rdapper 0.1.1 → 0.3.0

package/dist/index.js

@@ -1,120 +1,1032 @@
-import { toISO } from "./lib/dates.js";
-import { getDomainParts, isLikelyDomain } from "./lib/domain.js";
-import { getRdapBaseUrlsForTld } from "./rdap/bootstrap.js";
-import { fetchRdapDomain } from "./rdap/client.js";
-import { normalizeRdap } from "./rdap/normalize.js";
-import { whoisQuery } from "./whois/client.js";
-import { extractWhoisReferral, ianaWhoisServerForTld, getIanaWhoisTextForTld, parseIanaRegistrationInfoUrl, } from "./whois/discovery.js";
-import { normalizeWhois } from "./whois/normalize.js";
-import { WHOIS_TLD_EXCEPTIONS } from "./whois/servers.js";
+import psl from "psl";
+import { createConnection } from "node:net";
+
+//#region src/lib/dates.ts
+function toISO(dateLike) {
+	if (dateLike == null) return void 0;
+	if (dateLike instanceof Date) return toIsoFromDate(dateLike);
+	if (typeof dateLike === "number") return toIsoFromDate(new Date(dateLike));
+	const raw = String(dateLike).trim();
+	if (!raw) return void 0;
+	for (const re of [
+		/^(\d{4})-(\d{2})-(\d{2})[ T](\d{2}):(\d{2}):(\d{2})(?:Z|([+-]\d{2})(?::?(\d{2}))?)?$/,
+		/^(\d{4})\/(\d{2})\/(\d{2})[ T](\d{2}):(\d{2}):(\d{2})(?:Z|([+-]\d{2})(?::?(\d{2}))?)?$/,
+		/^(\d{2})-([A-Za-z]{3})-(\d{4})$/,
+		/^([A-Za-z]{3})\s+(\d{1,2})\s+(\d{4})$/
+	]) {
+		const m = raw.match(re);
+		if (!m) continue;
+		const d = parseDateWithRegex(m, re);
+		if (d) return toIsoFromDate(d);
+	}
+	const native = new Date(raw);
+	if (!Number.isNaN(native.getTime())) return toIsoFromDate(native);
+}
+function toIsoFromDate(d) {
+	try {
+		return new Date(Date.UTC(d.getUTCFullYear(), d.getUTCMonth(), d.getUTCDate(), d.getUTCHours(), d.getUTCMinutes(), d.getUTCSeconds(), 0)).toISOString().replace(/\.\d{3}Z$/, "Z");
+	} catch {
+		return;
+	}
+}
+function parseDateWithRegex(m, _re) {
+	const monthMap = {
+		jan: 0,
+		feb: 1,
+		mar: 2,
+		apr: 3,
+		may: 4,
+		jun: 5,
+		jul: 6,
+		aug: 7,
+		sep: 8,
+		oct: 9,
+		nov: 10,
+		dec: 11
+	};
+	try {
+		if (m[0].includes(":")) {
+			const [_$1, y, mo, d, hh, mm, ss, offH, offM] = m;
+			let dt = Date.UTC(Number(y), Number(mo) - 1, Number(d), Number(hh), Number(mm), Number(ss));
+			if (offH) {
+				const sign = offH.startsWith("-") ? -1 : 1;
+				const hours = Math.abs(Number(offH));
+				const minutes = offM ? Number(offM) : 0;
+				const offsetMs = sign * (hours * 60 + minutes) * 60 * 1e3;
+				dt -= offsetMs;
+			}
+			return new Date(dt);
+		}
+		if (m[0].includes("-")) {
+			const [_$1, dd$1, monStr$1, yyyy$1] = m;
+			const mon$1 = monthMap[monStr$1.toLowerCase()];
+			return new Date(Date.UTC(Number(yyyy$1), mon$1, Number(dd$1)));
+		}
+		const [_, monStr, dd, yyyy] = m;
+		const mon = monthMap[monStr.toLowerCase()];
+		return new Date(Date.UTC(Number(yyyy), mon, Number(dd)));
+	} catch {}
+}
+
+//#endregion
+//#region src/lib/domain.ts
+function getDomainParts(domain) {
+	const lower = domain.toLowerCase().trim();
+	let publicSuffix;
+	try {
+		publicSuffix = (psl.parse?.(lower))?.tld;
+	} catch {}
+	if (!publicSuffix) {
+		const parts = lower.split(".").filter(Boolean);
+		publicSuffix = parts.length ? parts[parts.length - 1] : lower;
+	}
+	const labels = publicSuffix.split(".").filter(Boolean);
+	const tld = labels.length ? labels[labels.length - 1] : publicSuffix;
+	return {
+		publicSuffix,
+		tld
+	};
+}
+function isLikelyDomain(input) {
+	return /^[a-z0-9.-]+$/i.test(input) && input.includes(".");
+}
+const WHOIS_AVAILABLE_PATTERNS = [
+	/\bno match\b/i,
+	/\bnot found\b/i,
+	/\bno entries found\b/i,
+	/\bno data found\b/i,
+	/\bavailable for registration\b/i,
+	/\bdomain\s+available\b/i,
+	/\bdomain status[:\s]+available\b/i,
+	/\bobject does not exist\b/i,
+	/\bthe queried object does not exist\b/i
+];
+function isWhoisAvailable(text) {
+	if (!text) return false;
+	return WHOIS_AVAILABLE_PATTERNS.some((re) => re.test(text));
+}
+
+//#endregion
+//#region src/lib/async.ts
+function withTimeout(promise, timeoutMs, reason = "Timeout") {
+	if (!Number.isFinite(timeoutMs) || timeoutMs <= 0) return promise;
+	let timer;
+	const timeout = new Promise((_, reject) => {
+		timer = setTimeout(() => reject(new Error(reason)), timeoutMs);
+	});
+	return Promise.race([promise.finally(() => {
+		if (timer !== void 0) clearTimeout(timer);
+	}), timeout]);
+}
+
+//#endregion
+//#region src/lib/constants.ts
+const DEFAULT_TIMEOUT_MS = 15e3;
+
+//#endregion
+//#region src/rdap/bootstrap.ts
+/**
+* Resolve RDAP base URLs for a given TLD using IANA's bootstrap registry.
