pompelmi 0.34.9 → 0.35.0

package/dist/types/types/taint-tracking.d.ts

@@ -7,15 +7,15 @@
 /**
  * Taint source types indicating where tainted data originates
  */
-export type TaintSource = 'user_input' | 'file_read' | 'network_recv' | 'registry_read' | 'environment' | 'crypto_weak' | 'external_api' | 'memory_leak' | 'time_source' | 'custom';
+export type TaintSource = "user_input" | "file_read" | "network_recv" | "registry_read" | "environment" | "crypto_weak" | "external_api" | "memory_leak" | "time_source" | "custom";
 /**
  * Taint sink types indicating where tainted data should not flow
  */
-export type TaintSink = 'exec_function' | 'file_write' | 'network_send' | 'registry_write' | 'sql_query' | 'format_string' | 'memory_alloc' | 'crypto_key' | 'auth_check' | 'log_output' | 'custom';
+export type TaintSink = "exec_function" | "file_write" | "network_send" | "registry_write" | "sql_query" | "format_string" | "memory_alloc" | "crypto_key" | "auth_check" | "log_output" | "custom";
 /**
  * Taint propagation operations that affect taint flow
  */
-export type TaintOperation = 'copy' | 'arithmetic' | 'bitwise' | 'comparison' | 'concatenation' | 'substring' | 'conversion' | 'encryption' | 'hash' | 'sanitization' | 'validation' | 'encoding' | 'custom';
+export type TaintOperation = "copy" | "arithmetic" | "bitwise" | "comparison" | "concatenation" | "substring" | "conversion" | "encryption" | "hash" | "sanitization" | "validation" | "encoding" | "custom";
 /**
  * Taint label with metadata for tracking
  */
@@ -35,7 +35,7 @@ export interface TaintLabel {
     confidence: number;
     /** Optional metadata for custom analysis */
     metadata?: {
-        severity?: 'low' | 'medium' | 'high' | 'critical';
+        severity?: "low" | "medium" | "high" | "critical";
         description?: string;
         tags?: string[];
         [key: string]: unknown;
@@ -136,7 +136,7 @@ export interface TaintConfig {
     hipaaCompliance?: {
         enabled: boolean;
         sanitizeAddresses?: boolean;
-        auditLevel?: 'minimal' | 'standard' | 'comprehensive';
+        auditLevel?: "minimal" | "standard" | "comprehensive";
     };
 }
 /**
@@ -169,7 +169,7 @@ export interface TaintFlow {
     /** Overall confidence of this flow */
     confidence: number;
     /** Severity assessment */
-    severity: 'low' | 'medium' | 'high' | 'critical';
+    severity: "low" | "medium" | "high" | "critical";
     /** Whether this represents a security vulnerability */
     isVulnerability: boolean;
     /** Additional metadata */
@@ -185,7 +185,7 @@ export interface TaintFlow {
  */
 export interface TaintAnalysisResult {
     /** Analysis engine identifier */
-    engine: 'dynamic-taint' | 'hybrid-taint';
+    engine: "dynamic-taint" | "hybrid-taint";
     /** Analysis success status */
     success: boolean;
     /** Total analysis time in milliseconds */
@@ -220,11 +220,11 @@ export interface TaintAnalysisResult {
 /**
  * Analysis engine types supported by the orchestrator
  */
-export type AnalysisEngine = 'binaryninja-hlil' | 'ghidra-pcode' | 'dynamic-taint' | 'static-analysis' | 'symbolic-execution' | 'fuzzing' | 'custom';
+export type AnalysisEngine = "binaryninja-hlil" | "ghidra-pcode" | "dynamic-taint" | "static-analysis" | "symbolic-execution" | "fuzzing" | "custom";
 /**
  * Analysis phase in the hybrid orchestration pipeline
  */
-export type AnalysisPhase = 'preprocessing' | 'static' | 'dynamic' | 'taint' | 'correlation' | 'postprocessing' | 'reporting';
+export type AnalysisPhase = "preprocessing" | "static" | "dynamic" | "taint" | "correlation" | "postprocessing" | "reporting";
 /**
  * Engine capability descriptor
  */
@@ -232,16 +232,16 @@ export interface EngineCapability {
     /** Engine identifier */
     engine: AnalysisEngine;
     /** Supported analysis types */
-    capabilities: Array<'decompilation' | 'disassembly' | 'taint_tracking' | 'control_flow' | 'data_flow' | 'symbolic_execution' | 'vulnerability_detection' | 'obfuscation_analysis' | 'crypto_analysis' | 'api_analysis'>;
+    capabilities: Array<"decompilation" | "disassembly" | "taint_tracking" | "control_flow" | "data_flow" | "symbolic_execution" | "vulnerability_detection" | "obfuscation_analysis" | "crypto_analysis" | "api_analysis">;
     /** Supported file formats */
     supportedFormats: string[];
     /** Supported architectures */
     supportedArchitectures: string[];
     /** Performance characteristics */
     performance: {
-        speed: 'fast' | 'medium' | 'slow';
-        accuracy: 'low' | 'medium' | 'high';
-        memoryUsage: 'low' | 'medium' | 'high';
+        speed: "fast" | "medium" | "slow";
+        accuracy: "low" | "medium" | "high";
+        memoryUsage: "low" | "medium" | "high";
     };
     /** Resource requirements */
     requirements: {
@@ -290,7 +290,7 @@ export interface TaskResult {
     /** Engine that executed the task */
     engine: AnalysisEngine;
     /** Execution status */
-    status: 'success' | 'failed' | 'timeout' | 'cancelled';
+    status: "success" | "failed" | "timeout" | "cancelled";
     /** Result data */
     result?: any;
     /** Execution metrics */
@@ -348,7 +348,7 @@ export interface OrchestrationStrategy {
         /** Enable cross-engine result correlation */
         enabled: boolean;
         /** Correlation algorithms to use */
-        algorithms: Array<'similarity' | 'overlap' | 'consensus' | 'weighted'>;
+        algorithms: Array<"similarity" | "overlap" | "consensus" | "weighted">;
         /** Confidence weighting by engine */
         engineWeights: {
             [engine in AnalysisEngine]?: number;
@@ -389,7 +389,7 @@ export interface HybridConfig {
     /** Result aggregation settings */
     aggregation: {
         /** How to combine results from multiple engines */
-        method: 'union' | 'intersection' | 'weighted' | 'consensus';
+        method: "union" | "intersection" | "weighted" | "consensus";
         /** Minimum confidence threshold for final results */
         confidenceThreshold: number;
         /** Whether to include intermediate results */
@@ -439,8 +439,8 @@ export interface HybridAnalysisResult {
     };
     /** Recommendations based on analysis */
     recommendations?: Array<{
-        type: 'security' | 'performance' | 'analysis';
-        severity: 'info' | 'warning' | 'critical';
+        type: "security" | "performance" | "analysis";
+        severity: "info" | "warning" | "critical";
         message: string;
         evidence?: any;
     }>;
@@ -492,4 +492,4 @@ export interface HybridOrchestrator {
         estimatedTimeRemaining: number;
     }>;
 }
-export { type DecompilationMatch, type FunctionAnalysis, type DecompilationResult, type DecompilationScanner, type BinaryNinjaOptions, type GhidraOptions } from './decompilation';
+export type { BinaryNinjaOptions, DecompilationMatch, DecompilationResult, DecompilationScanner, FunctionAnalysis, GhidraOptions, } from "./decompilation";

