rdapper 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Jake Jarvis
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,181 @@
+# 🎩 rdapper
+
+RDAP‑first domain registration lookups with WHOIS fallback. Produces a single, normalized record shape regardless of source.
+
+- RDAP discovery via IANA bootstrap (`https://data.iana.org/rdap/dns.json`)
+- WHOIS TCP 43 client with TLD discovery, registrar referral follow, and curated exceptions
+- Normalized output: registrar, contacts, nameservers, statuses, dates, DNSSEC, source metadata
+- TypeScript types included; ESM‑only; no external HTTP client (uses global `fetch`)
+
+Requirements: Node >= 18.17 (global `fetch`). WHOIS uses TCP port 43.
+
+## Install
+
+```bash
+npm install rdapper
+```
+
+## Quick Start
+
+```ts
+import { lookupDomain } from "rdapper";
+
+const { ok, record, error } = await lookupDomain("example.com");
+
+if (!ok) throw new Error(error);
+console.log(record); // normalized DomainRecord
+```
+
+Also available:
+
+```ts
+import { isRegistered, isAvailable } from "rdapper";
+
+await isRegistered("example.com"); // => true
+await isAvailable("likely-unregistered-thing-320485230458.com"); // => false
+```
+
+## API
+
+- `lookupDomain(domain, options?) => Promise<LookupResult>`
+  - Tries RDAP first if supported by the domain’s TLD; if unavailable or fails, falls back to WHOIS (unless toggled off).
+  - Result is `{ ok: boolean, record?: DomainRecord, error?: string }`.
+- `isRegistered(domain, options?) => Promise<boolean>`
+- `isAvailable(domain, options?) => Promise<boolean>`
+
+### Options
+
+- `timeoutMs?: number` – Total timeout budget per network operation (default `15000`).
+- `rdapOnly?: boolean` – Only attempt RDAP; do not fall back to WHOIS.
+- `whoisOnly?: boolean` – Skip RDAP and query WHOIS directly.
+- `followWhoisReferral?: boolean` – Follow registrar referral from the TLD WHOIS (default `true`).
+- `customBootstrapUrl?: string` – Override RDAP bootstrap URL.
+- `whoisHints?: Record<string, string>` – Override/add authoritative WHOIS per TLD (keys are lowercase TLDs, values may include or omit `whois://`).
+- `includeRaw?: boolean` – Include `rawRdap`/`rawWhois` in the returned record (default `false`).
+- `signal?: AbortSignal` – Optional cancellation signal.
+
+### `DomainRecord` schema
+
+The exact presence of fields depends on registry/registrar data and whether RDAP or WHOIS was used.
+
+```ts
+interface DomainRecord {
+  domain: string;             // normalized name (unicode when available)
+  tld: string;                // terminal TLD label (e.g., "com")
+  isRegistered: boolean;      // availability heuristic (WHOIS) or true (RDAP)
+  isIDN?: boolean;            // uses punycode labels (xn--)
+  unicodeName?: string;       // RDAP unicodeName when provided
+  punycodeName?: string;      // RDAP ldhName when provided
+  registry?: string;          // registry operator (rarely available)
+  registrar?: {
+    name?: string;
+    ianaId?: string;
+    url?: string;
+    email?: string;
+    phone?: string;
+  };
+  reseller?: string;
+  statuses?: Array<{
+    status: string;
+    description?: string;
+    raw?: string;
+  }>;
+  creationDate?: string;      // ISO 8601 (UTC)
+  updatedDate?: string;       // ISO 8601 (UTC)
+  expirationDate?: string;    // ISO 8601 (UTC)
+  deletionDate?: string;      // ISO 8601 (UTC)
+  transferLock?: boolean;     // derived from EPP statuses
+  dnssec?: {
+    enabled: boolean;
+    dsRecords?: Array<{
+      keyTag?: number;
+      algorithm?: number;
