/** * Live threat-intel feed channel (v5.3). * * Companion to threat-intel.ts. The curated IOC feed ships bundled with every * npm release; this module adds the "same-day protection" path on top: * * 1. `scripts/generate-feed.mjs` publishes the bundled feed as feed.json at * the repo root (committed, served via raw.githubusercontent.com). * 2. `supply-chain-guard feed refresh` (refreshFeed below) downloads that * published feed.json and writes it to the local cache file * `/threat-feed.json` in the exact `{ timestamp, entries }` * shape that loadThreatIntel() already consumes. * 3. Every scan entry point calls loadThreatIntel(), which merges cache * entries younger than 24h over the bundled feed: scanner.ts scan() * feeds the merged list into checkThreatIntel() per file, and the * composer/nuget/rubygems scanners resolve package IOCs against it via * matchPackageIOC(). A refreshed cache therefore extends detection at * scan time without a new npm release. * * Zero-dependency: uses node:https directly (mockable in tests). */ import { type FeedIOC } from "./threat-intel.js"; /** Published feed location: the committed feed.json on the main branch. */ export declare const DEFAULT_FEED_URL = "https://raw.githubusercontent.com/homeofe/supply-chain-guard/main/feed.json"; export interface FeedStats { total: number; byType: Record; bySeverity: Record; } /** * Count feed entries by IOC type and severity. Pure and offline - the CLI * passes getBundledFeed() / loadThreatIntel() output in. */ export declare function feedStats(feed: FeedIOC[]): FeedStats; export interface RefreshResult { /** Number of IOC entries written to the cache. */ entryCount: number; /** Absolute or relative path of the cache file that was written. */ cachePath: string; } /** * Validate a downloaded feed payload. Accepts both the published shape * `{ schema: 1, entries: [...] }` (feed.json) and a raw FeedIOC[] array * (the format the legacy updateThreatFeed() consumed). */ export declare function parseFeedPayload(raw: string): FeedIOC[]; /** * Download the published threat-intel feed and cache it locally in the * `{ timestamp, entries }` shape loadThreatIntel() reads. Entries stay live * for 24h (CACHE_TTL_MS in threat-intel.ts); re-run daily for same-day * protection between npm releases. Never crashes the process on network * failure - callers get a rejected promise with a clear message. */ export declare function refreshFeed(feedUrl?: string, cacheDir?: string): Promise; //# sourceMappingURL=feed.d.ts.map