/** * Expand an IPv6 string to its 8 16-bit groups. Accepts `::` shorthand, * embedded IPv4 in the trailing 32 bits (`::ffff:1.2.3.4`), and zone IDs * (stripped). Returns `null` for any malformed input. */ export declare function expandIPv6(addr: string): number[] | null; /** * Returns true if the URL points at an internal/private network or otherwise * unsafe target. Only `http:` and `https:` are accepted; everything else is * blocked outright. */ export declare function isBlockedUrl(url: string): boolean; export interface SafeFetchOptions { timeout: number; headers?: Record; signal?: AbortSignal; /** * A host (hostname + optional port) that is exempt from `isBlockedUrl`. Used * for same-origin asset fetches whose own origin may legitimately be loopback * (dev) or otherwise "private" — the initial host is trusted, but any redirect * that leaves it is still re-validated, closing the open-redirect SSRF where * the app's own origin 30x's to an internal target. */ trustedHost?: string; } /** * Fetch a URL with manual redirect handling. Each hop (including the initial * URL) is run through `isBlockedUrl` before the request is dispatched, so an * allowed origin returning a 30x to an internal IP cannot complete the SSRF. * A hop whose host matches `opts.trustedHost` skips the block check (see * SafeFetchOptions.trustedHost). * * Returns `null` on any failure (block, network error, non-2xx, redirect * limit). The caller treats null as a soft failure and falls back to the * usual missing-asset behaviour. */ export declare function fetchWithRedirectValidation(initialUrl: string, opts: SafeFetchOptions): Promise;