package/dist/types/types.d.ts

@@ -1,15 +1,15 @@
 /** Shared types for Pompelmi */
-export type Verdict = 'clean' | 'suspicious' | 'malicious';
+export type Verdict = "clean" | "suspicious" | "malicious";
 export interface YaraMatch {
     rule: string;
     namespace?: string;
     tags?: string[];
     meta?: Record<string, unknown>;
 }
-export * from './types/decompilation';
+export * from "./types/decompilation";
 export interface Match {
     rule: string;
-    severity?: 'info' | 'low' | 'medium' | 'high' | 'critical' | 'suspicious' | 'malicious';
+    severity?: "info" | "low" | "medium" | "high" | "critical" | "suspicious" | "malicious";
     meta?: Record<string, unknown>;
 }
 export interface FileInfo {

package/dist/types/useFileScanner.d.ts

@@ -1,4 +1,4 @@
-import type { ScanReport } from './types';
+import type { ScanReport } from "./types";
 /**
  * React Hook: handles <input type="file" onChange> with validation + scanning.
  */

package/dist/types/utils/advanced-detection.d.ts

@@ -2,7 +2,7 @@
  * Advanced threat detection utilities
  * @module utils/advanced-detection
  */
-import type { Match } from '../types';
+import type { Match } from "../types";
 /**
  * Enhanced polyglot file detection
  * Detects files that can be interpreted as multiple formats

package/dist/types/utils/batch-scanner.d.ts

@@ -2,9 +2,9 @@
  * Batch scanning with concurrency control
  * @module utils/batch-scanner
  */
-import type { ScanReport, ScanContext } from '../types';
-import { type ScanOptions } from '../scan';
-export interface BatchScanOptions extends Omit<ScanOptions, 'ctx'> {
+import { type ScanOptions } from "../scan";
+import type { ScanContext, ScanReport } from "../types";
+export interface BatchScanOptions extends Omit<ScanOptions, "ctx"> {
     /** Maximum concurrent scans (default: 5) */
     concurrency?: number;
     /** Callback for individual scan completion */

package/dist/types/utils/cache-manager.d.ts

@@ -2,7 +2,7 @@
  * Cache management system for scan results
  * @module utils/cache-manager
  */
-import type { ScanReport } from '../types';
+import type { ScanReport } from "../types";
 export interface CacheEntry {
     /** Scan report */
     report: ScanReport;