+      digestType?: number;
+      digest?: string;
+    }>;
+  };
+  nameservers?: Array<{
+    host: string;
+    ipv4?: string[];
+    ipv6?: string[];
+  }>;
+  contacts?: Array<{
+    type: "registrant" | "admin" | "tech" | "billing" | "abuse" | "registrar" | "reseller" | "unknown";
+    name?: string;
+    organization?: string;
+    email?: string | string[];
+    phone?: string | string[];
+    fax?: string | string[];
+    street?: string[];
+    city?: string;
+    state?: string;
+    postalCode?: string;
+    country?: string;
+    countryCode?: string;
+  }>;
+  whoisServer?: string;       // authoritative WHOIS queried (if any)
+  rdapServers?: string[];     // RDAP base URLs tried
+  rawRdap?: unknown;          // raw RDAP JSON (only when options.includeRaw)
+  rawWhois?: string;          // raw WHOIS text (only when options.includeRaw)
+  source: "rdap" | "whois";   // which path produced data
+  fetchedAt: string;          // ISO 8601 timestamp
+  warnings?: string[];
+}
+```
+
+### Example output
+
+```json
+{
+  "domain": "example.com",
+  "tld": "com",
+  "isRegistered": true,
+  "registrar": { "name": "Internet Assigned Numbers Authority", "ianaId": "376" },
+  "statuses": [{ "status": "clientTransferProhibited" }],
+  "nameservers": [{ "host": "a.iana-servers.net" }, { "host": "b.iana-servers.net" }],
+  "dnssec": { "enabled": true },
+  "source": "rdap",
+  "fetchedAt": "2025-01-01T00:00:00Z"
+}
+```
+
+## How it works
+
+- RDAP
+  - Discovers base URLs for the TLD via IANA’s RDAP bootstrap JSON.
+  - Tries each base until one responds successfully; parses standard RDAP domain JSON.
+  - Normalizes registrar (from `entities`), contacts (vCard), nameservers (`ipAddresses`), events (created/changed/expiration), statuses, and DNSSEC (`secureDNS`).
+- WHOIS
+  - Discovers the authoritative TLD WHOIS via `whois.iana.org` (TCP 43), with curated exceptions for tricky zones and public SLDs.
+  - Queries the TLD WHOIS; if a registrar referral is present and `followWhoisReferral !== false`, follows one hop to the registrar WHOIS.
+  - Normalizes common key/value variants across gTLD/ccTLD formats (dates, statuses, nameservers, contacts). Availability is inferred from common phrases (best‑effort heuristic).
+
+Timeouts are enforced per request using a simple race against `timeoutMs` (default 15s). All network I/O is performed with global `fetch` (RDAP) and a raw TCP socket (WHOIS).
+
+## Development
+
+- Build: `npm run build`
+- Test: `npm test`
+  - By default, tests are offline/deterministic.
+  - Smoke tests that hit the network are gated by `SMOKE=1`, e.g. `SMOKE=1 npm test`.
+- Lint/format: `npm run lint` (Biome)
+
+Project layout:
+
+- `src/rdap/` – RDAP bootstrap, client, and normalization
+- `src/whois/` – WHOIS TCP client, discovery/referral, normalization, exceptions
+- `src/lib/` – utilities for dates, text parsing, domain processing, async
+- `src/types.ts` – public types; `src/index.ts` re‑exports API and types
+- `cli.mjs` – local CLI helper for quick testing
+
+## Caveats
+
+- WHOIS text formats vary significantly across registries/registrars; normalization is best‑effort.
+- Availability detection relies on common WHOIS phrases and is not authoritative.
+- Some TLDs provide no RDAP service; `rdapOnly: true` will fail for them.
+- Registries may throttle or block WHOIS; respect rate limits and usage policies.
+- Field presence depends on source and privacy policies (e.g., redaction/withholding).
+
+## License
+
+[MIT](LICENSE)

