v2.0.1

changelog.md

@@ -0,0 +1,32 @@
+# Changelog
+
+## 2025-11-22 - 2.0.1 - fix(package.json)
+Pin pnpm packageManager in package.json and remove stale analysis.md
+
+- Add packageManager field to package.json to pin pnpm to pnpm@10.18.1 with integrity hash
+- Remove outdated analysis.md file
+
+## 2025-11-22 - 2.0.0 - BREAKING CHANGE(UrlHaus)
+Rename UrlHouse to UrlHaus (public API change), migrate dev dependencies to @git.zone, bump runtime deps, adjust TS module resolution, and update tests/docs.
+
+- Renamed class/file: urlhouse.ts -> urlhaus.ts and updated export in ts/index.ts — public API class name changed from UrlHouse to UrlHaus (breaking change).
+- Updated tests to use @git.zone/tstest/tapbundle, adjusted test names, and switched to `export default tap.start()` pattern.
+- Migrated devDependencies from @gitzone/* to @git.zone/* and upgraded versions (@git.zone/tsbuild, tsbundle, tsdoc, tsrun, tstest).
+- Bumped several runtime dependencies: @push.rocks/smartfile -> 11.2.7, @push.rocks/smartpath -> 6.0.0, csv-parser -> 3.2.0, https-proxy-agent -> 7.0.6, unzipper -> 0.12.3.
+- Set TypeScript compiler option `module` to `nodenext` to match `moduleResolution: nodenext`.
+- Minor CSV parsing/formatting fixes (mapValues trailing comma, consistent URL sanitization) and cleanup of temporary files after parsing.
+- Expanded README and added readme.hints.md with migration/build/test instructions.
+
+## 2023-07-28 - 1.0.1..1.0.8 - maintenance
+Maintenance releases and internal core updates.
+
+- Published patch releases 1.0.1 through 1.0.8.
+- Contained internal core updates and version bumps; no user-facing feature changes documented.
+- Consolidated minor fixes and housekeeping changes across these builds.
+
+## 2023-08-01 - 1.0.9..1.0.12 - core fixes
+Patch releases with core updates.
+
+- Published patch releases 1.0.9 through 1.0.12.
+- Applied multiple core updates (commit messages: "fix(core): update") and bumped versions.
+- No additional feature work or breaking changes noted.

checkmanually.md

@@ -0,0 +1 @@
+- ./apiclient.xyz/abuse.ch - Uncommitted changes

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@apiclient.xyz/abuse.ch",
-  "version": "1.0.11",
+  "version": "2.0.1",
   "private": false,
   "description": "an unofficial client to retrieve abuse.ch data",
   "main": "dist_ts/index.js",
@@ -14,12 +14,11 @@
     "buildDocs": "(tsdoc)"
   },
   "devDependencies": {
-    "@gitzone/tsbuild": "^2.1.66",
-    "@gitzone/tsbundle": "^2.0.8",
-    "@gitzone/tsdoc": "^1.1.12",
-    "@gitzone/tsrun": "^1.2.44",
-    "@gitzone/tstest": "^1.0.77",
-    "@push.rocks/tapbundle": "^5.0.12",
+    "@git.zone/tsbuild": "^3.1.0",
+    "@git.zone/tsbundle": "^2.5.2",
+    "@git.zone/tsdoc": "^1.9.2",
+    "@git.zone/tsrun": "^2.0.0",
+    "@git.zone/tstest": "^3.1.3",
     "@types/node": "^20.4.5"
   },
   "browserslist": [
@@ -38,11 +37,12 @@
     "readme.md"
   ],
   "dependencies": {
-    "@push.rocks/smartfile": "^10.0.28",
-    "@push.rocks/smartpath": "^5.0.5",
-    "csv-parser": "^3.0.0",
-    "https-proxy-agent": "^7.0.1",
+    "@push.rocks/smartfile": "^11.2.7",
+    "@push.rocks/smartpath": "^6.0.0",
+    "csv-parser": "^3.2.0",
+    "https-proxy-agent": "^7.0.6",
     "node-fetch": "^3.3.2",
-    "unzipper": "^0.10.14"
-  }
+    "unzipper": "^0.12.3"
+  },
+  "packageManager": "pnpm@10.18.1+sha512.77a884a165cbba2d8d1c19e3b4880eee6d2fcabd0d879121e282196b80042351d5eb3ca0935fa599da1dc51265cc68816ad2bddd2a2de5ea9fdf92adbec7cd34"
 }

