapMentions } from "../types/types.js";
+import { MapMentions } from "@/types";
 export declare function getMentions(message: Message, mentions: MapMentions): Promise<void>;

package/dist/core/getMentions.js

@@ -1,5 +1,5 @@
 import { ChannelType } from "discord.js";
-import { isValidHexColor, sanitize } from "../../../discord-message-transcript-base/src/core/sanitizer.js";
+import { isValidHexColor, sanitize } from "discord-message-transcript-base";
 export async function getMentions(message, mentions) {
     message.mentions.channels.forEach(channel => {
         if (!mentions.channels.has(channel.id)) {

package/dist/core/imageToBase64.d.ts

@@ -1 +1,2 @@
-export declare function imageToBase64(url: string, disableWarnings: boolean): Promise<string>;
+import { safeUrlReturn } from '@/types';
+export declare function imageToBase64(safeUrlObject: safeUrlReturn, disableWarnings: boolean): Promise<string>;

package/dist/core/imageToBase64.js

@@ -1,13 +1,20 @@
-import https from 'https';
-import http from 'http';
 import { CustomWarn } from 'discord-message-transcript-base';
 import { getBase64Limiter } from './limiter.js';
-export async function imageToBase64(url, disableWarnings) {
+import https from 'https';
+import http from 'http';
+import { createLookup } from '@/networkSecurity';
+const MAX_BYTES = 25 * 1024 * 1024; // 25MB
+export async function imageToBase64(safeUrlObject, disableWarnings) {
+    const url = safeUrlObject.url;
     const limit = getBase64Limiter();
     return limit(async () => {
         return new Promise((resolve, reject) => {
             const client = url.startsWith('https') ? https : http;
-            const request = client.get(url, { headers: { "User-Agent": "discord-message-transcript" } }, (response) => {
+            const lookup = createLookup(safeUrlObject.safeIps);
+            const request = client.get(url, {
+                headers: { "User-Agent": "discord-message-transcript" },
+                lookup: lookup
+            }, (response) => {
                 if (response.statusCode !== 200) {
                     response.destroy();
                     CustomWarn(`This is not an issue with the package. Using the original URL as fallback instead of converting to base64.
@@ -19,8 +26,14 @@ Failed to fetch image with status code: ${response.statusCode} from ${url}.`, di
                     response.destroy();
                     return resolve(url);
                 }
+                let total = 0;
                 const chunks = [];
                 response.on('data', (chunk) => {
+                    total += chunk.length;
+                    if (total > MAX_BYTES) {
+                        response.destroy();
+                        return resolve(url);
+                    }
                     chunks.push(chunk);
                 });
                 response.on('end', () => {

package/dist/core/mappers.d.ts

@@ -1,6 +1,6 @@
 import { ButtonStyle, ComponentType, SeparatorSpacingSize } from "discord.js";
 import { JsonButtonStyle, JsonComponentType, JsonSeparatorSpacingSize, ReturnTypeBase } from "discord-message-transcript-base";
-import { ReturnType } from "../types/types.js";
+import { ReturnType } from "@/types";
 export declare function mapButtonStyle(style: ButtonStyle): JsonButtonStyle;
 export declare function mapSeparatorSpacing(spacing: SeparatorSpacingSize): JsonSeparatorSpacingSize;
 export declare function mapComponentType(componentType: ComponentType): JsonComponentType;

package/dist/core/mappers.js

@@ -1,6 +1,6 @@
 import { ButtonStyle, ComponentType, SeparatorSpacingSize } from "discord.js";
 import { CustomError, JsonButtonStyle, JsonComponentType, JsonSeparatorSpacingSize, ReturnTypeBase } from "discord-message-transcript-base";
-import { ReturnType } from "../types/types.js";
+import { ReturnType } from "@/types";
 export function mapButtonStyle(style) {
     switch (style) {
         case ButtonStyle.Primary:

package/dist/core/networkSecurity/constants.d.ts

@@ -0,0 +1,3 @@
+export declare const DNS_SERVERS: string[];
+export declare const DNS_LOOKUP_TIMEOUT = 5000;
+export declare const TRUSTED_DISCORD_HOSTS: string[];

package/dist/core/networkSecurity/constants.js

@@ -0,0 +1,3 @@
+export const DNS_SERVERS = ["1.1.1.1", "8.8.8.8"];
+export const DNS_LOOKUP_TIMEOUT = 5000;
+export const TRUSTED_DISCORD_HOSTS = ["discordapp.com", "discordapp.net"];