package/dist/index.d.ts

@@ -0,0 +1,13 @@
+import type { LookupOptions, LookupResult } from "./types.js";
+/**
+ * High-level lookup that prefers RDAP and falls back to WHOIS.
+ * Ensures a standardized DomainRecord, independent of the source.
+ */
+export declare function lookupDomain(domain: string, opts?: LookupOptions): Promise<LookupResult>;
+/** Determine if a domain appears available (not registered).
+ * Performs a lookup and resolves to a boolean. Rejects on lookup error. */
+export declare function isAvailable(domain: string, opts?: LookupOptions): Promise<boolean>;
+/** Determine if a domain appears registered.
+ * Performs a lookup and resolves to a boolean. Rejects on lookup error. */
+export declare function isRegistered(domain: string, opts?: LookupOptions): Promise<boolean>;
+export type * from "./types.js";

package/dist/index.js

@@ -0,0 +1,109 @@
+import { toISO } from "./lib/dates.js";
+import { getDomainParts, isLikelyDomain } from "./lib/domain.js";
+import { getRdapBaseUrlsForTld } from "./rdap/bootstrap.js";
+import { fetchRdapDomain } from "./rdap/client.js";
+import { normalizeRdap } from "./rdap/normalize.js";
+import { whoisQuery } from "./whois/client.js";
+import { extractWhoisReferral, ianaWhoisServerForTld, } from "./whois/discovery.js";
+import { normalizeWhois } from "./whois/normalize.js";
+import { WHOIS_TLD_EXCEPTIONS } from "./whois/servers.js";
+/**
+ * High-level lookup that prefers RDAP and falls back to WHOIS.
+ * Ensures a standardized DomainRecord, independent of the source.
+ */
+export async function lookupDomain(domain, opts) {
+    try {
+        if (!isLikelyDomain(domain)) {
+            return { ok: false, error: "Input does not look like a domain" };
+        }
+        const { publicSuffix, tld } = getDomainParts(domain);
+        // Avoid non-null assertion: fallback to a stable ISO string if parsing ever fails
+        const now = toISO(new Date()) ?? new Date().toISOString().replace(/\.\d{3}Z$/, "Z");
+        // If WHOIS-only, skip RDAP path
+        if (!opts?.whoisOnly) {
+            const bases = await getRdapBaseUrlsForTld(tld, opts);
+            const tried = [];
+            for (const base of bases) {
+                tried.push(base);
+                try {
+                    const { json } = await fetchRdapDomain(domain, base, opts);
+                    const record = normalizeRdap(domain, tld, json, tried, now, !!opts?.includeRaw);
+                    return { ok: true, record };
+                }
+                catch {
+                    // try next base
+                }
+            }
+            // Some TLDs are not in bootstrap yet; continue to WHOIS fallback unless rdapOnly
+            if (opts?.rdapOnly) {
+                return {
+                    ok: false,
+                    error: "RDAP not available or failed for this TLD",
+                };
+            }
+        }
+        // WHOIS fallback path
+        const whoisServer = await ianaWhoisServerForTld(tld, opts);
+        if (!whoisServer) {
+            return { ok: false, error: "No WHOIS server discovered for TLD" };
+        }
+        // Query the TLD server first; if it returns a referral, we follow it below.
+        let res = await whoisQuery(whoisServer, domain, opts);
+        if (opts?.followWhoisReferral !== false) {
+            const referral = extractWhoisReferral(res.text);
+            if (referral && referral.toLowerCase() !== whoisServer.toLowerCase()) {
+                try {
+                    res = await whoisQuery(referral, domain, opts);
+                }
+                catch {
+                    // keep original
+                }
+            }
+        }
+        // If TLD registry returns no match and there was no referral, try multi-label public suffix candidates
+        if (publicSuffix.includes(".") &&
+            /no match|not found/i.test(res.text) &&
+            opts?.followWhoisReferral !== false) {
+            const candidates = [];
+            const ps = publicSuffix.toLowerCase();
+            // Prefer explicit exceptions when known
+            const exception = WHOIS_TLD_EXCEPTIONS[ps];
+            if (exception)
+                candidates.push(exception);
+            for (const server of candidates) {
+                try {
+                    const alt = await whoisQuery(server, domain, opts);
+                    if (alt.text && !/error/i.test(alt.text)) {
+                        res = alt;
+                        break;
+                    }
+                }
+                catch {
+                    // try next
+                }
+            }
+        }
+        const record = normalizeWhois(domain, tld, res.text, res.serverQueried, now, !!opts?.includeRaw);
+        return { ok: true, record };
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        return { ok: false, error: message };
+    }
+}
+/** Determine if a domain appears available (not registered).
+ * Performs a lookup and resolves to a boolean. Rejects on lookup error. */
+export async function isAvailable(domain, opts) {
+    const res = await lookupDomain(domain, opts);
+    if (!res.ok || !res.record)
+        throw new Error(res.error || "Lookup failed");
+    return res.record.isRegistered === false;
+}
+/** Determine if a domain appears registered.
+ * Performs a lookup and resolves to a boolean. Rejects on lookup error. */
+export async function isRegistered(domain, opts) {
+    const res = await lookupDomain(domain, opts);
+    if (!res.ok || !res.record)
+        throw new Error(res.error || "Lookup failed");
+    return res.record.isRegistered === true;
+}

package/dist/lib/async.d.ts

@@ -0,0 +1,2 @@
+export declare function withTimeout<T>(promise: Promise<T>, timeoutMs: number, reason?: string): Promise<T>;
+export declare function sleep(ms: number): Promise<void>;

