npm - pompelmi - Versions diffs - 0.17.0-dev.37 → 0.18.0 - Mend

pompelmi 0.17.0-dev.37 → 0.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

package/README.md +18 -1
package/package.json +15 -10
package/dist/index.cjs.js +0 -86
package/dist/index.esm.js +0 -82
package/dist/local-file-scanner.cjs.js +0 -3003
package/dist/local-file-scanner.cjs.js.map +0 -1
package/dist/local-file-scanner.esm.js +0 -2997
package/dist/local-file-scanner.esm.js.map +0 -1
package/dist/pompelmi.cjs.js +0 -3279
package/dist/pompelmi.cjs.js.map +0 -1
package/dist/pompelmi.esm.js +0 -3266
package/dist/pompelmi.esm.js.map +0 -1
package/dist/types/browser-index.d.ts +0 -3
package/dist/types/index.d.ts +0 -14
package/dist/types/node/scanDir.d.ts +0 -30
package/dist/types/scan/remote.d.ts +0 -12
package/dist/types/scan.d.ts +0 -12
package/dist/types/useFileScanner.d.ts +0 -15
package/dist/types/validate.d.ts +0 -7
package/dist/types/yara/browser.d.ts +0 -7
package/dist/types/yara/index.d.ts +0 -17
package/dist/types/yara/node.d.ts +0 -2
package/dist/types/yara/remote.d.ts +0 -10

package/README.md CHANGED Viewed

@@ -33,6 +33,7 @@
   <img alt="node" src="https://img.shields.io/badge/node-%3E%3D18-339933?logo=node.js&logoColor=white">
   <img alt="types" src="https://img.shields.io/badge/types-TypeScript-3178C6?logo=typescript&logoColor=white">
   <a href="https://github.com/pompelmi/pompelmi/blob/main/LICENSE"><img alt="license" src="https://img.shields.io/npm/l/pompelmi"></a>
+  <a href="https://securityscorecards.dev/viewer/?uri=github.com/pompelmi/pompelmi"><img alt="OpenSSF Scorecard" src="https://api.securityscorecards.dev/projects/github.com/pompelmi/pompelmi/badge"/></a>
     <a href="https://codecov.io/gh/pompelmi/pompelmi"><img alt="codecov" src="https://codecov.io/gh/pompelmi/pompelmi/branch/main/graph/badge.svg?flag=core"/></a>
   <a href="https://github.com/pompelmi/pompelmi/stargazers"><img alt="GitHub stars" src="https://img.shields.io/github/stars/pompelmi/pompelmi?style=social"></a>
   <a href="https://github.com/pompelmi/pompelmi/actions/workflows/ci-release-publish.yml"><img alt="CI / Release / Publish" src="https://img.shields.io/github/actions/workflow/status/pompelmi/pompelmi/ci-release-publish.yml?branch=main&label=CI%20%2F%20Release%20%2F%20Publish"></a>
@@ -45,6 +46,7 @@
 <p align="center"><a href="https://pompelmi.github.io/pompelmi/">Documentation</a> ·
   <a href="#installation">Install</a> ·
   <a href="#quick-start">Quick‑start</a> ·
+  <a href="#minimal-node-usage">Minimal Node</a> ·
   <a href="#github-action">GitHub Action</a> ·
   <a href="#adapters">Adapters</a> ·
   <a href="#diagrams">Diagrams</a> ·
@@ -65,6 +67,7 @@
 - [Install](#installation)
 - [Quick‑start](#quick-start)
+- [Minimal Node usage](#minimal-node-usage)
 - [GitHub Action](#github-action)
 - [Adapters](#adapters)
 - [Diagrams](#diagrams)
@@ -131,7 +134,6 @@
 ```bash
 # core library
-[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/pompelmi/pompelmi/badge)](https://securityscorecards.dev/viewer/?uri=github.com/pompelmi/pompelmi)
