npx-ray 1.0.0

package/dist/scanners/dependencies.js

@@ -0,0 +1,114 @@
+/**
+ * Dependency analysis scanner.
+ *
+ * Analyzes package.json dependencies for:
+ * - Dependency count (bloat detection)
+ * - Git URL dependencies (not pinned to registry)
+ * - Wildcard/unpinned version ranges
+ */
+import { promises as fs } from 'node:fs';
+import { join } from 'node:path';
+const SCANNER_NAME = 'dependencies';
+/** Thresholds for dependency count. */
+const DEPS_WARNING = 20;
+const DEPS_CRITICAL = 50;
+/** Patterns that indicate a git URL dependency. */
+const GIT_URL_PATTERNS = [
+    /^git(\+https?|ssh)?:\/\//,
+    /^github:/,
+    /^gitlab:/,
+    /^bitbucket:/,
+    /^https?:\/\/.*\.git$/,
+    /^[a-zA-Z0-9_-]+\/[a-zA-Z0-9_-]+/, // shorthand user/repo
+];
+/**
+ * Scan package.json dependencies.
+ */
+export async function scanDependencies(pkgDir) {
+    const findings = [];
+    const pkgJsonPath = join(pkgDir, 'package.json');
+    let pkgJson;
+    try {
+        const raw = await fs.readFile(pkgJsonPath, 'utf-8');
+        pkgJson = JSON.parse(raw);
+    }
+    catch {
+        return {
+            name: SCANNER_NAME,
+            passed: true,
+            findings: [],
+            summary: 'No package.json found',
+        };
+    }
+    const deps = (pkgJson.dependencies || {});
+    const optionalDeps = (pkgJson.optionalDependencies || {});
+    const directCount = Object.keys(deps).length;
+    const optionalCount = Object.keys(optionalDeps).length;
+    const totalCount = directCount + optionalCount;
+    // Check dependency count thresholds
+    if (totalCount > DEPS_CRITICAL) {
+        findings.push({
+            scanner: SCANNER_NAME,
+            severity: 'critical',
+            message: `Extreme dependency count: ${totalCount} dependencies (threshold: ${DEPS_CRITICAL}) — dependency bloat`,
+            file: 'package.json',
+            evidence: `${directCount} direct + ${optionalCount} optional`,
+        });
+    }
+    else if (totalCount > DEPS_WARNING) {
+        findings.push({
+            scanner: SCANNER_NAME,
+            severity: 'warning',
+            message: `High dependency count: ${totalCount} dependencies (threshold: ${DEPS_WARNING})`,
+            file: 'package.json',
+            evidence: `${directCount} direct + ${optionalCount} optional`,
+        });
+    }
+    // Check each dependency for issues
+    const allDeps = { ...deps, ...optionalDeps };
+    for (const [name, version] of Object.entries(allDeps)) {
+        if (typeof version !== 'string')
+            continue;
+        // Unpinned wildcard
+        if (version === '*' || version === '' || version === 'latest') {
+            findings.push({
+                scanner: SCANNER_NAME,
+                severity: 'critical',
+                message: `Unpinned dependency: ${name}@"${version}" — accepts any version`,
+                file: 'package.json',
+                evidence: `"${name}": "${version}"`,
+            });
+            continue;
+        }
+        // Git URL dependencies
+        const isGitUrl = GIT_URL_PATTERNS.some(pattern => pattern.test(version));
+        if (isGitUrl) {
+            findings.push({
+                scanner: SCANNER_NAME,
+                severity: 'warning',
+                message: `Git URL dependency: ${name} — not pinned to npm registry`,
+                file: 'package.json',
+                evidence: `"${name}": "${version}"`,
+            });
+        }
+    }
+    const criticalCount = findings.filter(f => f.severity === 'critical').length;
+    const warningCount = findings.filter(f => f.severity === 'warning').length;
+    const passed = criticalCount === 0 && warningCount === 0;
+    let summary = `${directCount} direct, ${optionalCount} optional dependencies`;
+    if (criticalCount > 0 || warningCount > 0) {
+        const flags = [];
+        if (criticalCount > 0)
+            flags.push(`${criticalCount} critical`);
+        if (warningCount > 0)
+            flags.push(`${warningCount} warning`);
+        summary += ` (${flags.join(', ')})`;
+    }
+    return {
+        name: SCANNER_NAME,
+        passed,
+        findings,
+        summary,
+    };
+}
+//# sourceMappingURL=dependencies.js.map