readme.hints.md

@@ -0,0 +1,78 @@
+# Project Hints
+
+## Overview
+This is an unofficial TypeScript client for accessing abuse.ch threat intelligence APIs, including URLhaus, ThreatFox, and FeodoTracker.
+
+## Recent Changes (2025-11-22)
+
+### Dependency Upgrades
+- **Migrated from @gitzone to @git.zone scope packages**
+  - All dev dependencies now use @git.zone/* scope (the correct new scope)
+  - @git.zone/tsbuild: 3.1.0
+  - @git.zone/tsbundle: 2.5.2
+  - @git.zone/tsdoc: 1.9.2
+  - @git.zone/tsrun: 2.0.0
+  - @git.zone/tstest: 3.1.3
+
+- **Removed @push.rocks/tapbundle**
+  - Now using `import { tap, expect } from '@git.zone/tstest/tapbundle'`
+  - Tests updated to use `export default tap.start()` pattern
+
+- **Updated production dependencies**
+  - @push.rocks/smartfile: 11.2.7 (stayed on v11 to avoid v13 breaking changes)
+  - @push.rocks/smartpath: 6.0.0
+  - csv-parser: 3.2.0
+  - https-proxy-agent: 7.0.6
+  - unzipper: 0.12.3
+
+### TypeScript Configuration
+- Fixed tsconfig.json to use `module: "nodenext"` to match `moduleResolution: "nodenext"`
+- Build command works with `tsbuild --allowimplicitany` (without --web flag to avoid type errors in node_modules)
+
+### File Naming
+- Note: There was a typo in the file naming - originally had `urlhouse.ts`, now correctly named `urlhaus.ts`
+
+## Architecture
+
+### Main Classes
+- **UrlHaus** - Fetches malicious URL data from URLhaus CSV export
+- **ThreatFox** - Fetches IOC data from ThreatFox CSV export
+- **FeodoTracker** - Fetches botnet C&C server data from FeodoTracker JSON API
+
+### Data Flow
+1. Classes fetch data from abuse.ch APIs
+2. For CSV data (URLhaus, ThreatFox): Downloads, extracts from ZIP, parses CSV
+3. For JSON data (FeodoTracker): Direct JSON fetch and parse
+4. Returns typed TypeScript interfaces
+
+### Dependencies
+- **smartfile v11.2.7** - Used for:
+  - `plugins.smartfile.fs.ensureDirSync()` - Create temporary directories
+  - `plugins.smartfile.fs.removeSync()` - Clean up temporary files
+- **smartpath v6.0.0** - Used for:
+  - `plugins.smartpath.get.dirnameFromImportMetaUrl()` - Get package directory from import.meta.url
+- **node-fetch** - HTTP requests to abuse.ch APIs
+- **csv-parser** - Parse CSV data from URLhaus and ThreatFox
+- **unzipper** - Extract downloaded ZIP files
+- **https-proxy-agent** - Proxy support for HTTP requests
+
+## Testing
+- Tests use @git.zone/tstest framework
+- Run with: `pnpm test`
+- Tests verify data retrieval from all three abuse.ch services
+- All tests currently passing ✅
+
+## Build
+- Build with: `pnpm build`
+- Uses @git.zone/tsbuild
+- Outputs to: `dist_ts/`
+- Note: Use without --web flag to avoid type errors in node_modules
+
+## Known Issues
+- None currently
+
+## Important Notes
+- This module accesses free community threat intelligence data
+- Be respectful of abuse.ch resources - avoid excessive polling
+- The module automatically detects and uses HTTP_PROXY/HTTPS_PROXY environment variables
+- All classes return Promises - use async/await

readme.md

@@ -1,37 +1,147 @@
 # @apiclient.xyz/abuse.ch
-an unofficial client to retrieve abuse.ch data
 
-## Availabililty and Links
-* [npmjs.org (npm package)](https://www.npmjs.com/package/@apiclient.xyz/abuse.ch)
-* [gitlab.com (source)](https://gitea.lossless.digital/apiclient.xyz/abuse.ch)
-* [github.com (source mirror)](https://github.com/apiclient.xyz/abuse.ch)
-* [docs (typedoc)](https://apiclient.xyz.gitlab.io/abuse.ch/)
+> 🛡️ Unofficial TypeScript/JavaScript client for retrieving threat intelligence data from abuse.ch
 
-## Status for master
+Access real-time malware URLs, malicious indicators of compromise (IOCs), and botnet C&C servers through a clean, type-safe API.
 
