pompelmi 0.35.5 → 1.0.0

package/dist/types/src/types.d.ts

@@ -1,48 +0,0 @@
-/** Shared types for Pompelmi */
-export type Verdict = "clean" | "suspicious" | "malicious";
-export interface YaraMatch {
-    rule: string;
-    namespace?: string;
-    tags?: string[];
-    meta?: Record<string, unknown>;
-}
-export * from "./types/decompilation";
-export interface Match {
-    rule: string;
-    severity?: "info" | "low" | "medium" | "high" | "critical" | "suspicious" | "malicious";
-    meta?: Record<string, unknown>;
-}
-export interface FileInfo {
-    name?: string;
-    mimeType?: string;
-    size?: number;
-    sha256?: string;
-}
-export type ScanContext = {
-    filename?: string;
-    mimeType?: string;
-    size?: number;
-};
-export type ScanFn = (input: Uint8Array, ctx?: ScanContext) => Promise<Match[]> | Match[];
-export type Scanner = ScanFn | {
-    name?: string;
-    scan: ScanFn;
-};
-interface BaseReport {
-    verdict: Verdict;
-    matches: YaraMatch[];
-    reasons?: string[];
-    file?: FileInfo;
-    durationMs?: number;
-    error?: string;
-    ok: boolean;
-    truncated?: boolean;
-    timedOut?: boolean;
-    engine?: string;
-}
-export interface NormalScanReport extends BaseReport {
-}
-export interface StreamScanReport extends BaseReport {
-}
-export type ScanReport = NormalScanReport | StreamScanReport;
-export type Uint8ArrayLike = Uint8Array | ArrayBufferView;

package/dist/types/src/useFileScanner.d.ts

@@ -1,15 +0,0 @@
-import type { ScanReport } from "./types";
-/**
- * React Hook: handles <input type="file" onChange> with validation + scanning.
- */
-export declare function useFileScanner(): {
-    results: {
-        file: File;
-        report: ScanReport;
-    }[];
-    errors: {
-        file: File;
-        error: string;
-    }[];
-    onChange: (e: React.ChangeEvent<HTMLInputElement>) => Promise<void>;
-};

package/dist/types/src/utils/advanced-detection.d.ts

@@ -1,21 +0,0 @@
-/**
- * Advanced threat detection utilities
- * @module utils/advanced-detection
- */
-import type { Match } from "../types";
-/**
- * Enhanced polyglot file detection
- * Detects files that can be interpreted as multiple formats
- */
-export declare function detectPolyglot(bytes: Uint8Array): Match[];
-/**
- * Detect obfuscated JavaScript/VBScript
- */
-export declare function detectObfuscatedScripts(bytes: Uint8Array): Match[];
-/**
- * Enhanced nested archive detection with depth limits
- */
-export declare function analyzeNestedArchives(bytes: Uint8Array, maxDepth?: number): {
-    depth: number;
-    hasExcessiveNesting: boolean;
-};

package/dist/types/src/utils/batch-scanner.d.ts

@@ -1,62 +0,0 @@
-/**
- * Batch scanning with concurrency control
- * @module utils/batch-scanner
- */
-import { type ScanOptions } from "../scan";
-import type { ScanContext, ScanReport } from "../types";
-export interface BatchScanOptions extends Omit<ScanOptions, "ctx"> {
-    /** Maximum concurrent scans (default: 5) */
-    concurrency?: number;
-    /** Callback for individual scan completion */
-    onProgress?: (completed: number, total: number, report: ScanReport) => void;
-    /** Callback for individual scan error */
-    onError?: (error: Error, index: number) => void;
-    /** Continue scanning on error (default: true) */
-    continueOnError?: boolean;
-    /** Enable result caching (default: false) */
-    enableCache?: boolean;
-}
-export interface BatchScanResult {
-    /** All scan reports (null for failed scans if continueOnError is true) */
-    reports: (ScanReport | null)[];
-    /** Number of successful scans */
-    successCount: number;
-    /** Number of failed scans */
-    errorCount: number;
-    /** Total duration in milliseconds */
-    totalDurationMs: number;
-    /** Errors encountered (if continueOnError is true) */
-    errors: Array<{
-        index: number;
-        error: Error;
-    }>;
-}
-export interface ScanTask {
-    /** File content to scan */
-    content: Uint8Array;
-    /** Scan context (filename, mime type, etc.) */
-    context?: ScanContext;
-}
-/**
- * Batch file scanner with concurrency control and progress tracking
- */
-export declare class BatchScanner {
-    private readonly options;
-    constructor(options?: BatchScanOptions);
-    /**
-     * Scan multiple files with controlled concurrency
-     */
-    scanBatch(tasks: ScanTask[]): Promise<BatchScanResult>;
-    /**
-     * Scan files from File objects (browser environment)
-     */
-    scanFiles(files: File[]): Promise<BatchScanResult>;
-    /**
-     * Scan files from file paths (Node.js environment)
-     */
-    scanFilePaths(filePaths: string[]): Promise<BatchScanResult>;
-}
-/**
- * Quick helper for batch scanning with default options
- */
-export declare function batchScan(tasks: ScanTask[], options?: BatchScanOptions): Promise<BatchScanResult>;