package/dist/core/networkSecurity/dns.d.ts

@@ -0,0 +1,2 @@
+import { LookupResult } from "@/types";
+export declare function resolveAllIps(host: string): Promise<LookupResult[]>;

package/dist/core/networkSecurity/dns.js

@@ -0,0 +1,29 @@
+import { Resolver } from "dns/promises";
+import { DNS_LOOKUP_TIMEOUT, DNS_SERVERS } from "./constants.js";
+export async function resolveAllIps(host) {
+    const resolver = new Resolver();
+    resolver.setServers(DNS_SERVERS);
+    const lookupPromise = (async () => {
+        const results = [];
+        const [v4, v6] = await Promise.allSettled([
+            resolver.resolve4(host),
+            resolver.resolve6(host)
+        ]);
+        if (v4.status === "fulfilled") {
+            for (const ip of v4.value) {
+                results.push({ address: ip, family: 4 });
+            }
+        }
+        if (v6.status === "fulfilled") {
+            for (const ip of v6.value) {
+                results.push({ address: ip, family: 6 });
+            }
+        }
+        if (results.length === 0) {
+            throw new Error(`No DNS records found for ${host}`);
+        }
+        return results;
+    })();
+    const timeoutPromise = new Promise((_, reject) => setTimeout(() => reject(new Error(`DNS timeout for ${host}`)), DNS_LOOKUP_TIMEOUT));
+    return Promise.race([lookupPromise, timeoutPromise]);
+}

package/dist/core/networkSecurity/index.d.ts

@@ -0,0 +1,2 @@
+export * from './urlSafety.js';
+export * from './lookup.js';

package/dist/core/networkSecurity/index.js

@@ -0,0 +1,2 @@
+export * from './urlSafety.js';
+export * from './lookup.js';

package/dist/core/networkSecurity/ip.d.ts

@@ -0,0 +1 @@
+export declare function isPrivateIp(ip: string): boolean;

package/dist/core/networkSecurity/ip.js

@@ -0,0 +1,110 @@
+import net from "node:net";
+export function isPrivateIp(ip) {
+    const family = net.isIP(ip);
+    if (!family)
+        return true;
+    if (family === 4)
+        return isPrivateIPv4(ip);
+    return isPrivateIPv6(ip);
+}
+function isPrivateIPv4(ip) {
+    const parts = ip.split(".").map(Number);
+    if (parts.length !== 4 || parts.some(n => isNaN(n)))
+        return true;
+    const [a, b] = parts;
+    return (a === 0 ||
+        a === 10 ||
+        a === 127 ||
+        (a === 169 && b === 254) ||
+        (a === 172 && b >= 16 && b <= 31) ||
+        (a === 192 && b === 168) ||
+        (a === 100 && b >= 64 && b <= 127) ||
+        a >= 224);
+}
+function parseIPv6(ip) {
+    if (net.isIP(ip) !== 6)
+        return null;
+    // handle IPv4 at end
+    if (ip.includes(".")) {
+        const lastColon = ip.lastIndexOf(":");
+        const ipv4Part = ip.slice(lastColon + 1);
+        const nums = ipv4Part.split(".").map(Number);
+        if (nums.length === 4 && nums.every(n => !isNaN(n))) {
+            const hex = ((nums[0] << 8) | nums[1]).toString(16) +
+                ":" +
+                ((nums[2] << 8) | nums[3]).toString(16);
+            ip = ip.slice(0, lastColon) + ":" + hex;
+        }
+    }
+    const sections = ip.split("::");
+    let head = sections[0] ? sections[0].split(":") : [];
+    let tail = sections[1] ? sections[1].split(":") : [];
+    if (sections.length === 2) {
+        const missing = 8 - (head.length + tail.length);
+        head = [...head, ...Array(missing).fill("0"), ...tail];
+    }
+    if (head.length !== 8)
+        return null;
+    const bytes = [];
+    for (const part of head) {
+        const n = parseInt(part || "0", 16);
+        if (isNaN(n))
+            return null;
+        bytes.push((n >> 8) & 0xff);
+        bytes.push(n & 0xff);
+    }
+    return bytes;
+}
+function extractEmbeddedIPv4(bytes) {
+    const isMapped = bytes.slice(0, 10).every(b => b === 0) &&
+        bytes[10] === 0xff &&
+        bytes[11] === 0xff;
+    if (isMapped) {
+        return `${bytes[12]}.${bytes[13]}.${bytes[14]}.${bytes[15]}`;
+    }
+    const isCompat = bytes.slice(0, 12).every(b => b === 0);
+    if (isCompat) {
+        return `${bytes[12]}.${bytes[13]}.${bytes[14]}.${bytes[15]}`;
+    }
+    const isNat64 = bytes[0] === 0x00 &&
+        bytes[1] === 0x64 &&
+        bytes[2] === 0xff &&
+        bytes[3] === 0x9b &&
+        bytes.slice(4, 12).every(b => b === 0);
+    if (isNat64) {
+        return `${bytes[12]}.${bytes[13]}.${bytes[14]}.${bytes[15]}`;
+    }
+    return null;
+}
+function isPrivateIPv6(ip) {
+    const bytes = parseIPv6(ip);
+    if (!bytes)
+        return true;
+    const embedded = extractEmbeddedIPv4(bytes);
+    if (embedded)
+        return isPrivateIPv4(embedded);
+    // ::
+    if (bytes.every(b => b === 0))
+        return true;
+    // ::1
+    if (bytes.slice(0, 15).every(b => b === 0) && bytes[15] === 1)
+        return true;
+    const first = bytes[0];
+    const second = bytes[1];
+    // fc00::/7
+    if ((first & 0xfe) === 0xfc)
+        return true;
+    // fe80::/10
+    if (first === 0xfe && (second & 0xc0) === 0x80)
+        return true;
+    // multicast
+    if (first === 0xff)
+        return true;
+    // 2001:db8::/32
+    if (bytes[0] === 0x20 &&
+        bytes[1] === 0x01 &&
+        bytes[2] === 0x0d &&
+        bytes[3] === 0xb8)
+        return true;
+    return false;
+}