-Status Category | Status Badge
--- | --
-GitLab Pipelines | [![pipeline status](https://gitea.lossless.digital/apiclient.xyz/abuse.ch/badges/master/pipeline.svg)](https://lossless.cloud)
-GitLab Pipline Test Coverage | [![coverage report](https://gitea.lossless.digital/apiclient.xyz/abuse.ch/badges/master/coverage.svg)](https://lossless.cloud)
-npm | [![npm downloads per month](https://badgen.net/npm/dy/@apiclient.xyz/abuse.ch)](https://lossless.cloud)
-Snyk | [![Known Vulnerabilities](https://badgen.net/snyk/apiclient.xyz/abuse.ch)](https://lossless.cloud)
-TypeScript Support | [![TypeScript](https://badgen.net/badge/TypeScript/>=%203.x/blue?icon=typescript)](https://lossless.cloud)
-node Support | [![node](https://img.shields.io/badge/node->=%2010.x.x-blue.svg)](https://nodejs.org/dist/latest-v10.x/docs/api/)
-Code Style | [![Code Style](https://badgen.net/badge/style/prettier/purple)](https://lossless.cloud)
-PackagePhobia (total standalone install weight) | [![PackagePhobia](https://badgen.net/packagephobia/install/@apiclient.xyz/abuse.ch)](https://lossless.cloud)
-PackagePhobia (package size on registry) | [![PackagePhobia](https://badgen.net/packagephobia/publish/@apiclient.xyz/abuse.ch)](https://lossless.cloud)
-BundlePhobia (total size when bundled) | [![BundlePhobia](https://badgen.net/bundlephobia/minzip/@apiclient.xyz/abuse.ch)](https://lossless.cloud)
+## Issue Reporting and Security
+
+For reporting bugs, issues, or security vulnerabilities, please visit [community.foss.global/](https://community.foss.global/). This is the central community hub for all issue reporting. Developers who sign and comply with our contribution agreement and go through identification can also get a [code.foss.global/](https://code.foss.global/) account to submit Pull Requests directly.
+
+## What is abuse.ch?
+
+[abuse.ch](https://abuse.ch/) is a community-driven platform operated by a Swiss security researcher that tracks and shares threat intelligence data. This module provides programmatic access to three key abuse.ch services:
+
+- **URLhaus** - Malware URL distribution database
+- **ThreatFox** - Indicators of Compromise (IOC) sharing platform
+- **FeodoTracker** - Botnet C&C server tracker
+
+## Installation
+
+```bash
+npm install @apiclient.xyz/abuse.ch
+# or
+pnpm install @apiclient.xyz/abuse.ch
+```
 
 ## Usage
 
-Use TypeScript for best in class intellisense
+### URLhaus - Retrieve Malicious URLs
 
-## Contribution
+```typescript
+import { UrlHaus } from '@apiclient.xyz/abuse.ch';
 
-We are always happy for code contributions. If you are not the code contributing type that is ok. Still, maintaining Open Source repositories takes considerable time and thought. If you like the quality of what we do and our modules are useful to you we would appreciate a little monthly contribution: You can [contribute one time](https://lossless.link/contribute-onetime) or [contribute monthly](https://lossless.link/contribute). :)
+const urlHaus = new UrlHaus();
+const maliciousUrls = await urlHaus.getData();
 
-For further information read the linked docs at the top of this readme.
+console.log(maliciousUrls[0]);
+// {
+//   ID: '12345',
+//   Dateadded: '2025-01-15 10:30:00',
+//   URL: 'http://malicious-example.com/malware.exe',
+//   URLStatus: 'online',
+//   Threat: 'malware_download',
+//   AssociatedTags: 'emotet',
+//   UrlHausLink: 'https://urlhaus.abuse.ch/url/12345/',
+//   Reporter: 'abuse_ch'
+// }
+```
 
