/** * Release artifact deep scanner (v4.2). * * Analyzes GitHub release artifacts for malware indicators: * double extensions, password hints, LNK shortcuts, PE magic bytes, * script droppers, and tag/date mismatches. */ import type { Finding } from "./types.js"; interface ReleaseAssetInfo { name: string; size: number; downloadUrl?: string; contentType?: string; } interface ReleaseInfo { tagName: string; name: string; body: string; createdAt: string; tagDate?: string; assets: ReleaseAssetInfo[]; } /** * Deep-scan release artifacts for malware indicators. */ export declare function scanReleaseArtifacts(releases: ReleaseInfo[]): Finding[]; /** * Check if raw bytes start with PE (MZ) magic header. * Used to detect executables disguised as other file types. */ export declare function hasPEMagic(firstBytes: string): boolean; export {}; //# sourceMappingURL=release-scanner.d.ts.map