package/dist/core/networkSecurity/lookup.d.ts

@@ -0,0 +1,2 @@
+export declare function urlToIpUrl(url: string, ip: string): string;
+export declare function createLookup(safeIps: string[]): ((_hostname: string, _opts: any, cb: any) => void) | undefined;

package/dist/core/networkSecurity/lookup.js

@@ -0,0 +1,14 @@
+import net from "node:net";
+export function urlToIpUrl(url, ip) {
+    // If got here shouldn't throw a error
+    const u = new URL(url);
+    return `${u.protocol}//${ip}` + `${u.port ? ":" + u.port : ""}` + `${u.pathname}${u.search}`;
+}
+export function createLookup(safeIps) {
+    if (safeIps.length == 0)
+        return undefined;
+    return (_hostname, _opts, cb) => {
+        const ip = safeIps[Math.floor(Math.random() * safeIps.length)];
+        cb(null, ip, net.isIP(ip));
+    };
+}

package/dist/core/networkSecurity/urlSafety.d.ts

@@ -0,0 +1,3 @@
+import { TranscriptOptionsBase } from "discord-message-transcript-base";
+import { safeUrlReturn } from "@/types";
+export declare function isSafeForHTML(url: string, options: TranscriptOptionsBase): Promise<safeUrlReturn>;