+* Returns zero or more base URLs (always suffixed with a trailing slash).
+*/
+async function getRdapBaseUrlsForTld(tld, options) {
+	const bootstrapUrl = options?.customBootstrapUrl ?? "https://data.iana.org/rdap/dns.json";
+	const res = await withTimeout(fetch(bootstrapUrl, {
+		method: "GET",
+		headers: { accept: "application/json" },
+		signal: options?.signal
+	}), options?.timeoutMs ?? DEFAULT_TIMEOUT_MS, "RDAP bootstrap timeout");
+	if (!res.ok) return [];
+	const data = await res.json();
+	const target = tld.toLowerCase();
+	const bases = [];
+	for (const svc of data.services) {
+		const tlds = svc[0];
+		const urls = svc[1];
+		if (tlds.map((x) => x.toLowerCase()).includes(target)) for (const u of urls) {
+			const base = u.endsWith("/") ? u : `${u}/`;
+			bases.push(base);
+		}
+	}
+	return Array.from(new Set(bases));
+}
+
+//#endregion
+//#region src/rdap/client.ts
+/**
+* Fetch RDAP JSON for a domain from a specific RDAP base URL.
+* Throws on HTTP >= 400 (includes RDAP error JSON payloads).
+*/
+async function fetchRdapDomain(domain, baseUrl, options) {
+	const url = new URL(`domain/${encodeURIComponent(domain)}`, baseUrl).toString();
+	const res = await withTimeout(fetch(url, {
+		method: "GET",
+		headers: { accept: "application/rdap+json, application/json" },
+		signal: options?.signal
+	}), options?.timeoutMs ?? DEFAULT_TIMEOUT_MS, "RDAP lookup timeout");
+	if (!res.ok) {
+		const bodyText = await res.text();
+		throw new Error(`RDAP ${res.status}: ${bodyText.slice(0, 500)}`);
+	}
+	const json = await res.json();
+	return {
+		url,
+		json
+	};
+}
+
+//#endregion
+//#region src/rdap/links.ts
+/** Extract candidate RDAP link URLs from an RDAP document. */
+function extractRdapRelatedLinks(doc, opts) {
+	const rels = (opts?.rdapLinkRels?.length ? opts.rdapLinkRels : [
+		"related",
+		"entity",
+		"registrar",
+		"alternate"
+	]).map((r) => r.toLowerCase());
+	const d = doc ?? {};
+	const arr = Array.isArray(d?.links) ? d.links : [];
+	const out = [];
+	for (const link of arr) {
+		const rel = String(link.rel || "").toLowerCase();
+		const type = String(link.type || "").toLowerCase();
+		if (!rels.includes(rel)) continue;
+		if (type && !/application\/rdap\+json/i.test(type)) continue;
+		const url = link.href || link.value;
+		if (url && /^https?:\/\//i.test(url)) out.push(url);
+	}
+	return Array.from(new Set(out));
+}
+
+//#endregion
+//#region src/rdap/merge.ts
+/** Merge RDAP documents with a conservative, additive strategy. */
+function mergeRdapDocs(baseDoc, others) {
+	const merged = { ...baseDoc };
+	for (const doc of others) {
+		const cur = doc ?? {};
+		merged.status = uniqStrings([...toStringArray(merged.status), ...toStringArray(cur.status)]);
+		merged.events = uniqBy([...toArray(merged.events), ...toArray(cur.events)], (e) => `${String(e?.eventAction ?? "").toLowerCase()}|${String(e?.eventDate ?? "")}`);
+		merged.nameservers = uniqBy([...toArray(merged.nameservers), ...toArray(cur.nameservers)], (n) => `${String(n?.ldhName ?? n?.unicodeName ?? "").toLowerCase()}`);
+		merged.entities = uniqBy([...toArray(merged.entities), ...toArray(cur.entities)], (e) => `${String(e?.handle ?? "").toLowerCase()}|${String(JSON.stringify(e?.roles || [])).toLowerCase()}|${String(JSON.stringify(e?.vcardArray || [])).toLowerCase()}`);
+		if (merged.secureDNS == null && cur.secureDNS != null) merged.secureDNS = cur.secureDNS;
+		if (merged.port43 == null && cur.port43 != null) merged.port43 = cur.port43;
+		const mergedRemarks = merged.remarks;
+		const curRemarks = cur.remarks;
+		if (Array.isArray(mergedRemarks) || Array.isArray(curRemarks)) {
+			const a = toArray(mergedRemarks);
+			const b = toArray(curRemarks);
+			merged.remarks = [...a, ...b];
+		}
+	}
+	return merged;
+}
+/** Fetch and merge RDAP related documents up to a hop limit. */
+async function fetchAndMergeRdapRelated(domain, baseDoc, opts) {
+	const tried = [];