package/dist/types/src/utils/cache-manager.d.ts

@@ -1,95 +0,0 @@
-/**
- * Cache management system for scan results
- * @module utils/cache-manager
- */
-import type { ScanReport } from "../types";
-export interface CacheEntry {
-    /** Scan report */
-    report: ScanReport;
-    /** Timestamp when cached */
-    timestamp: number;
-    /** Number of times this entry was accessed */
-    accessCount: number;
-}
-export interface CacheOptions {
-    /** Maximum cache size in number of entries (default: 1000) */
-    maxSize?: number;
-    /** Time-to-live in milliseconds (default: 3600000 = 1 hour) */
-    ttl?: number;
-    /** Enable LRU eviction (default: true) */
-    enableLRU?: boolean;
-    /** Enable cache statistics (default: false) */
-    enableStats?: boolean;
-}
-export interface CacheStats {
-    /** Total cache hits */
-    hits: number;
-    /** Total cache misses */
-    misses: number;
-    /** Current cache size */
-    size: number;
-    /** Hit rate percentage */
-    hitRate: number;
-    /** Total evictions */
-    evictions: number;
-}
-/**
- * LRU cache for scan results with TTL support
- */
-export declare class ScanCacheManager {
-    private cache;
-    private readonly maxSize;
-    private readonly ttl;
-    private readonly enableLRU;
-    private readonly enableStats;
-    private stats;
-    constructor(options?: CacheOptions);
-    /**
-     * Generate cache key from file content
-     */
-    private generateKey;
-    /**
-     * Check if cache entry is still valid
-     */
-    private isValid;
-    /**
-     * Evict oldest or least-used entry when cache is full
-     */
-    private evict;
-    /**
-     * Store scan result in cache
-     */
-    set(content: Uint8Array, report: ScanReport, preset?: string): void;
-    /**
-     * Retrieve scan result from cache
-     */
-    get(content: Uint8Array, preset?: string): ScanReport | null;
-    /**
-     * Check if result exists in cache
-     */
-    has(content: Uint8Array, preset?: string): boolean;
-    /**
-     * Clear entire cache
-     */
-    clear(): void;
-    /**
-     * Remove expired entries
-     */
-    prune(): number;
-    /**
-     * Get cache statistics
-     */
-    getStats(): CacheStats;
-    /**
-     * Get current cache size
-     */
-    get size(): number;
-}
-/**
- * Get or create the default cache instance
- */
-export declare function getDefaultCache(options?: CacheOptions): ScanCacheManager;
-/**
- * Reset the default cache instance
- */
-export declare function resetDefaultCache(): void;