-## Legal
-> MIT licensed | **©** [Task Venture Capital GmbH](https://task.vc)
-| By using this npm module you agree to our [privacy policy](https://lossless.gmbH/privacy)
+### ThreatFox - Access IOC Data
+
+```typescript
+import { ThreatFox } from '@apiclient.xyz/abuse.ch';
+
+const threatFox = new ThreatFox();
+const iocs = await threatFox.getData();
+
+console.log(iocs[0]);
+// {
+//   ID: '67890',
+//   Dateadded: '2025-01-15 11:45:00',
+//   URL: 'http://c2-server.example.com',
+//   URLStatus: 'online',
+//   Threat: 'botnet_cc',
+//   AssociatedTags: 'mirai',
+//   ThreatFoxLink: 'https://threatfox.abuse.ch/ioc/67890/',
+//   Reporter: 'researcher_name'
+// }
+```
+
+### FeodoTracker - Track Botnet C&C Servers
+
+```typescript
+import { FeodoTracker } from '@apiclient.xyz/abuse.ch';
+
+const feodoTracker = new FeodoTracker();
+const c2servers = await feodoTracker.getData();
+
+console.log(c2servers[0]);
+// {
+//   ip_address: '192.0.2.100',
+//   port: 8080,
+//   status: 'online',
+//   hostname: 'malicious.example.com',
+//   as_number: 12345,
+//   as_name: 'EXAMPLE-AS',
+//   country: 'US',
+//   first_seen: '2025-01-10',
+//   last_online: '2025-01-15',
+//   malware: 'Emotet'
+// }
+```
+
+## TypeScript Support
+
+This module is written in TypeScript and provides full type definitions out of the box. All data structures are properly typed for maximum developer productivity and type safety.
+
+```typescript
+import type {
+  IUrlHausData,
+  IThreatFoxData,
+  IFeodoTrackerData
+} from '@apiclient.xyz/abuse.ch';
+```
+
+## Proxy Support
+
+The client automatically detects and uses proxy settings from your environment variables (`HTTP_PROXY`, `HTTPS_PROXY`) when making requests to abuse.ch APIs.
+
+## Features
+
+✅ **Type-safe** - Full TypeScript support with comprehensive interfaces
+✅ **Modern** - Uses ES modules and async/await patterns
+✅ **Lightweight** - Minimal dependencies, focused functionality
+✅ **Proxy-aware** - Automatic proxy detection and configuration
+✅ **Reliable** - Fetches data directly from official abuse.ch sources
+
+## API Rate Limits
+
+Please be respectful of abuse.ch's resources. The service is provided free of charge by the security community. Avoid excessive polling and cache results when possible.
+
+## Links
+
+- [npm package](https://www.npmjs.com/package/@apiclient.xyz/abuse.ch)
+- [abuse.ch official website](https://abuse.ch/)
+- [URLhaus](https://urlhaus.abuse.ch/)
+- [ThreatFox](https://threatfox.abuse.ch/)
+- [FeodoTracker](https://feodotracker.abuse.ch/)
+
+## License and Legal Information
+
+This repository contains open-source code that is licensed under the MIT License. A copy of the MIT License can be found in the [license](license) file within this repository.
+
+**Please note:** The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file.
+
+### Trademarks
+
+This project is owned and maintained by Task Venture Capital GmbH. The names and logos associated with Task Venture Capital GmbH and any related products or services are trademarks of Task Venture Capital GmbH and are not included within the scope of the MIT license granted herein. Use of these trademarks must comply with Task Venture Capital GmbH's Trademark Guidelines, and any usage must be approved in writing by Task Venture Capital GmbH.
+
+### Company Information
+
+Task Venture Capital GmbH
+Registered at District court Bremen HRB 35230 HB, Germany
+
+For any legal inquiries or if you require further information, please contact us via email at hello@task.vc.
+
+By using this repository, you acknowledge that you have read this section, agree to comply with its terms, and understand that the licensing of the code does not imply endorsement by Task Venture Capital GmbH of any derivative works.

test/test.ts

@@ -1,23 +1,25 @@
-import { expect, expectAsync, tap } from '@push.rocks/tapbundle';
+import { tap, expect } from '@git.zone/tstest/tapbundle';
 import * as abuseCh from '../ts/index.js';
 