 npm i pompelmi
 # or
 pnpm add pompelmi
@@ -175,6 +177,21 @@ export const scanner = composeScanners(
 );
 ```
+### Minimal Node usage
+```ts
+import { scanFile } from 'pompelmi';
+const res = await scanFile('path/to/file.zip'); // or any file
+console.log(res.verdict); // "clean" | "suspicious" | "malicious"
+```
+> See `examples/scan-one-file.ts` for a runnable script:
+>
+> ```bash
+> pnpm tsx examples/scan-one-file.ts ./path/to/file
+> ```
 ### Express
 ```ts

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "pompelmi",
-  "version": "0.17.0-dev.37",
+  "version": "0.18.0",
   "description": "RFI-safe file uploads for Node.js — Express/Koa/Next.js middleware with deep ZIP inspection, MIME/size checks, and optional YARA scanning.",
   "main": "./dist/pompelmi.cjs",
   "module": "./dist/pompelmi.esm.js",
@@ -35,7 +35,7 @@
   },
   "scripts": {
     "build": "rollup -c",
-    "prepublishOnly": "npm run build",
+    "prepublishOnly": "npm run build && npm run pack:strict",
     "yara:node:smoke": "tsx scripts/yara-node-smoke.ts",
     "yara:int:smoke": "tsx scripts/yara-integration-smoke.ts",
     "dev:remote": "tsx examples/remote-yara-server.ts",
@@ -56,13 +56,14 @@
     "repo:audit": "node scripts/audit.mjs",
     "pack:check": "node scripts/pack-check.mjs",
     "pack:list": "pnpm -r --filter \"@pompelmi/*\" --if-present pack --json --dry-run",
-    "pack:strict": "node scripts/pack-check.mjs --strict"
+    "pack:strict": "node scripts/pack-check.mjs --strict",
+    "clean": "rimraf dist"
   },
   "license": "MIT",
   "devDependencies": {
     "@biomejs/biome": "^2.2.4",
     "@pompelmi/core": "workspace:*",
-    "@pompelmi/engine": "workspace:0.17.0-dev.37-dev.6",
+    "@pompelmi/engine": "workspace:*",
     "@pompelmi/engine-heuristics": "workspace:^0.1.0",
     "@rollup/plugin-commonjs": "^28.0.6",
     "@rollup/plugin-node-resolve": "^16.0.1",
@@ -89,9 +90,6 @@
     "typescript": "^5.9.2",
     "vitest": "2.1.9"
   },
-  "dependencies": {
-    "rollup": "^4.45.1"
-  },
   "peerDependencies": {
     "react": "^18.0.0 || ^19.0.0",
     "react-dom": "^18.0.0 || ^19.0.0"
@@ -100,7 +98,12 @@
     "@litko/yara-x": "^0.2.1"
   },
   "exports": {
-    ".": {},
+    ".": {
+      "import": "./dist/pompelmi.esm.js",
+      "require": "./dist/pompelmi.cjs",
+      "default": "./dist/pompelmi.esm.js",
+      "types": "./dist/types/index.d.ts"
+    },
     "./package.json": "./package.json"
   },
   "files": [
@@ -109,7 +112,8 @@
     "README.md",
     "LICENSE*",
     "package.json",
-    "CHANGELOG*"
+    "CHANGELOG*",
+    "LICENSE"
   ],
   "keywords": [
     "security",
@@ -151,5 +155,6 @@
   },
   "publishConfig": {
     "access": "public"
-  }
+  },
+  "types": "./dist/types/index.d.ts"
 }

package/dist/index.cjs.js DELETED Viewed

@@ -1,86 +0,0 @@
-'use strict';
-var react = require('react');
-/**
- * Reads an array of File objects via FileReader and returns their text.