+	if (opts?.rdapFollowLinks === false) return {
+		merged: baseDoc,
+		serversTried: tried
+	};
+	const maxHops = Math.max(0, opts?.maxRdapLinkHops ?? 2);
+	if (maxHops === 0) return {
+		merged: baseDoc,
+		serversTried: tried
+	};
+	const visited = /* @__PURE__ */ new Set();
+	let current = baseDoc;
+	let hops = 0;
+	while (hops < maxHops) {
+		const nextBatch = extractRdapRelatedLinks(current, { rdapLinkRels: opts?.rdapLinkRels }).filter((u) => !visited.has(u));
+		if (nextBatch.length === 0) break;
+		const fetchedDocs = [];
+		for (const url of nextBatch) {
+			visited.add(url);
+			try {
+				const { json } = await fetchRdapUrl(url, opts);
+				tried.push(url);
+				const ldh = String(json?.ldhName ?? "").toLowerCase();
+				const uni = String(json?.unicodeName ?? "").toLowerCase();
+				if (ldh && !sameDomain(ldh, domain)) continue;
+				if (uni && !sameDomain(uni, domain)) continue;
+				fetchedDocs.push(json);
+			} catch {}
+		}
+		if (fetchedDocs.length === 0) break;
+		current = mergeRdapDocs(current, fetchedDocs);
+		hops += 1;
+	}
+	return {
+		merged: current,
+		serversTried: tried
+	};
+}
+async function fetchRdapUrl(url, options) {
+	const res = await withTimeout(fetch(url, {
+		method: "GET",
+		headers: { accept: "application/rdap+json, application/json" },
+		signal: options?.signal
+	}), options?.timeoutMs ?? DEFAULT_TIMEOUT_MS, "RDAP link fetch timeout");
+	if (!res.ok) {
+		const bodyText = await res.text();
+		throw new Error(`RDAP ${res.status}: ${bodyText.slice(0, 500)}`);
+	}
+	const json = await res.json();
+	return {
+		url,
+		json
+	};
+}
+function toArray(val) {
+	return Array.isArray(val) ? val : [];
+}
+function toStringArray(val) {
+	return Array.isArray(val) ? val.map((v) => String(v)) : [];
+}
+function uniqStrings(arr) {
+	return Array.from(new Set(arr));
+}
+function uniqBy(arr, key) {
+	const seen = /* @__PURE__ */ new Set();
+	const out = [];
+	for (const item of arr) {
+		const k = key(item);
+		if (seen.has(k)) continue;
+		seen.add(k);
+		out.push(item);
+	}
+	return out;
+}
+function sameDomain(a, b) {
+	return a.toLowerCase() === b.toLowerCase();
+}
+
+//#endregion
+//#region src/lib/text.ts
+function uniq(arr) {
+	if (!arr) return void 0;
+	return Array.from(new Set(arr));
+}
+function parseKeyValueLines(text) {
+	const map = /* @__PURE__ */ new Map();
+	const lines = text.split(/\r?\n/);
+	let lastKey;
+	for (const rawLine of lines) {
+		const line = rawLine.replace(/\s+$/, "");
+		if (!line.trim()) continue;
+		const bracket = line.match(/^\s*\[([^\]]+)\]\s*(.*)$/);
+		if (bracket) {
+			const key = bracket[1].trim().toLowerCase();
+			const value = bracket[2].trim();
+			const list = map.get(key) ?? [];
+			if (value) list.push(value);
+			map.set(key, list);
+			lastKey = key;
+			continue;
+		}
+		const idx = line.indexOf(":");
+		if (idx !== -1) {
+			const key = line.slice(0, idx).trim().toLowerCase();
+			const value = line.slice(idx + 1).trim();
+			if (!key) {
+				lastKey = void 0;
+				continue;
+			}
+			const list = map.get(key) ?? [];
+			if (value) list.push(value);
+			map.set(key, list);
+			lastKey = key;
+			continue;
+		}
+		if (lastKey && /^\s+/.test(line)) {
+			const value = line.trim();
+			if (value) {
+				const list = map.get(lastKey) ?? [];
+				list.push(value);
+				map.set(lastKey, list);
+			}
+		}
+	}
+	return Object.fromEntries(map);
+}
+function asString(value) {
+	return typeof value === "string" ? value : void 0;
+}
+function asStringArray(value) {
+	return Array.isArray(value) ? value.filter((x) => typeof x === "string") : void 0;
+}
+function asDateLike(value) {
+	if (typeof value === "string" || typeof value === "number" || value instanceof Date) return value;
+}
+
+//#endregion
+//#region src/rdap/normalize.ts
+/**
+* Convert RDAP JSON into our normalized DomainRecord.
+* This function is defensive: RDAP servers vary in completeness and field naming.