package/dist/core/networkSecurity/urlSafety.js

@@ -0,0 +1,71 @@
+import { CustomWarn } from "discord-message-transcript-base";
+import { TRUSTED_DISCORD_HOSTS } from "./constants.js";
+import { isPrivateIp } from "./ip.js";
+import { resolveAllIps } from "./dns.js";
+export async function isSafeForHTML(url, options) {
+    const { safeMode, disableWarnings } = options;
+    if (!safeMode)
+        return { safe: true, safeIps: [], url: url };
+    let u;
+    try {
+        u = new URL(url);
+    }
+    catch {
+        CustomWarn(`Unsafe URL rejected: Invalid URL format\nURL: ${url}`, disableWarnings);
+        return { safe: false, safeIps: [], url: url };
+    }
+    const host = u.hostname.toLowerCase();
+    // If is from discord accept
+    if (isTrustedDiscordHost(host))
+        return { safe: true, safeIps: [], url: url };
+    // Don't accept if isn't https or http
+    if (!["http:", "https:"].includes(u.protocol)) {
+        CustomWarn(`Unsafe URL rejected: Invalid protocol "${u.protocol}"\nURL: ${url}`, disableWarnings);
+        return { safe: false, safeIps: [], url: url };
+    }
+    if (u.username || u.password) {
+        CustomWarn(`Unsafe URL rejected: Contains username or password\nURL: ${url}`, disableWarnings);
+        return { safe: false, safeIps: [], url: url };
+    }
+    if (u.port && !["80", "443", ""].includes(u.port)) {
+        CustomWarn(`Unsafe URL rejected: Invalid port "${u.port}"\nURL: ${url}`, disableWarnings);
+        return { safe: false, safeIps: [], url: url };
+    }
+    // Block localhost and loopback addresses (SSRF protection)
+    if (host === "localhost" ||
+        host === "127.0.0.1" ||
+        host.startsWith("0.")) {
+        CustomWarn(`Unsafe URL rejected: Blacklisted host "${host}"\nURL: ${url}`, disableWarnings);
+        return { safe: false, safeIps: [], url: url };
+    }
+    let ips;
+    try {
+        ips = await resolveAllIps(host);
+    }
+    catch (e) {
+        CustomWarn(`Unsafe URL rejected: DNS lookup failed or timed out for host "${host}". Error: ${e.message}\nURL: ${url}`, disableWarnings);
+        return { safe: false, safeIps: [], url: url };
+    }
+    const safeIps = [];
+    // Block private/internal network IPs (SSRF protection)
+    for (const ip of ips) {
+        if (isPrivateIp(ip.address)) {
+            CustomWarn(`Unsafe URL rejected: Private IP address "${ip.address}" resolved for host "${host}"\nURL: ${url}`, disableWarnings);
+            return { safe: false, safeIps: [], url: url };
+        }
+        safeIps.push(ip.address);
+    }
+    const path = u.pathname.toLowerCase();
+    // External SVGs can execute scripts → allow only from Discord CDN
+    if (path.endsWith(".svg")) {
+        CustomWarn(`Unsafe URL rejected: External SVG not from Discord CDN\nURL: ${url}`, disableWarnings);
+        return { safe: false, safeIps: [], url: url };
+    }
+    return { safe: true, safeIps: safeIps, url: url };
+}
+function isTrustedDiscordHost(host) {
+    host = host.toLowerCase();
+    return TRUSTED_DISCORD_HOSTS.some(trusted => {
+        return host === trusted || host.endsWith("." + trusted);
+    });
+}

package/dist/core/resolveImageUrl.d.ts

@@ -0,0 +1,4 @@
+import { JsonAttachment, TranscriptOptionsBase } from "discord-message-transcript-base";
+import { safeUrlReturn } from "@/types";
+export declare function resolveImageURL(url: string, options: TranscriptOptionsBase, canReturnNull: false, attachments?: JsonAttachment[]): Promise<safeUrlReturn>;
+export declare function resolveImageURL(url: string | null, options: TranscriptOptionsBase, canReturnNull: true, attachments?: JsonAttachment[]): Promise<safeUrlReturn | null>;

package/dist/core/resolveImageUrl.js

@@ -0,0 +1,20 @@
+import { FALLBACK_PIXEL } from "discord-message-transcript-base";
+import { isSafeForHTML } from "@/networkSecurity";
+export async function resolveImageURL(url, options, canReturnNull, attachments) {
+    if (!url)
+        return null;
+    // Resolve attachment:// references to actual attachment URL
+    if (url.startsWith("attachment://")) {
+        const name = url.slice("attachment://".length).trim();
+        const found = attachments?.find(a => a.name === name);
+        if (!found)
+            return { safe: true, safeIps: [], url: FALLBACK_PIXEL };
+        url = found.url;
+    }
+    const safeUrlReturn = await isSafeForHTML(url, options);
+    if (safeUrlReturn.safe)
+        return safeUrlReturn;
+    if (canReturnNull)
+        return null;
+    return { safe: true, safeIps: [], url: FALLBACK_PIXEL };
+}

package/dist/core/urlResolver.d.ts

@@ -1,5 +1,5 @@
 import { JsonAuthor, JsonMessage, TranscriptOptionsBase } from "discord-message-transcript-base";
-import { CDNOptions } from "../types/types.js";
-export declare function urlResolver(url: string, options: TranscriptOptionsBase, cdnOptions: CDNOptions | null, urlCache: Map<string, Promise<string>>): Promise<string>;
+import { CDNOptions, safeUrlReturn } from "@/types";
+export declare function urlResolver(safeUrlObject: safeUrlReturn, options: TranscriptOptionsBase, cdnOptions: CDNOptions | null, urlCache: Map<string, Promise<string>>): Promise<string>;
 export declare function messagesUrlResolver(messages: JsonMessage[], options: TranscriptOptionsBase, cdnOptions: CDNOptions | null, urlCache: Map<string, Promise<string>>): Promise<JsonMessage[]>;
 export declare function authorUrlResolver(authors: Map<string, JsonAuthor>, options: TranscriptOptionsBase, cdnOptions: CDNOptions | null, urlCache: Map<string, Promise<string>>): Promise<JsonAuthor[]>;

