@iocium/ioc-diff
    Preparing search index...

    @iocium/ioc-diff

    @iocium/ioc-diff

    npm build codecov npm downloads bundle size types license

    A full-featured, ESM-compatible IOC diffing and normalization library + CLI for InfoSec tooling.

    • โœ… IOC diffing with added, removed, and changed outputs
    • ๐Ÿง  Fuzzy matching support (levenshtein)
    • ๐Ÿ“ฅ Support for multiple formats:
      • Plaintext (.txt)
      • JSON and MISP
      • CSV (with smart header matching)
      • YARA rules (.yara)
      • Sigma rules (.yml / .yaml)
    • ๐Ÿงช TypeScript-native with 100% test coverage
    • ๐Ÿ“ฆ Works in Node.js, Cloudflare Workers, and modern browsers
    • ๐Ÿงผ Built-in validation and deduplication
    • โš™๏ธ CLI and library modes
    npm install @iocium/ioc-diff

    import { diffIOCs, parsePlainIOCs } from '@iocium/ioc-diff';

    const oldList = parsePlainIOCs(['malicious.com', '1.1.1.1']);
    const newList = parsePlainIOCs(['malicious.com', '2.2.2.2']);

    const result = diffIOCs(oldList, newList, {
      matchBy: 'value+type',
      compareTags: true,
      fuzzyMatch: true,
      fuzzyThreshold: 0.9
    });

    console.log(result.added);    // IOCs in new but not old
    console.log(result.removed);  // IOCs in old but not new
    console.log(result.changed);  // Matching IOCs with tag/severity differences

    ioc-diff --old old.csv --new new.csv --old-format csv --new-format csv
    Flag Description
    --old Path to old IOC file
    --new Path to new IOC file
    --old-format Override format detection
    --new-format Override format detection
    --fuzzy Enable fuzzy matching
    --threshold Fuzzy similarity threshold (0โ€“1)
    • plaintext
    • json
    • misp
    • csv
    • yara
    • sigma
    ioc-diff --old iocs_old.txt --new iocs_new.txt
    ioc-diff --old old.json --new new.csv --old-format json --new-format csv
    • Auto-type inference (ip, domain, url, email, sha256, md5)
    • Duplicate suppression by value+type
    • Optional matching by value only (matchBy: 'value')
    • Extensible IOC schema with tags, severity, source
    • Fully typed API with DiffOptions, IOC, and IOCDiffResult
    npm run build
    npm test -- --coverage

    MIT

    PRs welcome! Please write tests and follow ESM-compatible conventions.

    Settings

    Member Visibility

    On This Page

    @iocium/ioc-diff