+*/
+function normalizeRdap(inputDomain, tld, rdap, rdapServersTried, fetchedAtISO, includeRaw = false) {
+	const doc = rdap ?? {};
+	const ldhName = asString(doc.ldhName) || asString(doc.handle);
+	const unicodeName = asString(doc.unicodeName);
+	const registrar = extractRegistrar(doc.entities);
+	const nameservers = Array.isArray(doc.nameservers) ? doc.nameservers.map((ns) => {
+		const host = (asString(ns.ldhName) ?? asString(ns.unicodeName) ?? "").toLowerCase();
+		const ip = ns.ipAddresses;
+		const ipv4 = asStringArray(ip?.v4);
+		const ipv6 = asStringArray(ip?.v6);
+		const n = { host };
+		if (ipv4?.length) n.ipv4 = ipv4;
+		if (ipv6?.length) n.ipv6 = ipv6;
+		return n;
+	}).filter((n) => !!n.host) : void 0;
+	const contacts = extractContacts(doc.entities);
+	const statuses = Array.isArray(doc.status) ? doc.status.filter((s) => typeof s === "string").map((s) => ({
+		status: s,
+		raw: s
+	})) : void 0;
+	const secureDNS = doc.secureDNS;
+	const dnssec = secureDNS ? {
+		enabled: !!secureDNS.delegationSigned,
+		dsRecords: Array.isArray(secureDNS.dsData) ? secureDNS.dsData.map((d) => ({
+			keyTag: d.keyTag,
+			algorithm: d.algorithm,
+			digestType: d.digestType,
+			digest: d.digest
+		})) : void 0
+	} : void 0;
+	const events = Array.isArray(doc.events) ? doc.events : [];
+	const byAction = (action) => events.find((e) => typeof e?.eventAction === "string" && e.eventAction.toLowerCase().includes(action));
+	const creationDate = toISO(asDateLike(byAction("registration")?.eventDate) ?? asDateLike(doc.registrationDate));
+	const updatedDate = toISO(asDateLike(byAction("last changed")?.eventDate) ?? asDateLike(doc.lastChangedDate));
+	const expirationDate = toISO(asDateLike(byAction("expiration")?.eventDate) ?? asDateLike(doc.expirationDate));
+	const deletionDate = toISO(asDateLike(byAction("deletion")?.eventDate) ?? asDateLike(doc.deletionDate));
+	const transferLock = !!statuses?.some((s) => /transferprohibited/i.test(s.status));
+	const whoisServer = asString(doc.port43);
+	return {
+		domain: unicodeName || ldhName || inputDomain,
+		tld,
+		isRegistered: true,
+		isIDN: /(^|\.)xn--/i.test(ldhName || inputDomain),
+		unicodeName: unicodeName || void 0,
+		punycodeName: ldhName || void 0,
+		registry: void 0,
+		registrar,
+		reseller: void 0,
+		statuses,
+		creationDate,
+		updatedDate,
+		expirationDate,
+		deletionDate,
+		transferLock,
+		dnssec,
+		nameservers: nameservers ? uniq(nameservers.map((n) => ({
+			...n,
+			host: n.host.toLowerCase()
+		}))) : void 0,
+		contacts,
+		whoisServer,
+		rdapServers: rdapServersTried,
+		rawRdap: includeRaw ? rdap : void 0,
+		rawWhois: void 0,
+		source: "rdap",
+		fetchedAt: fetchedAtISO,
+		warnings: void 0
+	};
+}
+function extractRegistrar(entities) {
+	if (!Array.isArray(entities)) return void 0;
+	for (const ent of entities) {
+		if (!(Array.isArray(ent?.roles) ? ent.roles.filter((r) => typeof r === "string") : []).some((r) => /registrar/i.test(r))) continue;
+		const v = parseVcard(ent?.vcardArray);
+		const ianaId = Array.isArray(ent?.publicIds) ? ent.publicIds.find((id) => /iana\s*registrar\s*id/i.test(String(id?.type)))?.identifier : void 0;
+		return {
+			name: v.fn || v.org || asString(ent?.handle) || void 0,
+			ianaId: asString(ianaId),
+			url: v.url ?? void 0,
+			email: v.email ?? void 0,
+			phone: v.tel ?? void 0
+		};
+	}
+}
+function extractContacts(entities) {
+	if (!Array.isArray(entities)) return void 0;
+	const out = [];
+	for (const ent of entities) {
+		const roles = Array.isArray(ent?.roles) ? ent.roles.filter((r) => typeof r === "string") : [];
+		const v = parseVcard(ent?.vcardArray);
+		const type = roles.find((r) => /registrant|administrative|technical|billing|abuse|reseller/i.test(r));
+		if (!type) continue;
+		const roleKey = {
+			registrant: "registrant",
+			administrative: "admin",
+			technical: "tech",
+			billing: "billing",
+			abuse: "abuse",
+			reseller: "reseller"
+		}[type.toLowerCase()] ?? "unknown";
+		out.push({
+			type: roleKey,
+			name: v.fn,
+			organization: v.org,
+			email: v.email,
+			phone: v.tel,
+			fax: v.fax,
+			street: v.street,
+			city: v.locality,
+			state: v.region,
+			postalCode: v.postcode,
+			country: v.country,
+			countryCode: v.countryCode
+		});
+	}
+	return out.length ? out : void 0;
+}
+function parseVcard(vcardArray) {
+	if (!Array.isArray(vcardArray) || vcardArray[0] !== "vcard" || !Array.isArray(vcardArray[1])) return {};
+	const entries = vcardArray[1];
+	const out = {};
+	for (const e of entries) {
+		const key = e?.[0];
+		const value = e?.[3];
+		if (!key) continue;
+		switch (String(key).toLowerCase()) {
+			case "fn":
+				out.fn = asString(value);
+				break;
+			case "org":
+				out.org = Array.isArray(value) ? value.map((x) => String(x)).join(" ") : asString(value);
+				break;
+			case "email":
+				out.email = asString(value);
+				break;
+			case "tel":
+				out.tel = asString(value);
+				break;
+			case "url":
+				out.url = asString(value);
+				break;
+			case "adr":
+				if (Array.isArray(value)) {
+					out.street = value[2] ? String(value[2]).split(/\n|,\s*/) : void 0;
+					out.locality = asString(value[3]);
+					out.region = asString(value[4]);
+					out.postcode = asString(value[5]);
+					out.country = asString(value[6]);
+				}
+				break;
+		}
+	}
+	return out;
+}
+
+//#endregion
+//#region src/whois/client.ts
+/**
+* Perform a WHOIS query against an RFC 3912 server over TCP 43.
+* Returns the raw text and the server used.