package/dist/types/src/utils/export.d.ts

@@ -1,51 +0,0 @@
-/**
- * Export utilities for scan results
- * @module utils/export
- */
-import type { ScanReport } from "../types";
-export type ExportFormat = "json" | "csv" | "markdown" | "html" | "sarif";
-export interface ExportOptions {
-    /** Include detailed match information */
-    includeDetails?: boolean;
-    /** Include performance metrics if available */
-    includeMetrics?: boolean;
-    /** Pretty print JSON output */
-    prettyPrint?: boolean;
-}
-/**
- * Export scan results to various formats
- */
-export declare class ScanResultExporter {
-    /**
-     * Export to JSON format
-     */
-    toJSON(reports: ScanReport | ScanReport[], options?: ExportOptions): string;
-    /**
-     * Export to CSV format
-     */
-    toCSV(reports: ScanReport | ScanReport[], options?: ExportOptions): string;
-    /**
-     * Export to Markdown format
-     */
-    toMarkdown(reports: ScanReport | ScanReport[], options?: ExportOptions): string;
-    /**
-     * Export to SARIF format (Static Analysis Results Interchange Format)
-     * Useful for CI/CD integration
-     */
-    toSARIF(reports: ScanReport | ScanReport[], options?: ExportOptions): string;
-    /**
-     * Export to HTML format
-     */
-    toHTML(reports: ScanReport | ScanReport[], options?: ExportOptions): string;
-    /**
-     * Export to specified format
-     */
-    export(reports: ScanReport | ScanReport[], format: ExportFormat, options?: ExportOptions): string;
-    private escapeCsv;
-    private escapeHtml;
-    private formatBytes;
-}
-/**
- * Quick export helper
- */
-export declare function exportScanResults(reports: ScanReport | ScanReport[], format: ExportFormat, options?: ExportOptions): string;

package/dist/types/src/utils/performance-metrics.d.ts

@@ -1,68 +0,0 @@
-/**
- * Performance monitoring utilities for pompelmi scans
- * @module utils/performance-metrics
- */
-export interface PerformanceMetrics {
-    /** Total scan duration in milliseconds */
-    totalDurationMs: number;
-    /** Time spent in heuristic analysis */
-    heuristicsDurationMs?: number;
-    /** Time spent in YARA scanning */
-    yaraDurationMs?: number;
-    /** Time spent reading/preparing file */
-    prepDurationMs?: number;
-    /** Throughput in bytes per second */
-    throughputBps?: number;
-    /** Number of bytes scanned */
-    bytesScanned: number;
-    /** Timestamp when scan started */
-    startedAt: number;
-    /** Timestamp when scan completed */
-    completedAt: number;
-}
-export interface ScanStatistics {
-    /** Total number of scans performed */
-    totalScans: number;
-    /** Number of clean files */
-    cleanCount: number;
-    /** Number of suspicious files */
-    suspiciousCount: number;
-    /** Number of malicious files */
-    maliciousCount: number;
-    /** Average scan duration */
-    avgDurationMs: number;
-    /** Average throughput */
-    avgThroughputBps: number;
-    /** Total bytes scanned */
-    totalBytesScanned: number;
-}
-/**
- * Track performance metrics for a scan operation
- */
-export declare class PerformanceTracker {
-    private startTime;
-    private checkpoints;
-    constructor();
-    /**
-     * Mark a checkpoint in the scan process
-     */
-    checkpoint(name: string): void;
-    /**
-     * Get duration since start or since a specific checkpoint
-     */
-    getDuration(since?: string): number;
-    /**
-     * Generate final metrics report
-     */
-    getMetrics(bytesScanned: number): PerformanceMetrics;
-}
-/**
- * Aggregate statistics from multiple scan reports
- */
-export declare function aggregateScanStats(reports: Array<{
-    verdict: string;
-    durationMs?: number;
-    file?: {
-        size?: number;
-    };
-}>): ScanStatistics;