package/dist/scanners/dependencies.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"dependencies.js","sourceRoot":"","sources":["../../src/scanners/dependencies.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,QAAQ,IAAI,EAAE,EAAE,MAAM,SAAS,CAAC;AACzC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAGjC,MAAM,YAAY,GAAG,cAAc,CAAC;AAEpC,uCAAuC;AACvC,MAAM,YAAY,GAAG,EAAE,CAAC;AACxB,MAAM,aAAa,GAAG,EAAE,CAAC;AAEzB,mDAAmD;AACnD,MAAM,gBAAgB,GAAG;IACvB,0BAA0B;IAC1B,UAAU;IACV,UAAU;IACV,aAAa;IACb,sBAAsB;IACtB,iCAAiC,EAAG,sBAAsB;CAC3D,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,MAAc;IACnD,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;IAEjD,IAAI,OAAgC,CAAC;IACrC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QACpD,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAA4B,CAAC;IACvD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,IAAI,EAAE,YAAY;YAClB,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE,EAAE;YACZ,OAAO,EAAE,uBAAuB;SACjC,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,OAAO,CAAC,YAAY,IAAI,EAAE,CAA2B,CAAC;IACpE,MAAM,YAAY,GAAG,CAAC,OAAO,CAAC,oBAAoB,IAAI,EAAE,CAA2B,CAAC;IAEpF,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;IAC7C,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC;IACvD,MAAM,UAAU,GAAG,WAAW,GAAG,aAAa,CAAC;IAE/C,oCAAoC;IACpC,IAAI,UAAU,GAAG,aAAa,EAAE,CAAC;QAC/B,QAAQ,CAAC,IAAI,CAAC;YACZ,OAAO,EAAE,YAAY;YACrB,QAAQ,EAAE,UAAU;YACpB,OAAO,EAAE,6BAA6B,UAAU,6BAA6B,aAAa,sBAAsB;YAChH,IAAI,EAAE,cAAc;YACpB,QAAQ,EAAE,GAAG,WAAW,aAAa,aAAa,WAAW;SAC9D,CAAC,CAAC;IACL,CAAC;SAAM,IAAI,UAAU,GAAG,YAAY,EAAE,CAAC;QACrC,QAAQ,CAAC,IAAI,CAAC;YACZ,OAAO,EAAE,YAAY;YACrB,QAAQ,EAAE,SAAS;YACnB,OAAO,EAAE,0BAA0B,UAAU,6BAA6B,YAAY,GAAG;YACzF,IAAI,EAAE,cAAc;YACpB,QAAQ,EAAE,GAAG,WAAW,aAAa,aAAa,WAAW;SAC9D,CAAC,CAAC;IACL,CAAC;IAED,mCAAmC;IACnC,MAAM,OAAO,GAAG,EAAE,GAAG,IAAI,EAAE,GAAG,YAAY,EAAE,CAAC;IAE7C,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACtD,IAAI,OAAO,OAAO,KAAK,QAAQ;YAAE,SAAS;QAE1C,oBAAoB;QACpB,IAAI,OAAO,KAAK,GAAG,IAAI,OAAO,KAAK,EAAE,IAAI,OAAO,KAAK,QAAQ,EAAE,CAAC;YAC9D,QAAQ,CAAC,IAAI,CAAC;gBACZ,OAAO,EAAE,YAAY;gBACrB,QAAQ,EAAE,UAAU;gBACpB,OAAO,EAAE,wBAAwB,IAAI,KAAK,OAAO,yBAAyB;gBAC1E,IAAI,EAAE,cAAc;gBACpB,QAAQ,EAAE,IAAI,IAAI,OAAO,OAAO,GAAG;aACpC,CAAC,CAAC;YACH,SAAS;QACX,CAAC;QAED,uBAAuB;QACvB,MAAM,QAAQ,GAAG,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;QACzE,IAAI,QAAQ,EAAE,CAAC;YACb,QAAQ,CAAC,IAAI,CAAC;gBACZ,OAAO,EAAE,YAAY;gBACrB,QAAQ,EAAE,SAAS;gBACnB,OAAO,EAAE,uBAAuB,IAAI,+BAA+B;gBACnE,IAAI,EAAE,cAAc;gBACpB,QAAQ,EAAE,IAAI,IAAI,OAAO,OAAO,GAAG;aACpC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,MAAM,aAAa,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IAC7E,MAAM,YAAY,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,MAAM,CAAC;IAC3E,MAAM,MAAM,GAAG,aAAa,KAAK,CAAC,IAAI,YAAY,KAAK,CAAC,CAAC;IAEzD,IAAI,OAAO,GAAG,GAAG,WAAW,YAAY,aAAa,wBAAwB,CAAC;IAC9E,IAAI,aAAa,GAAG,CAAC,IAAI,YAAY,GAAG,CAAC,EAAE,CAAC;QAC1C,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,IAAI,aAAa,GAAG,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,GAAG,aAAa,WAAW,CAAC,CAAC;QAC/D,IAAI,YAAY,GAAG,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,GAAG,YAAY,UAAU,CAAC,CAAC;QAC5D,OAAO,IAAI,KAAK,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;IACtC,CAAC;IAED,OAAO;QACL,IAAI,EAAE,YAAY;QAClB,MAAM;QACN,QAAQ;QACR,OAAO;KACR,CAAC;AACJ,CAAC"}