+*/
+async function whoisQuery(server, query, options) {
+	const timeoutMs = options?.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+	const port = 43;
+	const host = server.replace(/^whois:\/\//i, "");
+	const text = await withTimeout(queryTcp(host, port, query, options), timeoutMs, "WHOIS timeout");
+	return {
+		serverQueried: server,
+		text
+	};
+}
+function queryTcp(host, port, query, options) {
+	return new Promise((resolve, reject) => {
+		const socket = createConnection({
+			host,
+			port
+		});
+		let data = "";
+		let done = false;
+		const cleanup = () => {
+			if (done) return;
+			done = true;
+			socket.destroy();
+		};
+		socket.setTimeout((options?.timeoutMs ?? DEFAULT_TIMEOUT_MS) - 1e3, () => {
+			cleanup();
+			reject(/* @__PURE__ */ new Error("WHOIS socket timeout"));
+		});
+		socket.on("error", (err) => {
+			cleanup();
+			reject(err);
+		});
+		socket.on("data", (chunk) => {
+			data += chunk.toString("utf8");
+		});
+		socket.on("end", () => {
+			cleanup();
+			resolve(data);
+		});
+		socket.on("connect", () => {
+			socket.write(`${query}\r\n`);
+		});
+	});
+}
+
+//#endregion
+//#region src/whois/servers.ts
+const WHOIS_TLD_EXCEPTIONS = {
+	com: "whois.verisign-grs.com",
+	net: "whois.verisign-grs.com",
+	org: "whois.publicinterestregistry.org",
+	biz: "whois.nic.biz",
+	name: "whois.nic.name",
+	edu: "whois.educause.edu",
+	gov: "whois.nic.gov",
+	de: "whois.denic.de",
+	jp: "whois.jprs.jp",
+	fr: "whois.nic.fr",
+	it: "whois.nic.it",
+	pl: "whois.dns.pl",
+	nl: "whois.domain-registry.nl",
+	be: "whois.dns.be",
+	se: "whois.iis.se",
+	no: "whois.norid.no",
+	fi: "whois.fi",
+	cz: "whois.nic.cz",
+	es: "whois.nic.es",
+	br: "whois.registro.br",
+	ca: "whois.cira.ca",
+	dk: "whois.punktum.dk",
+	hk: "whois.hkirc.hk",
+	sg: "whois.sgnic.sg",
+	in: "whois.nixiregistry.in",
+	nz: "whois.irs.net.nz",
+	ch: "whois.nic.ch",
+	li: "whois.nic.li",
+	io: "whois.nic.io",
+	ai: "whois.nic.ai",
+	ru: "whois.tcinet.ru",
+	su: "whois.tcinet.ru",
+	us: "whois.nic.us",
+	co: "whois.nic.co",
+	me: "whois.nic.me",
+	tv: "whois.nic.tv",
+	cc: "ccwhois.verisign-grs.com",
+	eu: "whois.eu",
+	au: "whois.auda.org.au",
+	kr: "whois.kr",
+	tw: "whois.twnic.net.tw",
+	uk: "whois.nic.uk",
+	nu: "whois.iis.nu",
+	"xn--p1ai": "whois.tcinet.ru",
+	"uk.com": "whois.centralnic.com",
+	"uk.net": "whois.centralnic.com",
+	"gb.com": "whois.centralnic.com",
+	"gb.net": "whois.centralnic.com",
+	"eu.com": "whois.centralnic.com",
+	"us.com": "whois.centralnic.com",
+	"se.com": "whois.centralnic.com",
+	"de.com": "whois.centralnic.com",
+	"br.com": "whois.centralnic.com",
+	"ru.com": "whois.centralnic.com",
+	"cn.com": "whois.centralnic.com",
+	"sa.com": "whois.centralnic.com",
+	"co.com": "whois.centralnic.com"
+};
+
+//#endregion
+//#region src/whois/discovery.ts
+/**
+* Parse the IANA WHOIS response for a TLD and extract the WHOIS server
+* without crossing line boundaries. Some TLDs (e.g. .np) leave the field
+* blank, in which case this returns undefined.
+*/
+function parseIanaWhoisServer(text) {
+	const fields = [
+		"whois",
+		"refer",
+		"whois server"
+	];
+	const lines = String(text).split(/\r?\n/);
+	for (const field of fields) for (const raw of lines) {
+		const line = raw.trimEnd();
+		const re = new RegExp(`^\\s*${field}\\s*:\\s*(.*?)$`, "i");
+		const m = line.match(re);
+		if (m) {
+			const value = (m[1] || "").trim();
+			if (value) return value;
+		}
+	}
+}
+/**
+* Parse a likely registration information URL from an IANA WHOIS response.
+* Looks at lines like:
+*   remarks: Registration information: http://example.tld
+*   url: https://registry.example
+*/
+function parseIanaRegistrationInfoUrl(text) {
+	const lines = String(text).split(/\r?\n/);
+	for (const raw of lines) {
+		const line = raw.trim();
+		if (!/^\s*(remarks|url|website)\s*:/i.test(line)) continue;
+		const urlMatch = line.match(/https?:\/\/\S+/i);
+		if (urlMatch?.[0]) return urlMatch[0];
+	}
+}
+/** Fetch raw IANA WHOIS text for a TLD (best-effort). */
+async function getIanaWhoisTextForTld(tld, options) {
+	try {
+		return (await whoisQuery("whois.iana.org", tld.toLowerCase(), options)).text;
+	} catch {
+		return;
+	}
+}
+/**
+* Best-effort discovery of the authoritative WHOIS server for a TLD via IANA root DB.
