pompelmi 0.21.0 → 0.22.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +32 -33
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -12,6 +12,7 @@
|
|
|
12
12
|
<a href="https://www.detectionengineering.net/p/det-eng-weekly-issue-124-the-defcon"><img alt="Featured in Detection Engineering Weekly #124" src="https://img.shields.io/badge/featured-Detection%20Engineering%20Weekly-0A84FF?logo=substack"></a>
|
|
13
13
|
<a href="https://nodeweekly.com/issues/594"><img alt="Featured in Node Weekly #594" src="https://img.shields.io/badge/featured-Node%20Weekly%20%23594-FF6600?logo=node.js"></a>
|
|
14
14
|
<a href="https://bytes.dev/archives/429"><img alt="Featured in Bytes #429" src="https://img.shields.io/badge/featured-Bytes%20%23429-111111"></a>
|
|
15
|
+
<a href="https://dev.to/sonotommy/secure-nodejs-file-uploads-in-minutes-with-pompelmi-3jfe"><img alt="Featured on DEV.to" src="https://img.shields.io/badge/featured-DEV.to-0A0A0A?logo=devdotto"></a>
|
|
15
16
|
<br/>
|
|
16
17
|
|
|
17
18
|
</p>
|
|
@@ -25,13 +26,17 @@
|
|
|
25
26
|
<strong>Fast file‑upload malware scanning for Node.js</strong> — optional <strong>YARA</strong> integration, ZIP deep‑inspection, and drop‑in adapters for <em>Express</em>, <em>Koa</em>, and <em>Next.js</em>. Private by design. Typed. Tiny.
|
|
26
27
|
</p>
|
|
27
28
|
|
|
29
|
+
**Keywords:** file upload security · malware detection · YARA · Node.js middleware · Express · Koa · Next.js · ZIP bomb protection
|
|
30
|
+
|
|
28
31
|
|
|
29
32
|
|
|
30
33
|
<p align="center">
|
|
31
34
|
<a href="https://www.npmjs.com/package/pompelmi"><img alt="npm version" src="https://img.shields.io/npm/v/pompelmi?label=version&color=0a7ea4&logo=npm"></a>
|
|
32
35
|
<a href="https://www.npmjs.com/package/pompelmi"><img alt="npm downloads" src="https://img.shields.io/npm/dm/pompelmi?label=downloads&color=6E9F18&logo=npm"></a>
|
|
33
36
|
<a href="https://www.npmjs.com/package/pompelmi"><img alt="npm weekly downloads" src="https://img.shields.io/npm/dw/pompelmi?label=weekly&color=blue&logo=npm"></a>
|
|
37
|
+
<a href="https://www.npmjs.com/package/pompelmi"><img alt="npm total downloads" src="https://img.shields.io/npm/dt/pompelmi?label=total%20downloads&color=success&logo=npm"></a>
|
|
34
38
|
<img alt="npm bundle size" src="https://img.shields.io/bundlephobia/minzip/pompelmi?label=size&color=success">
|
|
39
|
+
<a href="https://snyk.io/test/github/pompelmi/pompelmi"><img alt="Known Vulnerabilities" src="https://snyk.io/test/github/pompelmi/pompelmi/badge.svg"></a>
|
|
35
40
|
</p>
|
|
36
41
|
|
|
37
42
|
<p align="center">
|
|
@@ -51,9 +56,11 @@
|
|
|
51
56
|
<p align="center">
|
|
52
57
|
<a href="https://github.com/pompelmi/pompelmi/stargazers"><img alt="GitHub stars" src="https://img.shields.io/github/stars/pompelmi/pompelmi?style=social"></a>
|
|
53
58
|
<a href="https://github.com/pompelmi/pompelmi/network/members"><img alt="GitHub forks" src="https://img.shields.io/github/forks/pompelmi/pompelmi?style=social"></a>
|
|
59
|
+
<a href="https://github.com/pompelmi/pompelmi/watchers"><img alt="GitHub watchers" src="https://img.shields.io/github/watchers/pompelmi/pompelmi?style=social"></a>
|
|
54
60
|
<a href="https://github.com/pompelmi/pompelmi/issues"><img alt="open issues" src="https://img.shields.io/github/issues/pompelmi/pompelmi?color=orange"></a>
|
|
55
61
|
<img alt="PRs welcome" src="https://img.shields.io/badge/PRs-welcome-brightgreen.svg">
|
|
56
62
|
<a href="https://github.com/pompelmi/pompelmi/commits/main"><img alt="last commit" src="https://img.shields.io/github/last-commit/pompelmi/pompelmi?color=blue"></a>
|
|
63
|
+
<a href="https://github.com/pompelmi/pompelmi/graphs/contributors"><img alt="contributors" src="https://img.shields.io/github/contributors/pompelmi/pompelmi?color=purple"></a>
|
|
57
64
|
</p>
|
|
58
65
|
|
|
59
66
|
<p align="center">
|
|
@@ -80,41 +87,33 @@
|
|
|
80
87
|
|
|
81
88
|
</div>
|
|
82
89
|
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
<h4>🔒 Privacy First</h4>
|
|
87
|
-
All scanning happens in-process. No cloud calls, no data leaks. Your files never leave your infrastructure.