package/dist/core/urlResolver.js

@@ -2,40 +2,44 @@ import { JsonComponentType } from "discord-message-transcript-base";
 import { cdnResolver } from "./cdnResolver.js";
 import { imageToBase64 } from "./imageToBase64.js";
 import { isJsonComponentInContainer } from "./componentToJson.js";
-import { FALLBACK_PIXEL, isSafeForHTML, resolveImageURL } from "../../../discord-message-transcript-base/src/core/sanitizer.js";
-export async function urlResolver(url, options, cdnOptions, urlCache) {
-    if (url == FALLBACK_PIXEL || url == "")
-        return url;
-    if (urlCache.has(url)) {
-        const cache = urlCache.get(url);
+import { FALLBACK_PIXEL } from "discord-message-transcript-base";
+import { resolveImageURL } from "./resolveImageUrl.js";
+import { isSafeForHTML } from "@/networkSecurity";
+export async function urlResolver(safeUrlObject, options, cdnOptions, urlCache) {
+    if (safeUrlObject.safe == false)
+        return "";
+    if (safeUrlObject.url == FALLBACK_PIXEL)
+        return safeUrlObject.url;
+    if (urlCache.has(safeUrlObject.url)) {
+        const cache = urlCache.get(safeUrlObject.url);
         if (cache)
             return await cache;
     }
     let returnUrl;
     if (cdnOptions)
-        returnUrl = cdnResolver(url, options, cdnOptions);
+        returnUrl = cdnResolver(safeUrlObject, options, cdnOptions);
     else if (options.saveImages)
-        returnUrl = imageToBase64(url, options.disableWarnings);
+        returnUrl = imageToBase64(safeUrlObject, options.disableWarnings);
     if (returnUrl) {
-        urlCache.set(url, returnUrl);
+        urlCache.set(safeUrlObject.url, returnUrl);
         return await returnUrl;
     }
-    return url;
+    return safeUrlObject.url;
 }
 export async function messagesUrlResolver(messages, options, cdnOptions, urlCache) {
     return await Promise.all(messages.map(async (message) => {
         // Needs to wait for resolve correct when used attachment://
         const attachments = await Promise.all(message.attachments.map(async (attachment) => {
-            let url;
+            let safeUrlObject;
             if (attachment.contentType?.startsWith("image/")) {
-                url = await resolveImageURL(attachment.url, options, false, message.attachments);
+                safeUrlObject = await resolveImageURL(attachment.url, options, false, message.attachments);
             }
             else {
-                url = await isSafeForHTML(attachment.url, options) ? attachment.url : "";
+                safeUrlObject = await isSafeForHTML(attachment.url, options);
             }
             return {
                 ...attachment,
-                url: await urlResolver(url, options, cdnOptions, urlCache)
+                url: await urlResolver(safeUrlObject, options, cdnOptions, urlCache)
             };
         }));
         const embedsPromise = Promise.all(message.embeds.map(async (embed) => {
@@ -78,9 +82,10 @@ export async function messagesUrlResolver(messages, options, cdnOptions, urlCach
                     };
                 }
                 if (component.type == JsonComponentType.File) {
+                    const safeUrlObject = await isSafeForHTML(component.url, options);
                     return {
                         ...component,
-                        url: await urlResolver((await isSafeForHTML(component.url, options) ? component.url : ""), options, cdnOptions, urlCache),
+                        url: await urlResolver(safeUrlObject, options, cdnOptions, urlCache),
                     };
                 }
                 if (component.type == JsonComponentType.Container) {

