pompelmi 0.15.1 → 0.16.2

package/dist/types/stream.d.ts

@@ -0,0 +1,10 @@
+import type { ScanReport, YaraMatch } from "./types";
+export type ScanOptions = {
+    maxBytes?: number;
+    timeoutMs?: number;
+    detectMime?: boolean;
+    computeSha256?: boolean;
+    scanChunk?: (chunk: Uint8Array) => Promise<void> | void;
+    scanAll: (bytes: Uint8Array) => Promise<YaraMatch[]>;
+};
+export declare function scanStream(readable: NodeJS.ReadableStream, options: ScanOptions): Promise<ScanReport>;

package/dist/types/types.d.ts

@@ -0,0 +1,48 @@
+/** Shared types for Pompelmi */
+export type Verdict = 'clean' | 'suspicious' | 'malicious';
+export interface YaraMatch {
+    rule: string;
+    namespace?: string;
+    tags?: string[];
+    meta?: Record<string, unknown>;
+}
+export interface Match {
+    rule: string;
+    severity?: 'low' | 'medium' | 'high' | 'critical' | 'suspicious';
+    meta?: Record<string, unknown>;
+}
+export interface FileInfo {
+    name?: string;
+    mimeType?: string;
+    size?: number;
+    sha256?: string;
+}
+export type ScanContext = {
+    filename?: string;
+    mimeType?: string;
+    size?: number;
+};
+export type ScanFn = (input: Uint8Array, ctx?: ScanContext) => Promise<Match[]> | Match[];
+export type Scanner = ScanFn | {
+    name?: string;
+    scan: ScanFn;
+};
+interface BaseReport {
+    verdict: Verdict;
+    matches: YaraMatch[];
+    reasons?: string[];
+    file?: FileInfo;
+    durationMs?: number;
+    error?: string;
+    ok: boolean;
+    truncated?: boolean;
+    timedOut?: boolean;
+    engine?: string;
+}
+export interface NormalScanReport extends BaseReport {
+}
+export interface StreamScanReport extends BaseReport {
+}
+export type ScanReport = NormalScanReport | StreamScanReport;
+export type Uint8ArrayLike = Uint8Array | ArrayBufferView;
+export {};

package/dist/types/verdict.d.ts

@@ -0,0 +1,2 @@
+import type { YaraMatch, Verdict } from './types';
+export declare function mapMatchesToVerdict(matches?: YaraMatch[]): Verdict;

package/dist/types/yara-bridge.d.ts

@@ -0,0 +1,3 @@
+export declare function createScanner(rulesPath?: string): {
+    scan(bytes: Uint8Array): Promise<unknown>;
+};

package/dist/types/zip.d.ts

@@ -0,0 +1,13 @@
+export type ZipBudget = {
+    maxEntries: number;
+    maxDepth: number;
+    maxTotalUncompressed: number;
+    maxPerEntryUncompressed: number;
+    maxCompressionRatio: number;
+};
+export type ZipEntry = {
+    path: string;
+    depth: number;
+    data: Uint8Array;
+};
+export declare function iterateZip(buffer: Uint8Array, budget: ZipBudget, depth?: number): AsyncGenerator<ZipEntry>;