+*/
+async function ianaWhoisServerForTld(tld, options) {
+	const key = tld.toLowerCase();
+	const hint = options?.whoisHints?.[key];
+	if (hint) return normalizeServer(hint);
+	try {
+		const txt = (await whoisQuery("whois.iana.org", key, options)).text;
+		const server = parseIanaWhoisServer(txt);
+		if (server) return normalizeServer(server);
+	} catch {}
+	const exception = WHOIS_TLD_EXCEPTIONS[key];
+	if (exception) return normalizeServer(exception);
+}
+/**
+* Extract registrar referral WHOIS server from a WHOIS response, if present.
+*/
+function extractWhoisReferral(text) {
+	for (const re of [
+		/^Registrar WHOIS Server:\s*(.+)$/im,
+		/^Whois Server:\s*(.+)$/im,
+		/^ReferralServer:\s*whois:\/\/(.+)$/im
+	]) {
+		const m = text.match(re);
+		if (m?.[1]) return m[1].trim();
+	}
+}
+function normalizeServer(server) {
+	return server.replace(/^whois:\/\//i, "").replace(/\/$/, "");
+}
+
+//#endregion
+//#region src/whois/normalize.ts
+/**
+* Convert raw WHOIS text into our normalized DomainRecord.
+* Heuristics cover many gTLD and ccTLD formats; exact fields vary per registry.
+*/
+function normalizeWhois(domain, tld, whoisText, whoisServer, fetchedAtISO, includeRaw = false) {
+	const map = parseKeyValueLines(whoisText);
+	const creationDate = anyValue(map, [
+		"creation date",
+		"created on",
+		"registered on",
+		"domain registration date",
+		"domain create date",
+		"created",
+		"registered",
+		"domain record activated"
+	]);
+	const updatedDate = anyValue(map, [
+		"updated date",
+		"last updated",
+		"last modified",
+		"modified",
+		"domain record last updated"
+	]);
+	const expirationDate = anyValue(map, [
+		"registry expiry date",
+		"registry expiration date",
+		"expiry date",
+		"expiration date",
+		"registrar registration expiration date",
+		"registrar registration expiry date",
+		"registrar expiration date",
+		"registrar expiry date",
+		"domain expires",
+		"paid-till",
+		"expires on",
+		"renewal date"
+	]);
+	const registrar = (() => {
+		const name = anyValue(map, [
+			"registrar",
+			"sponsoring registrar",
+			"registrar name"
+		]);
+		const ianaId = anyValue(map, ["registrar iana id", "iana id"]);
+		const url = anyValue(map, [
+			"registrar url",
+			"url of the registrar",
+			"referrer"
+		]);
+		const abuseEmail = anyValue(map, ["registrar abuse contact email", "abuse contact email"]);
+		const abusePhone = anyValue(map, ["registrar abuse contact phone", "abuse contact phone"]);
+		if (!name && !ianaId && !url && !abuseEmail && !abusePhone) return void 0;
+		return {
+			name: name || void 0,
+			ianaId: ianaId || void 0,
+			url: url || void 0,
+			email: abuseEmail || void 0,
+			phone: abusePhone || void 0
+		};
+	})();
+	const statusLines = map["domain status"] || map.status || [];
+	const statuses = statusLines.length ? statusLines.map((line) => ({
+		status: line.split(/\s+/)[0],
+		raw: line
+	})) : void 0;
+	const nsLines = [
+		...map["name server"] || [],
+		...map.nameserver || [],
+		...map["name servers"] || [],
+		...map.nserver || []
+	];
+	const nameservers = nsLines.length ? uniq(nsLines.map((line) => line.trim()).filter(Boolean).map((line) => {
+		const parts = line.split(/\s+/);
+		const host = parts.shift()?.toLowerCase() || "";
+		const ipv4 = [];
+		const ipv6 = [];
+		for (const p of parts) if (/^\d+\.\d+\.\d+\.\d+$/.test(p)) ipv4.push(p);
+		else if (/^[0-9a-f:]+$/i.test(p)) ipv6.push(p);
+		if (!host) return void 0;
+		const ns = { host };
+		if (ipv4.length) ns.ipv4 = ipv4;
+		if (ipv6.length) ns.ipv6 = ipv6;
+		return ns;
+	}).filter((x) => !!x)) : void 0;
+	const contacts = collectContacts(map);
+	const dnssecRaw = (map.dnssec?.[0] || "").toLowerCase();
+	const dnssec = dnssecRaw ? { enabled: /signed|yes|true/.test(dnssecRaw) } : void 0;
+	const transferLock = !!statuses?.some((s) => /transferprohibited/i.test(s.status));
+	return {
+		domain,
+		tld,
+		isRegistered: !isWhoisAvailable(whoisText),
+		isIDN: /(^|\.)xn--/i.test(domain),
+		unicodeName: void 0,
+		punycodeName: void 0,
+		registry: void 0,
+		registrar,
+		reseller: anyValue(map, ["reseller"]) || void 0,
+		statuses,
+		creationDate: toISO(creationDate || void 0),
+		updatedDate: toISO(updatedDate || void 0),
+		expirationDate: toISO(expirationDate || void 0),
+		deletionDate: void 0,
+		transferLock,
+		dnssec,
+		nameservers,
+		contacts,
+		whoisServer,
+		rdapServers: void 0,
+		rawRdap: void 0,
+		rawWhois: includeRaw ? whoisText : void 0,
+		source: "whois",
+		fetchedAt: fetchedAtISO,
+		warnings: void 0
+	};
+}
+function anyValue(map, keys) {
+	for (const k of keys) {
+		const v = map[k];
+		if (v?.length) return v[0];
+	}
+}
+function collectContacts(map) {
+	const roles = [
+		{
+			role: "registrant",
+			prefix: "registrant"
+		},
+		{
+			role: "admin",
+			prefix: "admin"
+		},
+		{
+			role: "tech",
+			prefix: "tech"
+		},
+		{
+			role: "billing",
+			prefix: "billing"
+		},
+		{
+			role: "abuse",
+			prefix: "abuse"