package/dist/index.d.ts

@@ -1,8 +1,8 @@
-export { CreateTranscriptOptions, ConvertTranscriptOptions, TranscriptOptions, ReturnType, CDNOptions, MimeType } from "./types/types.js";
+export { CreateTranscriptOptions, ConvertTranscriptOptions, TranscriptOptions, ReturnType, CDNOptions, MimeType } from "@/types";
 export { ReturnFormat, LocalDate, TimeZone } from "discord-message-transcript-base";
-export { setBase64Concurrency, setCDNConcurrency } from './core/limiter.js';
+export { setBase64Concurrency, setCDNConcurrency } from '@/core/limiter.js';
 import { TextBasedChannel } from "discord.js";
-import { ConvertTranscriptOptions, CreateTranscriptOptions, OutputType, ReturnType } from "./types/types.js";
+import { ConvertTranscriptOptions, CreateTranscriptOptions, OutputType, ReturnType } from "@/types";
 /**
  * Creates a transcript of a Discord channel's messages.
  * Depending on the `returnType` option, this function can return an `AttachmentBuilder`,

package/dist/index.js

@@ -1,14 +1,14 @@
-export { ReturnType } from "./types/types.js";
+export { ReturnType } from "@/types";
 export { ReturnFormat } from "discord-message-transcript-base";
-export { setBase64Concurrency, setCDNConcurrency } from './core/limiter.js';
+export { setBase64Concurrency, setCDNConcurrency } from '@/core/limiter.js';
 import { AttachmentBuilder } from "discord.js";
-import { Json } from "./renderers/json/json.js";
-import { fetchMessages } from "./core/fetchMessages.js";
-import { ReturnType } from "./types/types.js";
-import { output } from "./core/output.js";
+import { Json } from "@/renderers/json/json.js";
+import { fetchMessages } from "@/core/fetchMessages.js";
+import { ReturnType } from "@/types";
+import { output } from "@/core/output.js";
 import { ReturnTypeBase, ReturnFormat, outputBase, CustomError, CustomWarn } from "discord-message-transcript-base";
-import { returnTypeMapper } from "./core/mappers.js";
-import { authorUrlResolver, messagesUrlResolver } from "./core/urlResolver.js";
+import { returnTypeMapper } from "@/core/mappers.js";
+import { authorUrlResolver, messagesUrlResolver } from "@/core/urlResolver.js";
 /**
  * Creates a transcript of a Discord channel's messages.
  * Depending on the `returnType` option, this function can return an `AttachmentBuilder`,

package/dist/renderers/json/json.d.ts

@@ -1,6 +1,6 @@
 import { Guild, TextBasedChannel } from "discord.js";
 import { ArrayMentions, JsonAuthor, JsonMessage, TranscriptOptionsBase, JsonData } from "discord-message-transcript-base";
-import { CDNOptions } from "../../types/types.js";
+import { CDNOptions } from "@/types";
 export declare class Json {
     private guild;
     private channel;

package/dist/renderers/json/json.js

@@ -1,6 +1,6 @@
 import { BaseGuildTextChannel, DMChannel } from "discord.js";
-import { urlResolver } from "../../core/urlResolver.js";
-import { resolveImageURL } from "../../../../discord-message-transcript-base/src/core/sanitizer.js";
+import { urlResolver } from "@/core/urlResolver.js";
+import { resolveImageURL } from "@/core/resolveImageUrl.js";
 export class Json {
     guild;
     channel;

package/dist/types/types.d.ts

@@ -286,3 +286,15 @@ export type CDNOptionsUploadcare = {
      */
     cdnDomain: string;
 };
+/**
+ * Result from dns.lookup
+ */
+export type LookupResult = {
+    address: string;
+    family: 4 | 6;
+};
+export interface safeUrlReturn {
+    safe: boolean;
+    safeIps: string[];
+    url: string;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "discord-message-transcript",
-  "version": "1.3.1-dev.3.35",
+  "version": "1.3.1",
   "description": "",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -44,11 +44,8 @@
     "url": "https://github.com/HenriqueMairesse/discord-message-transcript/issues"
   },
   "homepage": "https://github.com/HenriqueMairesse/discord-message-transcript#readme",
-  "devDependencies": {
-    "typescript": "^5.9.3"
-  },
   "dependencies": {
-    "discord-message-transcript-base": "1.3.1-dev.3.35"
+    "discord-message-transcript-base": "1.3.1"
   },
   "peerDependencies": {
     "discord.js": ">=14.19.0 <15"
@@ -57,7 +54,7 @@
     "access": "public"
   },
   "scripts": {
-    "test": "echo \"Error: no test specified\" && exit 1",
-    "build": "tsc"
+    "clean": "pnpm exec rimraf dist",
+    "build": "pnpm run clean && tsc"
   }
 }