-tap.test('should deal with UrlHouse data', async () => {
-  const urlHouse = new abuseCh.UrlHouse();
-  const data = await urlHouse.getData();
+tap.test('should deal with UrlHaus data', async () => {
+  const urlHaus = new abuseCh.UrlHaus();
+  const data = await urlHaus.getData();
   console.log(data.length);
+  console.log(data[100]);
 });
 
-tap.test('should deal with UrlHouse data', async () => {
+tap.test('should deal with ThreatFox data', async () => {
   const threatFox = new abuseCh.ThreatFox();
   const data = await threatFox.getData();
   console.log(data.length);
+  console.log(data[100]);
 });
 
 tap.test('should deal with FeodoTracker data', async () => {
   const feodoTracker = new abuseCh.FeodoTracker();
   const data = await feodoTracker.getData();
   console.log(data.length);
-  console.log(data[1]);
+  console.log(data[100]);
 });
 
-tap.start();
+export default tap.start();

ts/00_commitinfo_data.ts

@@ -1,8 +1,8 @@
 /**
- * autocreated commitinfo by @pushrocks/commitinfo
+ * autocreated commitinfo by @push.rocks/commitinfo
  */
 export const commitinfo = {
   name: '@apiclient.xyz/abuse.ch',
-  version: '1.0.11',
+  version: '2.0.1',
   description: 'an unofficial client to retrieve abuse.ch data'
 }

ts/abuse.ch.classes.threatfox.ts

@@ -57,7 +57,7 @@ export class ThreatFox {
         plugins.fs.createReadStream(csvPath),
         plugins.csv({
           headers: ['ID', 'Dateadded', 'URL', 'URLStatus', 'Threat', 'AssociatedTags', 'ThreatFoxLink', 'Reporter'],
-          mapValues: ({ header, value }) => value.trim()
+          mapValues: ({ header, value }) => value.trim(),
         }),
         (err) => {
           if (err) reject(err);

ts/abuse.ch.classes.urlhaus.ts

@@ -2,7 +2,7 @@ import * as plugins from './plugins.js';
 import * as paths from './paths.js';
 import * as helpers from './helpers.js';
 
-export interface IUrlHouseData {
+export interface IUrlHausData {
   ID: string;
   Dateadded: string;
   URL: string;
@@ -13,15 +13,15 @@ export interface IUrlHouseData {
   Reporter: string;
 }
 
-export class UrlHouse {
+export class UrlHaus {
   private static readonly URLHOUSE_API_URL: string = 'https://urlhaus.abuse.ch/downloads/csv/';
 
-  public async getData(): Promise<IUrlHouseData[]> {
+  public async getData(): Promise<IUrlHausData[]> {
     plugins.smartfile.fs.ensureDirSync(paths.urlHouseTmp);
     const zipPath = plugins.path.join(paths.urlHouseTmp, 'urlhaus.zip');
     const csvPath = plugins.path.join(paths.urlHouseTmp, 'csv.txt');
 
-    const response = await plugins.nodeFetch(UrlHouse.URLHOUSE_API_URL, {
+    const response = await plugins.nodeFetch(UrlHaus.URLHOUSE_API_URL, {
       ...(helpers.findProxy() ? { 
         agent: helpers.getAgent(),
       } : {})
@@ -51,7 +51,7 @@ export class UrlHouse {
       );
     });
 
-    let data: IUrlHouseData[] = [];
+    let data: IUrlHausData[] = [];
     await new Promise((resolve, reject) => {
       plugins.stream.pipeline(
         plugins.fs.createReadStream(csvPath),

ts/index.ts

@@ -1,3 +1,3 @@
 export * from './abuse.ch.classes.feodotracker.js';
 export * from './abuse.ch.classes.threatfox.js';
-export * from './abuse.ch.classes.urlhouse.js';
+export * from './abuse.ch.classes.urlhaus.js';

tsconfig.json

@@ -3,7 +3,7 @@
     "experimentalDecorators": true,
     "useDefineForClassFields": false,
     "target": "ES2022",
-    "module": "ES2022",
+    "module": "nodenext",
     "moduleResolution": "nodenext",
     "esModuleInterop": true,
     "verbatimModuleSyntax": true,