+		}
+	];
+	const contacts = [];
+	for (const r of roles) {
+		const name = anyValue(map, [
+			`${r.prefix} name`,
+			`${r.prefix} contact name`,
+			`${r.prefix}`
+		]);
+		const org = anyValue(map, [`${r.prefix} organization`, `${r.prefix} org`]);
+		const email = anyValue(map, [
+			`${r.prefix} email`,
+			`${r.prefix} contact email`,
+			`${r.prefix} e-mail`
+		]);
+		const phone = anyValue(map, [
+			`${r.prefix} phone`,
+			`${r.prefix} contact phone`,
+			`${r.prefix} telephone`
+		]);
+		const fax = anyValue(map, [`${r.prefix} fax`, `${r.prefix} facsimile`]);
+		const street = multi(map, [`${r.prefix} street`, `${r.prefix} address`]);
+		const city = anyValue(map, [`${r.prefix} city`]);
+		const state = anyValue(map, [
+			`${r.prefix} state`,
+			`${r.prefix} province`,
+			`${r.prefix} state/province`
+		]);
+		const postalCode = anyValue(map, [
+			`${r.prefix} postal code`,
+			`${r.prefix} postcode`,
+			`${r.prefix} zip`
+		]);
+		const country = anyValue(map, [`${r.prefix} country`]);
+		if (name || org || email || phone || street?.length) contacts.push({
+			type: r.role,
+			name: name || void 0,
+			organization: org || void 0,
+			email: email || void 0,
+			phone: phone || void 0,
+			fax: fax || void 0,
+			street,
+			city: city || void 0,
+			state: state || void 0,
+			postalCode: postalCode || void 0,
+			country: country || void 0
+		});
+	}
+	return contacts.length ? contacts : void 0;
+}
+function multi(map, keys) {
+	for (const k of keys) {
+		const v = map[k];
+		if (v?.length) return v;
+	}
+}
+
+//#endregion
+//#region src/whois/referral.ts
+/**
+* Follow registrar WHOIS referrals up to a configured hop limit.
+* Returns the last successful WHOIS response (best-effort; keeps original on failures).
+*/
+async function followWhoisReferrals(initialServer, domain, opts) {
+	const maxHops = Math.max(0, opts?.maxWhoisReferralHops ?? 2);
+	let current = await whoisQuery(initialServer, domain, opts);
+	if (opts?.followWhoisReferral === false || maxHops === 0) return current;
+	const visited = new Set([normalize(current.serverQueried)]);
+	let hops = 0;
+	while (hops < maxHops) {
+		const next = extractWhoisReferral(current.text);
+		if (!next) break;
+		const normalized = normalize(next);
+		if (visited.has(normalized)) break;
+		visited.add(normalized);
+		try {
+			current = await whoisQuery(next, domain, opts);
+		} catch {
+			break;
+		}
+		hops += 1;
+	}
+	return current;
+}
+function normalize(server) {
+	return server.replace(/^whois:\/\//i, "").toLowerCase();
+}
+
+//#endregion
+//#region src/index.ts
 /**
- * High-level lookup that prefers RDAP and falls back to WHOIS.
- * Ensures a standardized DomainRecord, independent of the source.
- */
-export async function lookupDomain(domain, opts) {
-    try {
-        if (!isLikelyDomain(domain)) {
-            return { ok: false, error: "Input does not look like a domain" };
-        }
-        const { publicSuffix, tld } = getDomainParts(domain);
-        // Avoid non-null assertion: fallback to a stable ISO string if parsing ever fails
-        const now = toISO(new Date()) ?? new Date().toISOString().replace(/\.\d{3}Z$/, "Z");
-        // If WHOIS-only, skip RDAP path
-        if (!opts?.whoisOnly) {
-            const bases = await getRdapBaseUrlsForTld(tld, opts);
-            const tried = [];
-            for (const base of bases) {
-                tried.push(base);
-                try {
-                    const { json } = await fetchRdapDomain(domain, base, opts);
-                    const record = normalizeRdap(domain, tld, json, tried, now, !!opts?.includeRaw);
-                    return { ok: true, record };
-                }
-                catch {
-                    // try next base
-                }
-            }
-            // Some TLDs are not in bootstrap yet; continue to WHOIS fallback unless rdapOnly
-            if (opts?.rdapOnly) {
-                return {
-                    ok: false,
-                    error: `RDAP not available or failed for TLD '${tld}'. Many TLDs do not publish RDAP; try WHOIS fallback (omit rdapOnly).`,
-                };
-            }
-        }
-        // WHOIS fallback path
-        const whoisServer = await ianaWhoisServerForTld(tld, opts);
-        if (!whoisServer) {
-            // Provide a clearer, actionable message
-            const ianaText = await getIanaWhoisTextForTld(tld, opts);
-            const regUrl = ianaText
-                ? parseIanaRegistrationInfoUrl(ianaText)
-                : undefined;
-            const hint = regUrl
-                ? ` See registration info at ${regUrl}.`
-                : "";
-            return {
-                ok: false,
-                error: `No WHOIS server discovered for TLD '${tld}'. This registry may not publish public WHOIS over port 43.${hint}`,
-            };
-        }
-        // Query the TLD server first; if it returns a referral, we follow it below.