package/dist/scanners/hooks.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Lifecycle hooks scanner.
+ *
+ * Checks package.json for lifecycle scripts (preinstall, postinstall, etc.)
+ * that could execute arbitrary code during npm install.
+ */
+import type { ScannerResult } from '../types.js';
+/**
+ * Scan package.json for lifecycle hook scripts.
+ */
+export declare function scanHooks(pkgDir: string): Promise<ScannerResult>;
+//# sourceMappingURL=hooks.d.ts.map

package/dist/scanners/hooks.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hooks.d.ts","sourceRoot":"","sources":["../../src/scanners/hooks.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,KAAK,EAAE,aAAa,EAAW,MAAM,aAAa,CAAC;AAyB1D;;GAEG;AACH,wBAAsB,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CAmGtE"}

package/dist/scanners/hooks.js

@@ -0,0 +1,126 @@
+/**
+ * Lifecycle hooks scanner.
+ *
+ * Checks package.json for lifecycle scripts (preinstall, postinstall, etc.)
+ * that could execute arbitrary code during npm install.
+ */
+import { promises as fs } from 'node:fs';
+import { join } from 'node:path';
+const SCANNER_NAME = 'hooks';
+/** Lifecycle scripts that run automatically and are security-sensitive. */
+const DANGEROUS_HOOKS = new Set([
+    'preinstall',
+    'install',
+    'postinstall',
+    'preuninstall',
+    'uninstall',
+    'postuninstall',
+]);
+/** Shell commands that elevate a lifecycle script to critical severity. */
+const SHELL_COMMANDS = [
+    'curl',
+    'wget',
+    'bash',
+    'sh -c',
+    'node -e',
+    'powershell',
+    'cmd /c',
+];
+/**
+ * Scan package.json for lifecycle hook scripts.
+ */
+export async function scanHooks(pkgDir) {
+    const findings = [];
+    const pkgJsonPath = join(pkgDir, 'package.json');
+    let pkgJson;
+    try {
+        const raw = await fs.readFile(pkgJsonPath, 'utf-8');
+        pkgJson = JSON.parse(raw);
+    }
+    catch {
+        return {
+            name: SCANNER_NAME,
+            passed: true,
+            findings: [],
+            summary: 'No package.json found',
+        };
+    }
+    const scripts = pkgJson.scripts;
+    if (!scripts || typeof scripts !== 'object') {
+        return {
+            name: SCANNER_NAME,
+            passed: true,
+            findings: [],
+            summary: 'No scripts defined',
+        };
+    }
+    for (const [name, command] of Object.entries(scripts)) {
+        if (typeof command !== 'string')
+            continue;
+        // Handle 'prepare' script — info only (common for build steps)
+        if (name === 'prepare') {
+            findings.push({
+                scanner: SCANNER_NAME,
+                severity: 'info',
+                message: `"prepare" script defined: ${command}`,
+                file: 'package.json',
+                evidence: command,
+            });
+            continue;
+        }
+        // Only flag dangerous lifecycle hooks
+        if (!DANGEROUS_HOOKS.has(name))
+            continue;
+        // Check if the script contains shell commands (elevates to critical)
+        const hasShellCommand = SHELL_COMMANDS.some(cmd => command.toLowerCase().includes(cmd.toLowerCase()));
+        if (hasShellCommand) {
+            findings.push({
+                scanner: SCANNER_NAME,
+                severity: 'critical',
+                message: `"${name}" script executes shell commands: ${command}`,
+                file: 'package.json',
+                evidence: command,
+            });
+        }
+        else {
+            findings.push({
+                scanner: SCANNER_NAME,
+                severity: 'warning',
+                message: `"${name}" lifecycle script defined: ${command}`,
+                file: 'package.json',
+                evidence: command,
+            });
+        }
+    }
+    const criticalCount = findings.filter(f => f.severity === 'critical').length;
+    const warningCount = findings.filter(f => f.severity === 'warning').length;
+    const passed = criticalCount === 0 && warningCount === 0;
+    let summary;
+    if (findings.length === 0) {
+        summary = 'No lifecycle hooks found';
+    }
+    else {
+        const hookNames = findings
+            .filter(f => f.severity !== 'info')
+            .map(f => {
+            const match = f.message.match(/^"(\w+)"/);
+            return match ? match[1] : '';
+        })
+            .filter(Boolean);
+        if (hookNames.length > 0) {
+            summary = `Lifecycle hooks: ${hookNames.join(', ')}`;
+            if (criticalCount > 0)
+                summary += ` (${criticalCount} with shell commands)`;
+        }
+        else {
+            summary = 'Only benign lifecycle hooks (prepare)';
+        }
+    }
+    return {
+        name: SCANNER_NAME,
+        passed,
+        findings,
+        summary,
+    };
+}
+//# sourceMappingURL=hooks.js.map