package/dist/types/src/utils/threat-intelligence.d.ts

@@ -1,96 +0,0 @@
-/**
- * Threat intelligence integration and enhanced detection
- * @module utils/threat-intelligence
- */
-import type { ScanReport } from "../types";
-export interface ThreatIntelligenceSource {
-    /** Source name */
-    name: string;
-    /** Check if hash is known malicious */
-    checkHash: (hash: string) => Promise<ThreatInfo | null>;
-}
-export interface ThreatInfo {
-    /** Threat level (0-100) */
-    threatLevel: number;
-    /** Threat category */
-    category: string;
-    /** Source of the intelligence */
-    source: string;
-    /** Additional metadata */
-    metadata?: Record<string, unknown>;
-    /** Detection timestamp */
-    detectedAt?: Date;
-}
-export interface EnhancedScanReport {
-    /** Threat intelligence findings */
-    threatIntel?: ThreatInfo[];
-    /** File hash (SHA-256) */
-    fileHash?: string;
-    /** Risk score (0-100) */
-    riskScore?: number;
-    /** Include all properties from ScanReport */
-    verdict: import("../types").Verdict;
-    matches: import("../types").YaraMatch[];
-    reasons?: string[];
-    file?: import("../types").FileInfo;
-    durationMs?: number;
-    error?: string;
-    ok: boolean;
-    truncated?: boolean;
-    timedOut?: boolean;
-    engine?: string;
-}
-/**
- * Built-in threat intelligence - known malware hashes
- * In production, this would connect to real threat intel APIs
- */
-export declare class LocalThreatIntelligence implements ThreatIntelligenceSource {
-    name: string;
-    private knownThreats;
-    constructor();
-    private initializeKnownThreats;
-    checkHash(hash: string): Promise<ThreatInfo | null>;
-    /**
-     * Add a known threat to the local database
-     */
-    addThreat(hash: string, info: ThreatInfo): void;
-    /**
-     * Remove a threat from the local database
-     */
-    removeThreat(hash: string): boolean;
-    /**
-     * Get all known threats
-     */
-    getAllThreats(): Map<string, ThreatInfo>;
-}
-/**
- * Threat intelligence aggregator
- */
-export declare class ThreatIntelligenceAggregator {
-    private sources;
-    constructor(sources?: ThreatIntelligenceSource[]);
-    /**
-     * Add a threat intelligence source
-     */
-    addSource(source: ThreatIntelligenceSource): void;
-    /**
-     * Check file hash against all sources
-     */
-    checkHash(hash: string): Promise<ThreatInfo[]>;
-    /**
-     * Enhance scan report with threat intelligence
-     */
-    enhanceScanReport(content: Uint8Array, report: ScanReport): Promise<EnhancedScanReport>;
-    /**
-     * Calculate overall risk score based on scan results and threat intel
-     */
-    private calculateRiskScore;
-}
-/**
- * Create default threat intelligence aggregator
- */
-export declare function createThreatIntelligence(): ThreatIntelligenceAggregator;
-/**
- * Helper to get file hash
- */
-export declare function getFileHash(content: Uint8Array): string;

package/dist/types/src/validate.d.ts

@@ -1,7 +0,0 @@
-/**
- * Validates a File by MIME type and size (max 5 MB).
- */
-export declare function validateFile(file: File): {
-    valid: boolean;
-    error?: string;
-};

package/dist/types/src/verdict.d.ts

@@ -1,2 +0,0 @@
-import type { Verdict, YaraMatch } from "./types";
-export declare function mapMatchesToVerdict(matches?: YaraMatch[]): Verdict;

package/dist/types/src/yara/browser.d.ts

@@ -1,7 +0,0 @@
-import type { YaraEngine } from "./index";
-/**
- * Engine YARA lato browser — NO WASM.
- * È un no-op sicuro: non produce match e non richiede dipendenze native.
- * Se vuoi YARA in browser senza WASM, userai un adapter remoto (vedi step successivo).
- */
-export declare function createBrowserEngine(): Promise<YaraEngine>;

package/dist/types/src/yara/index.d.ts

@@ -1,17 +0,0 @@
-export interface YaraMatch {
-    rule: string;
-    tags?: string[];
-}
-export interface YaraCompiled {
-    scan(data: Uint8Array): Promise<YaraMatch[]>;
-    scanFile?: (filePath: string) => Promise<YaraMatch[]>;
-    scanFileAsync?: (filePath: string) => Promise<YaraMatch[]>;
-}
-export interface YaraEngine {
-    compile(rulesSource: string): Promise<YaraCompiled>;
-    compileFile?: (rulesPath: string) => Promise<YaraCompiled>;
-}
-export declare function createYaraEngine(): Promise<YaraEngine>;
-export declare function createYaraScannerFromRules(rulesSource: string): Promise<YaraCompiled>;
-export declare function createYaraScannerFromFile(rulesPath: string): Promise<YaraCompiled>;
-export { createRemoteEngine } from "./remote";

package/dist/types/src/yara/node.d.ts

@@ -1,2 +0,0 @@
-import type { YaraEngine } from "./index";
-export declare function createNodeEngine(): Promise<YaraEngine>;

package/dist/types/src/yara/remote.d.ts

@@ -1,10 +0,0 @@
-import type { YaraEngine } from "./index";
-export interface RemoteEngineOptions {
-    endpoint: string;
-    headers?: Record<string, string>;
-    rulesField?: string;
-    fileField?: string;
-    mode?: "multipart" | "json-base64";
-    rulesAsBase64?: boolean;
-}
-export declare function createRemoteEngine(opts: RemoteEngineOptions): Promise<YaraEngine>;