package/dist/lib/async.js

@@ -0,0 +1,18 @@
+export function withTimeout(promise, timeoutMs, reason = "Timeout") {
+    if (!Number.isFinite(timeoutMs) || timeoutMs <= 0)
+        return promise;
+    let timer;
+    const timeout = new Promise((_, reject) => {
+        timer = setTimeout(() => reject(new Error(reason)), timeoutMs);
+    });
+    return Promise.race([
+        promise.finally(() => {
+            if (timer !== undefined)
+                clearTimeout(timer);
+        }),
+        timeout,
+    ]);
+}
+export function sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+}

package/dist/lib/constants.d.ts

@@ -0,0 +1 @@
+export declare const DEFAULT_TIMEOUT_MS = 15000;

package/dist/lib/constants.js

@@ -0,0 +1 @@
+export const DEFAULT_TIMEOUT_MS = 15000;

package/dist/lib/dates.d.ts

@@ -0,0 +1 @@
+export declare function toISO(dateLike: string | number | Date | undefined | null): string | undefined;

package/dist/lib/dates.js

@@ -0,0 +1,84 @@
+// Lightweight date parsing helpers to avoid external dependencies.
+// We aim to parse common RDAP and WHOIS date representations and return a UTC ISO string.
+export function toISO(dateLike) {
+    if (dateLike == null)
+        return undefined;
+    if (dateLike instanceof Date)
+        return toIsoFromDate(dateLike);
+    if (typeof dateLike === "number")
+        return toIsoFromDate(new Date(dateLike));
+    const raw = String(dateLike).trim();
+    if (!raw)
+        return undefined;
+    // Try several structured formats seen in WHOIS outputs (treat as UTC when no TZ provided)
+    const tryFormats = [
+        // 2023-01-02 03:04:05Z or without Z
+        /^(\d{4})-(\d{2})-(\d{2})[ T](\d{2}):(\d{2}):(\d{2})(?:Z)?$/,
+        // 2023/01/02 03:04:05
+        /^(\d{4})\/(\d{2})\/(\d{2})[ T](\d{2}):(\d{2}):(\d{2})$/,
+        // 02-Jan-2023
+        /^(\d{2})-([A-Za-z]{3})-(\d{4})$/,
+        // Jan 02 2023
+        /^([A-Za-z]{3})\s+(\d{1,2})\s+(\d{4})$/,
+    ];
+    for (const re of tryFormats) {
+        const m = raw.match(re);
+        if (!m)
+            continue;
+        const d = parseWithRegex(m, re);
+        if (d)
+            return toIsoFromDate(d);
+    }
+    // Fallback to native Date parsing (handles ISO and RFC2822 with TZ)
+    const native = new Date(raw);
+    if (!Number.isNaN(native.getTime()))
+        return toIsoFromDate(native);
+    return undefined;
+}
+function toIsoFromDate(d) {
+    try {
+        return new Date(Date.UTC(d.getUTCFullYear(), d.getUTCMonth(), d.getUTCDate(), d.getUTCHours(), d.getUTCMinutes(), d.getUTCSeconds(), 0))
+            .toISOString()
+            .replace(/\.\d{3}Z$/, "Z");
+    }
+    catch {
+        return undefined;
+    }
+}
+function parseWithRegex(m, _re) {
+    const monthMap = {
+        jan: 0,
+        feb: 1,
+        mar: 2,
+        apr: 3,
+        may: 4,
+        jun: 5,
+        jul: 6,
+        aug: 7,
+        sep: 8,
+        oct: 9,
+        nov: 10,
+        dec: 11,
+    };
+    try {
+        // If the matched string contains time components, parse as Y-M-D H:M:S
+        if (m[0].includes(":")) {
+            const [_, y, mo, d, hh, mm, ss] = m;
+            return new Date(Date.UTC(Number(y), Number(mo) - 1, Number(d), Number(hh), Number(mm), Number(ss)));
+        }
+        // If the matched string contains hyphens, treat as DD-MMM-YYYY
+        if (m[0].includes("-")) {
+            const [_, dd, monStr, yyyy] = m;
+            const mon = monthMap[monStr.toLowerCase()];
+            return new Date(Date.UTC(Number(yyyy), mon, Number(dd)));
+        }
+        // Otherwise treat as MMM DD YYYY
+        const [_, monStr, dd, yyyy] = m;
+        const mon = monthMap[monStr.toLowerCase()];
+        return new Date(Date.UTC(Number(yyyy), mon, Number(dd)));
+    }
+    catch {
+        // fall through to undefined
+    }
+    return undefined;
+}