-        let res = await whoisQuery(whoisServer, domain, opts);
-        if (opts?.followWhoisReferral !== false) {
-            const referral = extractWhoisReferral(res.text);
-            if (referral && referral.toLowerCase() !== whoisServer.toLowerCase()) {
-                try {
-                    res = await whoisQuery(referral, domain, opts);
-                }
-                catch {
-                    // keep original
-                }
-            }
-        }
-        // If TLD registry returns no match and there was no referral, try multi-label public suffix candidates
-        if (publicSuffix.includes(".") &&
-            /no match|not found/i.test(res.text) &&
-            opts?.followWhoisReferral !== false) {
-            const candidates = [];
-            const ps = publicSuffix.toLowerCase();
-            // Prefer explicit exceptions when known
-            const exception = WHOIS_TLD_EXCEPTIONS[ps];
-            if (exception)
-                candidates.push(exception);
-            for (const server of candidates) {
-                try {
-                    const alt = await whoisQuery(server, domain, opts);
-                    if (alt.text && !/error/i.test(alt.text)) {
-                        res = alt;
-                        break;
-                    }
-                }
-                catch {
-                    // try next
-                }
-            }
-        }
-        const record = normalizeWhois(domain, tld, res.text, res.serverQueried, now, !!opts?.includeRaw);
-        return { ok: true, record };
-    }
-    catch (err) {
-        const message = err instanceof Error ? err.message : String(err);
-        return { ok: false, error: message };
-    }
+* High-level lookup that prefers RDAP and falls back to WHOIS.
+* Ensures a standardized DomainRecord, independent of the source.
+*/
+async function lookupDomain(domain, opts) {
+	try {
+		if (!isLikelyDomain(domain)) return {
+			ok: false,
+			error: "Input does not look like a domain"
+		};
+		const { publicSuffix, tld } = getDomainParts(domain);
+		const now = toISO(/* @__PURE__ */ new Date()) ?? (/* @__PURE__ */ new Date()).toISOString().replace(/\.\d{3}Z$/, "Z");
+		if (!opts?.whoisOnly) {
+			const bases = await getRdapBaseUrlsForTld(tld, opts);
+			const tried = [];
+			for (const base of bases) {
+				tried.push(base);
+				try {
+					const { json } = await fetchRdapDomain(domain, base, opts);
+					const rdapEnriched = await fetchAndMergeRdapRelated(domain, json, opts);
+					return {
+						ok: true,
+						record: normalizeRdap(domain, tld, rdapEnriched.merged, [...tried, ...rdapEnriched.serversTried], now, !!opts?.includeRaw)
+					};
+				} catch {}
+			}
+			if (opts?.rdapOnly) return {
+				ok: false,
+				error: `RDAP not available or failed for TLD '${tld}'. Many TLDs do not publish RDAP; try WHOIS fallback (omit rdapOnly).`
+			};
+		}
+		const whoisServer = await ianaWhoisServerForTld(tld, opts);
+		if (!whoisServer) {
+			const ianaText = await getIanaWhoisTextForTld(tld, opts);
+			const regUrl = ianaText ? parseIanaRegistrationInfoUrl(ianaText) : void 0;
+			const hint = regUrl ? ` See registration info at ${regUrl}.` : "";
+			return {
+				ok: false,
+				error: `No WHOIS server discovered for TLD '${tld}'. This registry may not publish public WHOIS over port 43.${hint}`
+			};
+		}
+		const res = await followWhoisReferrals(whoisServer, domain, opts);
+		if (publicSuffix.includes(".") && /no match|not found/i.test(res.text) && opts?.followWhoisReferral !== false) {
+			const candidates = [];
+			const ps = publicSuffix.toLowerCase();
+			const exception = WHOIS_TLD_EXCEPTIONS[ps];
+			if (exception) candidates.push(exception);
+			for (const server of candidates) try {
+				const alt = await whoisQuery(server, domain, opts);
+				if (alt.text && !/error/i.test(alt.text)) return {
+					ok: true,
+					record: normalizeWhois(domain, tld, alt.text, alt.serverQueried, now, !!opts?.includeRaw)
+				};
+			} catch {}
+		}
+		return {
+			ok: true,
+			record: normalizeWhois(domain, tld, res.text, res.serverQueried, now, !!opts?.includeRaw)
+		};
+	} catch (err) {
+		return {
+			ok: false,
+			error: err instanceof Error ? err.message : String(err)
+		};
+	}
 }
 /** Determine if a domain appears available (not registered).
- * Performs a lookup and resolves to a boolean. Rejects on lookup error. */
-export async function isAvailable(domain, opts) {
-    const res = await lookupDomain(domain, opts);
-    if (!res.ok || !res.record)
-        throw new Error(res.error || "Lookup failed");
-    return res.record.isRegistered === false;
+* Performs a lookup and resolves to a boolean. Rejects on lookup error. */
+async function isAvailable(domain, opts) {
+	const res = await lookupDomain(domain, opts);
+	if (!res.ok || !res.record) throw new Error(res.error || "Lookup failed");
+	return res.record.isRegistered === false;
 }
 /** Determine if a domain appears registered.
- * Performs a lookup and resolves to a boolean. Rejects on lookup error. */
-export async function isRegistered(domain, opts) {
-    const res = await lookupDomain(domain, opts);
-    if (!res.ok || !res.record)
-        throw new Error(res.error || "Lookup failed");
-    return res.record.isRegistered === true;
+* Performs a lookup and resolves to a boolean. Rejects on lookup error. */
+async function isRegistered(domain, opts) {
+	const res = await lookupDomain(domain, opts);
+	if (!res.ok || !res.record) throw new Error(res.error || "Lookup failed");
+	return res.record.isRegistered === true;
 }
+
+//#endregion
+export { isAvailable, isRegistered, lookupDomain };