package/dist/types/utils/export.d.ts

@@ -2,8 +2,8 @@
  * Export utilities for scan results
  * @module utils/export
  */
-import type { ScanReport } from '../types';
-export type ExportFormat = 'json' | 'csv' | 'markdown' | 'html' | 'sarif';
+import type { ScanReport } from "../types";
+export type ExportFormat = "json" | "csv" | "markdown" | "html" | "sarif";
 export interface ExportOptions {
     /** Include detailed match information */
     includeDetails?: boolean;

package/dist/types/utils/threat-intelligence.d.ts

@@ -2,7 +2,7 @@
  * Threat intelligence integration and enhanced detection
  * @module utils/threat-intelligence
  */
-import type { ScanReport } from '../types';
+import type { ScanReport } from "../types";
 export interface ThreatIntelligenceSource {
     /** Source name */
     name: string;
@@ -29,10 +29,10 @@ export interface EnhancedScanReport {
     /** Risk score (0-100) */
     riskScore?: number;
     /** Include all properties from ScanReport */
-    verdict: import('../types').Verdict;
-    matches: import('../types').YaraMatch[];
+    verdict: import("../types").Verdict;
+    matches: import("../types").YaraMatch[];
     reasons?: string[];
-    file?: import('../types').FileInfo;
+    file?: import("../types").FileInfo;
     durationMs?: number;
     error?: string;
     ok: boolean;

package/dist/types/verdict.d.ts

@@ -1,2 +1,2 @@
-import type { YaraMatch, Verdict } from './types';
+import type { Verdict, YaraMatch } from "./types";
 export declare function mapMatchesToVerdict(matches?: YaraMatch[]): Verdict;

package/dist/types/yara/browser.d.ts

@@ -1,4 +1,4 @@
-import type { YaraEngine } from './index';
+import type { YaraEngine } from "./index";
 /**
  * Engine YARA lato browser — NO WASM.
  * È un no-op sicuro: non produce match e non richiede dipendenze native.

package/dist/types/yara/index.d.ts

@@ -14,4 +14,4 @@ export interface YaraEngine {
 export declare function createYaraEngine(): Promise<YaraEngine>;
 export declare function createYaraScannerFromRules(rulesSource: string): Promise<YaraCompiled>;
 export declare function createYaraScannerFromFile(rulesPath: string): Promise<YaraCompiled>;
-export { createRemoteEngine } from './remote';
+export { createRemoteEngine } from "./remote";

package/dist/types/yara/node.d.ts

@@ -1,2 +1,2 @@
-import type { YaraEngine } from './index';
+import type { YaraEngine } from "./index";
 export declare function createNodeEngine(): Promise<YaraEngine>;

package/dist/types/yara/remote.d.ts

@@ -1,10 +1,10 @@
-import type { YaraEngine } from './index';
+import type { YaraEngine } from "./index";
 export interface RemoteEngineOptions {
     endpoint: string;
     headers?: Record<string, string>;
     rulesField?: string;
     fileField?: string;
-    mode?: 'multipart' | 'json-base64';
+    mode?: "multipart" | "json-base64";
     rulesAsBase64?: boolean;
 }
 export declare function createRemoteEngine(opts: RemoteEngineOptions): Promise<YaraEngine>;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pompelmi",
-  "version": "0.34.9",
+  "version": "0.35.0",
   "description": "Secure file uploads for Node.js. Scan untrusted files before storage with in-process, local-first checks for MIME spoofing, archive bombs, risky document structures, and optional YARA.",
   "main": "./dist/pompelmi.cjs",
   "module": "./dist/pompelmi.esm.js",
@@ -120,21 +120,21 @@
     "@pompelmi/core": "workspace:*",
     "@pompelmi/engine": "workspace:*",
     "@pompelmi/engine-heuristics": "workspace:^0.2.0",
-    "@rollup/plugin-commonjs": "^28.0.6",
+    "@rollup/plugin-commonjs": "^29.0.2",
     "@rollup/plugin-node-resolve": "^16.0.1",
     "@rollup/plugin-typescript": "^12.1.4",
     "@types/cors": "^2.8.19",
     "@types/express": "^5.0.3",
     "@types/multer": "^2.0.0",
-    "@types/node": "^24.3.0",
+    "@types/node": "^25.5.0",
     "@types/react": "^19.1.8",
     "@types/unzipper": "^0.10.11",
-    "@vitest/coverage-v8": "^2",
+    "@vitest/coverage-v8": "^4",
     "cors": "^2.8.5",
     "depcheck": "^1.4.7",
     "express": "^5.1.0",
     "gh-pages": "^6.3.0",
-    "knip": "^5.64.0",
+    "knip": "^6.1.1",
     "multer": "^2.0.2",
     "react": "^19.2.0",
     "rollup": "^4.x",
@@ -142,7 +142,7 @@
     "tslib": "^2.8.1",
     "tsup": "^8",
     "tsx": "^4.20.3",
-    "typescript": "^5.9.2",
+    "typescript": "^6.0.2",
     "vitest": "2.1.9"
   },
   "peerDependencies": {