package/dist/lib/domain.d.ts

@@ -0,0 +1,8 @@
+export declare function extractTld(domain: string): string;
+export declare function getDomainParts(domain: string): {
+    publicSuffix: string;
+    tld: string;
+};
+export declare function isLikelyDomain(input: string): boolean;
+export declare function punyToUnicode(domain: string): string;
+export declare function isWhoisAvailable(text: string | undefined): boolean;

package/dist/lib/domain.js

@@ -0,0 +1,64 @@
+import psl from "psl";
+export function extractTld(domain) {
+    const lower = domain.trim().toLowerCase();
+    try {
+        const parsed = psl.parse?.(lower);
+        const suffix = parsed?.tld;
+        if (suffix) {
+            const labels = String(suffix).split(".").filter(Boolean);
+            if (labels.length)
+                return labels[labels.length - 1];
+        }
+    }
+    catch {
+        // ignore and fall back
+    }
+    const parts = lower.split(".").filter(Boolean);
+    return parts[parts.length - 1] ?? lower;
+}
+export function getDomainParts(domain) {
+    const lower = domain.toLowerCase().trim();
+    let publicSuffix;
+    try {
+        const parsed = psl.parse?.(lower);
+        publicSuffix = parsed?.tld;
+    }
+    catch {
+        // ignore
+    }
+    if (!publicSuffix) {
+        const parts = lower.split(".").filter(Boolean);
+        publicSuffix = parts.length ? parts[parts.length - 1] : lower;
+    }
+    const labels = publicSuffix.split(".").filter(Boolean);
+    const tld = labels.length ? labels[labels.length - 1] : publicSuffix;
+    return { publicSuffix, tld };
+}
+export function isLikelyDomain(input) {
+    return /^[a-z0-9.-]+$/i.test(input) && input.includes(".");
+}
+export function punyToUnicode(domain) {
+    try {
+        return domain.normalize("NFC");
+    }
+    catch {
+        return domain;
+    }
+}
+// Common WHOIS availability phrases seen across registries/registrars
+const WHOIS_AVAILABLE_PATTERNS = [
+    /\bno match\b/i,
+    /\bnot found\b/i,
+    /\bno entries found\b/i,
+    /\bno data found\b/i,
+    /\bavailable for registration\b/i,
+    /\bdomain\s+available\b/i,
+    /\bdomain status[:\s]+available\b/i,
+    /\bobject does not exist\b/i,
+    /\bthe queried object does not exist\b/i,
+];
+export function isWhoisAvailable(text) {
+    if (!text)
+        return false;
+    return WHOIS_AVAILABLE_PATTERNS.some((re) => re.test(text));
+}

package/dist/lib/text.d.ts

@@ -0,0 +1,6 @@
+export declare function uniq<T>(arr: T[] | undefined | null): T[] | undefined;
+export declare function parseKeyValueLines(text: string): Record<string, string[]>;
+export declare function parseCsv(value: string | undefined): string[] | undefined;
+export declare function asString(value: unknown): string | undefined;
+export declare function asStringArray(value: unknown): string[] | undefined;
+export declare function asDateLike(value: unknown): string | number | Date | undefined;

package/dist/lib/text.js

@@ -0,0 +1,77 @@
+export function uniq(arr) {
+    if (!arr)
+        return undefined;
+    return Array.from(new Set(arr));
+}
+export function parseKeyValueLines(text) {
+    const map = new Map();
+    const lines = text.split(/\r?\n/);
+    let lastKey;
+    for (const rawLine of lines) {
+        const line = rawLine.replace(/\s+$/, "");
+        if (!line.trim())
+            continue;
+        // Bracketed form: [Key] value  (common in .jp and some ccTLDs)
+        const bracket = line.match(/^\s*\[([^\]]+)\]\s*(.*)$/);
+        if (bracket) {
+            const key = bracket[1].trim().toLowerCase();
+            const value = bracket[2].trim();
+            const list = map.get(key) ?? [];
+            if (value)
+                list.push(value);
+            map.set(key, list);
+            lastKey = key;
+            continue;
+        }
+        // Colon form: Key: value
+        const idx = line.indexOf(":");
+        if (idx !== -1) {
+            const key = line.slice(0, idx).trim().toLowerCase();
+            const value = line.slice(idx + 1).trim();
+            if (!key) {
+                lastKey = undefined;
+                continue;
+            }
+            const list = map.get(key) ?? [];
+            if (value)
+                list.push(value);
+            map.set(key, list);
+            lastKey = key;
+            continue;
+        }
+        // Continuation line: starts with indentation after a key appeared
+        if (lastKey && /^\s+/.test(line)) {
+            const value = line.trim();
+            if (value) {
+                const list = map.get(lastKey) ?? [];
+                list.push(value);
+                map.set(lastKey, list);
+            }
+        }
+        // Otherwise ignore non key-value lines
+    }
+    return Object.fromEntries(map);
+}
+export function parseCsv(value) {
+    if (!value)
+        return undefined;
+    return value
+        .split(/[,\s]+/)
+        .map((s) => s.trim())
+        .filter(Boolean);
+}
+export function asString(value) {
+    return typeof value === "string" ? value : undefined;
+}
+export function asStringArray(value) {
+    return Array.isArray(value)
+        ? value.filter((x) => typeof x === "string")
+        : undefined;
+}
+export function asDateLike(value) {
+    if (typeof value === "string" ||
+        typeof value === "number" ||
+        value instanceof Date)
+        return value;
+    return undefined;
+}