package/dist/types/src/yara-bridge.d.ts

@@ -1,3 +0,0 @@
-export declare function createScanner(rulesPath?: string): {
-    scan(bytes: Uint8Array): Promise<unknown>;
-};

package/dist/types/src/zip.d.ts

@@ -1,13 +0,0 @@
-export type ZipBudget = {
-    maxEntries: number;
-    maxDepth: number;
-    maxTotalUncompressed: number;
-    maxPerEntryUncompressed: number;
-    maxCompressionRatio: number;
-};
-export type ZipEntry = {
-    path: string;
-    depth: number;
-    data: Uint8Array;
-};
-export declare function iterateZip(buffer: Uint8Array, budget: ZipBudget, depth?: number): AsyncGenerator<ZipEntry>;

package/dist/types/stream.d.ts

@@ -1,10 +0,0 @@
-import type { ScanReport, YaraMatch } from "./types";
-export type ScanOptions = {
-    maxBytes?: number;
-    timeoutMs?: number;
-    detectMime?: boolean;
-    computeSha256?: boolean;
-    scanChunk?: (chunk: Uint8Array) => Promise<void> | void;
-    scanAll: (bytes: Uint8Array) => Promise<YaraMatch[]>;
-};
-export declare function scanStream(readable: NodeJS.ReadableStream, options: ScanOptions): Promise<ScanReport>;

package/dist/types/types/decompilation.d.ts

@@ -1,96 +0,0 @@
-/** Decompilation-specific types for Pompelmi */
-export type DecompilationEngine = "binaryninja-hlil" | "ghidra-pcode";
-export type AnalysisDepth = "minimal" | "basic" | "deep";
-export interface DecompilationMatch {
-    rule: string;
-    severity?: "low" | "medium" | "high" | "critical";
-    engine: DecompilationEngine;
-    confidence: number;
-    meta?: {
-        function?: string;
-        address?: string;
-        instruction?: string;
-        pattern?: string;
-        [key: string]: unknown;
-    };
-}
-export interface FunctionAnalysis {
-    name: string;
-    address: string;
-    size: number;
-    complexity?: number;
-    callCount?: number;
-    isObfuscated?: boolean;
-    hasAntiAnalysis?: boolean;
-    suspiciousCalls?: string[];
-}
-export interface DecompilationResult {
-    engine: DecompilationEngine;
-    success: boolean;
-    functions: FunctionAnalysis[];
-    matches: DecompilationMatch[];
-    meta?: {
-        analysisTime?: number;
-        binaryFormat?: string;
-        architecture?: string;
-        [key: string]: unknown;
-    };
-}
-export interface DecompilationScanner {
-    scan(bytes: Uint8Array): Promise<DecompilationMatch[]>;
-    analyze?(bytes: Uint8Array): Promise<DecompilationResult>;
-}
-export interface HLILInstruction {
-    operation: string;
-    address: string;
-    operands?: any[];
-    vars?: string[];
-}
-export interface HLILFunction {
-    name: string;
-    address: string;
-    instructions: HLILInstruction[];
-    basicBlocks?: number;
-    complexity?: number;
-}
-export interface BinaryNinjaOptions {
-    timeout?: number;
-    depth?: AnalysisDepth;
-    enableHeuristics?: boolean;
-    pythonPath?: string;
-    binaryNinjaPath?: string;
-}
-export interface PCodeOperation {
-    opcode: string;
-    address: string;
-    inputs?: string[];
-    output?: string;
-}
-export interface PCodeFunction {
-    name: string;
-    address: string;
-    operations: PCodeOperation[];
-    basicBlocks?: number;
-}
-export interface GhidraOptions {
-    timeout?: number;
-    depth?: AnalysisDepth;
-    enableHeuristics?: boolean;
-    ghidraPath?: string;
-    analyzeHeadless?: string;
-}
-export interface DecompilationOptions {
-    engine: DecompilationEngine;
-    timeout?: number;
-    depth?: AnalysisDepth;
-    enableHeuristics?: boolean;
-    binaryNinja?: BinaryNinjaOptions;
-    ghidra?: GhidraOptions;
-}
-export interface SuspiciousPattern {
-    name: string;
-    description: string;
-    severity: "low" | "medium" | "high" | "critical";
-    pattern: RegExp | string | ((instruction: any) => boolean);
-}
-export declare const SUSPICIOUS_PATTERNS: SuspiciousPattern[];