- */
-async function scanFiles(files) {
-  const readText = file => new Promise((resolve, reject) => {
-    const reader = new FileReader();
-    reader.onload = () => resolve(reader.result);
-    reader.onerror = () => reject(reader.error);
-    reader.readAsText(file);
-  });
-  const results = [];
-  for (const file of files) {
-    const content = await readText(file);
-    results.push({
-      file,
-      content
-    });
-  }
-  return results;
-}
-/**
- * Validates a File by MIME type and size (max 5 MB).
- */
-function validateFile(file) {
-  const maxSize = 5 * 1024 * 1024;
-  const allowedTypes = ['text/plain', 'application/json', 'text/csv'];
-  if (!allowedTypes.includes(file.type)) {
-    return {
-      valid: false,
-      error: 'Unsupported file type'
-    };
-  }
-  if (file.size > maxSize) {
-    return {
-      valid: false,
-      error: 'File too large (max 5 MB)'
-    };
-  }
-  return {
-    valid: true
-  };
-}
-/**
- * React Hook: handles <input type="file" onChange> with validation + scanning.
- */
-function useFileScanner() {
-  const [results, setResults] = react.useState([]);
-  const [errors, setErrors] = react.useState([]);
-  const onChange = react.useCallback(async e => {
-    const fileList = Array.from(e.target.files || []);
-    const good = [];
-    const bad = [];
-    for (const file of fileList) {
-      const {
-        valid,
-        error
-      } = validateFile(file);
-      if (valid) good.push(file);else bad.push({
-        file,
-        error: error
-      });
-    }
-    setErrors(bad);
-    if (good.length) {
-      const scanned = await scanFiles(good);
-      setResults(scanned);
-    } else {
-      setResults([]);
-    }
-  }, []);
-  return {
-    results,
-    errors,
-    onChange
-  };
-}
-exports.scanFiles = scanFiles;
-exports.useFileScanner = useFileScanner;
-exports.validateFile = validateFile;

package/dist/index.esm.js DELETED Viewed

@@ -1,82 +0,0 @@
-import { useState, useCallback } from 'react';
-/**
- * Reads an array of File objects via FileReader and returns their text.
- */
-async function scanFiles(files) {
-  const readText = file => new Promise((resolve, reject) => {
-    const reader = new FileReader();
-    reader.onload = () => resolve(reader.result);
-    reader.onerror = () => reject(reader.error);
-    reader.readAsText(file);
-  });
-  const results = [];
-  for (const file of files) {
-    const content = await readText(file);
-    results.push({
-      file,
-      content
-    });
-  }
-  return results;
-}
-/**
- * Validates a File by MIME type and size (max 5 MB).
- */
-function validateFile(file) {
-  const maxSize = 5 * 1024 * 1024;
-  const allowedTypes = ['text/plain', 'application/json', 'text/csv'];
-  if (!allowedTypes.includes(file.type)) {
-    return {
-      valid: false,
-      error: 'Unsupported file type'
-    };
-  }
-  if (file.size > maxSize) {
-    return {
-      valid: false,
-      error: 'File too large (max 5 MB)'
-    };
-  }
-  return {
-    valid: true
-  };
-}
-/**
- * React Hook: handles <input type="file" onChange> with validation + scanning.
- */
-function useFileScanner() {
-  const [results, setResults] = useState([]);
-  const [errors, setErrors] = useState([]);
-  const onChange = useCallback(async e => {
-    const fileList = Array.from(e.target.files || []);
-    const good = [];
-    const bad = [];
-    for (const file of fileList) {
-      const {
-        valid,
-        error
-      } = validateFile(file);
-      if (valid) good.push(file);else bad.push({
-        file,
-        error: error
-      });
-    }
-    setErrors(bad);
-    if (good.length) {
-      const scanned = await scanFiles(good);
-      setResults(scanned);
-    } else {
-      setResults([]);
-    }
-  }, []);
-  return {
-    results,
-    errors,
-    onChange
-  };
-}
-export { scanFiles, useFileScanner, validateFile };