|
|
88
|
-
</td>
|
|
89
|
-
<td width="33%" align="center">
|
|
90
|
-
<h4>⚡ Lightning Fast</h4>
|
|
91
|
-
In-process scanning with zero network latency. Configurable concurrency for high-throughput scenarios.
|
|
92
|
-
</td>
|
|
93
|
-
<td width="33%" align="center">
|
|
94
|
-
<h4>🎨 Developer Friendly</h4>
|
|
95
|
-
TypeScript-first, zero-config defaults, drop-in middleware. Get started in under 5 minutes.
|
|
96
|
-
</td>
|
|
97
|
-
</tr>
|
|
98
|
-
</table>
|
|
90
|
+
| 🔒 Privacy First | ⚡ Lightning Fast | 🎨 Developer Friendly |
|
|
91
|
+
| --- | --- | --- |
|
|
92
|
+
| All scanning happens in-process. No cloud calls, no data leaks. Your files never leave your infrastructure. | In-process scanning with zero network latency. Configurable concurrency for high-throughput scenarios. | TypeScript-first, zero-config defaults, drop-in middleware. Get started in under 5 minutes. |
|
|
99
93
|
|
|
100
94
|
---
|
|
101
95
|
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
- [
|
|
106
|
-
- [
|
|
107
|
-
- [
|
|
108
|
-
- [
|
|
109
|
-
- [
|
|
110
|
-
- [
|
|
111
|
-
- [
|
|
112
|
-
- [
|
|
113
|
-
- [
|
|
114
|
-
- [
|
|
115
|
-
- [
|
|
96
|
+
## Table of Contents
|
|
97
|
+
|
|
98
|
+
- [Overview](#overview)
|
|
99
|
+
- [Highlights](#highlights)
|
|
100
|
+
- [Why pompelmi](#why-pompelmi)
|
|
101
|
+
- [How it compares](#how-it-compares)
|
|
102
|
+
- [What Developers Say](#what-developers-say)
|
|
103
|
+
- [What Makes pompelmi Special](#what-makes-pompelmi-special)
|
|
104
|
+
- [Use Cases](#use-cases)
|
|
105
|
+
- [Installation](#installation)
|
|
106
|
+
- [Quick Start](#quick-start)
|
|
107
|
+
- [Minimal Node usage](#minimal-node-usage)
|
|
108
|
+
- [Express](#express)
|
|
109
|
+
- [Koa](#koa)
|
|
110
|
+
- [Next.js (App Router)](#nextjs-app-router)
|
|
111
|
+
- [Configuration](#configuration)
|
|
112
|
+
- [Security Notes](#security-notes)
|
|
113
|
+
- [Testing & Development](#testing--development)
|
|
116
114
|
- [FAQ](#faq)
|
|
117
|
-
|
|
115
|
+
- [Contributing](#contributing)
|
|
116
|
+
- [License](#license)
|
|
118
117
|
|
|
119
118
|
---
|
|
120
119
|
|
|
@@ -155,7 +154,7 @@ TypeScript-first, zero-config defaults, drop-in middleware. Get started in under
|
|
|
155
154
|
## 🧠 Why pompelmi?
|
|
156
155
|
|
|
157
156
|
- **On‑device, private scanning** – no outbound calls, no data sharing.
|
|
158
|
-
- **Blocks early** – runs
|
|
157
|
+
- **Blocks early** – runs _before_ you write to disk or persist anything.
|
|
159
158
|
- **Fits your stack** – drop‑in adapters for Express, Koa, Next.js (Fastify plugin in alpha).
|
|
160
159
|
- **Defense‑in‑depth** – ZIP traversal limits, ratio caps, server‑side MIME sniffing, size caps.
|
|
161
160
|
- **Pluggable detection** – bring your own engine (e.g., YARA) via a tiny `{ scan(bytes) }` contract.
|
|
@@ -193,7 +192,7 @@ TypeScript-first, zero-config defaults, drop-in middleware. Get started in under
|
|
|
193
192
|
> "The YARA integration is seamless. We went from prototype to production in less than a week."
|
|
194
193
|
> — DevSecOps Engineer
|
|
195
194
|
|
|
196
|
-
|
|
195
|
+
_Want to share your experience? [Open a discussion](https://github.com/pompelmi/pompelmi/discussions)!_
|
|
197
196
|
|
|
198
197
|
---
|
|
199
198
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "pompelmi",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.22.0",
|
|
4
4
|
"description": "RFI-safe file uploads for Node.js — Express/Koa/Next.js middleware with deep ZIP inspection, MIME/size checks, and optional YARA scanning.",
|
|
5
5
|
"main": "./dist/pompelmi.cjs",
|
|
6
6
|
"module": "./dist/pompelmi.esm.js",
|