package/package.json

@@ -1,10 +1,9 @@
 {
   "name": "pompelmi",
-  "version": "0.15.1",
+  "version": "0.16.2",
   "description": "RFI-safe file uploads for Node.js — Express/Koa/Next.js middleware with deep ZIP inspection, MIME/size checks, and optional YARA scanning.",
   "main": "./dist/pompelmi.cjs",
   "module": "./dist/pompelmi.esm.js",
-  "types": "./dist/index.d.ts",
   "type": "module",
   "browser": {
     "yara": false,
@@ -12,7 +11,8 @@
   },
   "repository": {
     "type": "git",
-    "url": "https://github.com/pompelmi/pompelmi"
+    "url": "https://github.com/pompelmi/pompelmi.git",
+    "directory": "packages/engine"
   },
   "homepage": "https://pompelmi.github.io/pompelmi/",
   "pnpm": {
@@ -39,53 +39,54 @@
     "predocs:deploy": "npm run docs:build",
     "docs:deploy": "gh-pages -d docs -b gh-pages",
     "yara:check": "node scripts/yara-quick-check-cli.mjs",
-    "build:core": "pnpm -r --filter \"./packages/**\" build && pnpm -w run build"
+    "build:core": "pnpm -r --filter '!./examples/*' --if-present build",
+    "preview": "npm pack --dry-run",
+    "typecheck": "tsc -p tsconfig.json --noEmit || tsc -p tsconfig.build.json --noEmit",
+    "typecheck:strict": "tsc -p tsconfig.strict.json --noEmit",
+    "smoke": "node scripts/smoke.mjs",
+    "test:e2e": "node scripts/e2e.mjs",
+    "repo:doctor": "pnpm install --frozen-lockfile && pnpm -r --if-present build && pnpm -r --if-present test && npm run -s preview || true && node scripts/smoke.mjs && node scripts/e2e.mjs || true",
+    "audit:deps": "depcheck --skip-missing true || true",
+    "audit:code": "knip --reporter compact || true",
+    "audit:exports": "ts-prune -p tsconfig.json || true",
+    "repo:audit": "node scripts/audit.mjs",
+    "pack:check": "node scripts/pack-check.mjs",
+    "pack:list": "pnpm -r --filter \"@pompelmi/*\" --if-present pack --json --dry-run",
+    "pack:strict": "node scripts/pack-check.mjs --strict"
   },
   "license": "MIT",
   "devDependencies": {
-    "@astrojs/mdx": "^4.3.3",
-    "@astrojs/sitemap": "^3.4.2",
-    "@astrojs/starlight": "^0.35.2",
-    "@astrojs/tailwind": "^6.0.2",
-    "@babel/core": "^7.28.0",
-    "@babel/preset-env": "^7.28.0",
-    "@babel/preset-typescript": "^7.27.1",
-    "@rollup/plugin-babel": "^6.0.4",
+    "@biomejs/biome": "^2.2.4",
+    "@pompelmi/core": "workspace:*",
+    "@pompelmi/engine": "workspace:0.16.2-dev.6",
+    "@pompelmi/engine-heuristics": "workspace:^0.1.0",
     "@rollup/plugin-commonjs": "^28.0.6",
     "@rollup/plugin-node-resolve": "^16.0.1",
     "@rollup/plugin-typescript": "^12.1.4",
     "@types/cors": "^2.8.19",
     "@types/express": "^5.0.3",
-    "@types/koa": "^2.15.0",
     "@types/multer": "^2.0.0",
     "@types/node": "^24.3.0",
     "@types/react": "^19.1.8",
-    "@types/react-dom": "^19.1.6",
-    "@types/supertest": "^6.0.3",
     "@types/unzipper": "^0.10.11",
     "@vitest/coverage-v8": "^2",
     "cors": "^2.8.5",
+    "depcheck": "^1.4.7",
     "express": "^5.1.0",
     "gh-pages": "^6.3.0",
+    "knip": "^5.64.0",
     "multer": "^2.0.2",
     "react": "^18.0.0",
-    "react-dom": "^18.0.0",
     "rollup": "^4.x",
-    "rollup-plugin-peer-deps-external": "^2.2.4",
-    "supertest": "^7.0.0",
+    "ts-prune": "^0.10.3",
     "tslib": "^2.8.1",
     "tsup": "^8",
     "tsx": "^4.20.3",
     "typescript": "^5.9.2",
-    "vitest": "2.1.9",
-    "yazl": "^3.3.1"
+    "vitest": "2.1.9"
   },
   "dependencies": {
-    "file-type": "^21.0.0",
-    "libyara-wasm": "^1.2.1",
-    "rollup": "^4.45.1",
-    "wasm-feature-detect": "^1.8.0",
-    "yara": "npm:@automattic/yara@^2.6.0-beta.2"
+    "rollup": "^4.45.1"
   },
   "peerDependencies": {
     "react": "^18.0.0 || ^19.0.0",
@@ -95,14 +96,16 @@
     "@litko/yara-x": "^0.2.1"
   },
   "exports": {
-    ".": {
-      "require": "./dist/pompelmi.cjs",
-      "import": "./dist/pompelmi.esm.js",
-      "types": "./dist/index.d.ts"
-    }
+    ".": {},
+    "./package.json": "./package.json"
   },
   "files": [
-    "dist/"
+    "dist/",
+    "dist",
+    "README.md",
+    "LICENSE*",
+    "package.json",
+    "CHANGELOG*"
   ],
   "keywords": [
     "security",
@@ -134,12 +137,15 @@
     "example": "examples"
   },
   "author": "",
-  "private": false,
-  "workspaces": [
-    "packages/*"
-  ],
   "packageManager": "pnpm@9.12.0",
   "resolutions": {
     "process": "0.11.10"
+  },
+  "sideEffects": false,
+  "engines": {
+    "node": ">=18"
+  },
+  "publishConfig": {
+    "access": "public"
   }
 }