package/dist/scanners/hooks.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hooks.js","sourceRoot":"","sources":["../../src/scanners/hooks.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,QAAQ,IAAI,EAAE,EAAE,MAAM,SAAS,CAAC;AACzC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAGjC,MAAM,YAAY,GAAG,OAAO,CAAC;AAE7B,2EAA2E;AAC3E,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC;IAC9B,YAAY;IACZ,SAAS;IACT,aAAa;IACb,cAAc;IACd,WAAW;IACX,eAAe;CAChB,CAAC,CAAC;AAEH,2EAA2E;AAC3E,MAAM,cAAc,GAAG;IACrB,MAAM;IACN,MAAM;IACN,MAAM;IACN,OAAO;IACP,SAAS;IACT,YAAY;IACZ,QAAQ;CACT,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,MAAc;IAC5C,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;IAEjD,IAAI,OAAgC,CAAC;IACrC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QACpD,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAA4B,CAAC;IACvD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,IAAI,EAAE,YAAY;YAClB,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE,EAAE;YACZ,OAAO,EAAE,uBAAuB;SACjC,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAG,OAAO,CAAC,OAA6C,CAAC;IACtE,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QAC5C,OAAO;YACL,IAAI,EAAE,YAAY;YAClB,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE,EAAE;YACZ,OAAO,EAAE,oBAAoB;SAC9B,CAAC;IACJ,CAAC;IAED,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACtD,IAAI,OAAO,OAAO,KAAK,QAAQ;YAAE,SAAS;QAE1C,+DAA+D;QAC/D,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;YACvB,QAAQ,CAAC,IAAI,CAAC;gBACZ,OAAO,EAAE,YAAY;gBACrB,QAAQ,EAAE,MAAM;gBAChB,OAAO,EAAE,6BAA6B,OAAO,EAAE;gBAC/C,IAAI,EAAE,cAAc;gBACpB,QAAQ,EAAE,OAAO;aAClB,CAAC,CAAC;YACH,SAAS;QACX,CAAC;QAED,sCAAsC;QACtC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC;YAAE,SAAS;QAEzC,qEAAqE;QACrE,MAAM,eAAe,GAAG,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAChD,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAClD,CAAC;QAEF,IAAI,eAAe,EAAE,CAAC;YACpB,QAAQ,CAAC,IAAI,CAAC;gBACZ,OAAO,EAAE,YAAY;gBACrB,QAAQ,EAAE,UAAU;gBACpB,OAAO,EAAE,IAAI,IAAI,qCAAqC,OAAO,EAAE;gBAC/D,IAAI,EAAE,cAAc;gBACpB,QAAQ,EAAE,OAAO;aAClB,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,IAAI,CAAC;gBACZ,OAAO,EAAE,YAAY;gBACrB,QAAQ,EAAE,SAAS;gBACnB,OAAO,EAAE,IAAI,IAAI,+BAA+B,OAAO,EAAE;gBACzD,IAAI,EAAE,cAAc;gBACpB,QAAQ,EAAE,OAAO;aAClB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,MAAM,aAAa,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IAC7E,MAAM,YAAY,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,MAAM,CAAC;IAC3E,MAAM,MAAM,GAAG,aAAa,KAAK,CAAC,IAAI,YAAY,KAAK,CAAC,CAAC;IAEzD,IAAI,OAAe,CAAC;IACpB,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,GAAG,0BAA0B,CAAC;IACvC,CAAC;SAAM,CAAC;QACN,MAAM,SAAS,GAAG,QAAQ;aACvB,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC;aAClC,GAAG,CAAC,CAAC,CAAC,EAAE;YACP,MAAM,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;YAC1C,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAC/B,CAAC,CAAC;aACD,MAAM,CAAC,OAAO,CAAC,CAAC;QAEnB,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzB,OAAO,GAAG,oBAAoB,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACrD,IAAI,aAAa,GAAG,CAAC;gBAAE,OAAO,IAAI,KAAK,aAAa,uBAAuB,CAAC;QAC9E,CAAC;aAAM,CAAC;YACN,OAAO,GAAG,uCAAuC,CAAC;QACpD,CAAC;IACH,CAAC;IAED,OAAO;QACL,IAAI,EAAE,YAAY;QAClB,MAAM;QACN,QAAQ;QACR,OAAO;KACR,CAAC;AACJ,CAAC"}

package/dist/scanners/ioc.d.ts

@@ -0,0 +1,17 @@
+/**
+ * IOC (Indicators of Compromise) scanner.
+ *
+ * Extracts URLs and IP addresses from package source code and outputs
+ * them in defanged format to prevent accidental navigation/resolution.
+ *
+ * Defanging: http → hxxp, :// → [://], . in domains/IPs → [.]
+ */
+import type { ScannerResult } from '../types.js';
+/**
+ * Scan all files in a package directory for URLs and IP addresses.
+ * Includes a deobfuscation layer that decodes hex escapes, unicode
+ * escapes, String.fromCharCode, and base64 before scanning.
+ * Returns them in defanged format.
+ */
+export declare function scanIoc(pkgDir: string): Promise<ScannerResult>;
+//# sourceMappingURL=ioc.d.ts.map

package/dist/scanners/ioc.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ioc.d.ts","sourceRoot":"","sources":["../../src/scanners/ioc.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,KAAK,EAAE,aAAa,EAAW,MAAM,aAAa,CAAC;AAqP1D;;;;;GAKG;AACH,wBAAsB,OAAO,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CAsMpE"}