package/dist/rdap/bootstrap.d.ts

@@ -0,0 +1,6 @@
+import type { LookupOptions } from "../types.js";
+/**
+ * Resolve RDAP base URLs for a given TLD using IANA's bootstrap registry.
+ * Returns zero or more base URLs (always suffixed with a trailing slash).
+ */
+export declare function getRdapBaseUrlsForTld(tld: string, options?: LookupOptions): Promise<string[]>;

package/dist/rdap/bootstrap.js

@@ -0,0 +1,30 @@
+import { withTimeout } from "../lib/async.js";
+import { DEFAULT_TIMEOUT_MS } from "../lib/constants.js";
+/**
+ * Resolve RDAP base URLs for a given TLD using IANA's bootstrap registry.
+ * Returns zero or more base URLs (always suffixed with a trailing slash).
+ */
+export async function getRdapBaseUrlsForTld(tld, options) {
+    const bootstrapUrl = options?.customBootstrapUrl ?? "https://data.iana.org/rdap/dns.json";
+    const res = await withTimeout(fetch(bootstrapUrl, {
+        method: "GET",
+        headers: { accept: "application/json" },
+        signal: options?.signal,
+    }), options?.timeoutMs ?? DEFAULT_TIMEOUT_MS, "RDAP bootstrap timeout");
+    if (!res.ok)
+        return [];
+    const data = (await res.json());
+    const target = tld.toLowerCase();
+    const bases = [];
+    for (const svc of data.services) {
+        const tlds = svc[0];
+        const urls = svc[1];
+        if (tlds.map((x) => x.toLowerCase()).includes(target)) {
+            for (const u of urls) {
+                const base = u.endsWith("/") ? u : `${u}/`;
+                bases.push(base);
+            }
+        }
+    }
+    return Array.from(new Set(bases));
+}

package/dist/rdap/client.d.ts

@@ -0,0 +1,9 @@
+import type { LookupOptions } from "../types.js";
+/**
+ * Fetch RDAP JSON for a domain from a specific RDAP base URL.
+ * Throws on HTTP >= 400 (includes RDAP error JSON payloads).
+ */
+export declare function fetchRdapDomain(domain: string, baseUrl: string, options?: LookupOptions): Promise<{
+    url: string;
+    json: unknown;
+}>;

package/dist/rdap/client.js

@@ -0,0 +1,21 @@
+import { withTimeout } from "../lib/async.js";
+import { DEFAULT_TIMEOUT_MS } from "../lib/constants.js";
+// Use global fetch (Node 18+). For large JSON we keep it simple.
+/**
+ * Fetch RDAP JSON for a domain from a specific RDAP base URL.
+ * Throws on HTTP >= 400 (includes RDAP error JSON payloads).
+ */
+export async function fetchRdapDomain(domain, baseUrl, options) {
+    const url = new URL(`domain/${encodeURIComponent(domain)}`, baseUrl).toString();
+    const res = await withTimeout(fetch(url, {
+        method: "GET",
+        headers: { accept: "application/rdap+json, application/json" },
+        signal: options?.signal,
+    }), options?.timeoutMs ?? DEFAULT_TIMEOUT_MS, "RDAP lookup timeout");
+    if (!res.ok) {
+        const bodyText = await res.text();
+        throw new Error(`RDAP ${res.status}: ${bodyText.slice(0, 500)}`);
+    }
+    const json = await res.json();
+    return { url, json };
+}