npm - pompelmi - Versions diffs - 0.21.0 → 0.23.0 - Mend

pompelmi 0.21.0 → 0.23.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/README.md +103 -33
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -12,6 +12,7 @@
   <a href="https://www.detectionengineering.net/p/det-eng-weekly-issue-124-the-defcon"><img alt="Featured in Detection Engineering Weekly #124" src="https://img.shields.io/badge/featured-Detection%20Engineering%20Weekly-0A84FF?logo=substack"></a>
   <a href="https://nodeweekly.com/issues/594"><img alt="Featured in Node Weekly #594" src="https://img.shields.io/badge/featured-Node%20Weekly%20%23594-FF6600?logo=node.js"></a>
   <a href="https://bytes.dev/archives/429"><img alt="Featured in Bytes #429" src="https://img.shields.io/badge/featured-Bytes%20%23429-111111"></a>
+  <a href="https://dev.to/sonotommy/secure-nodejs-file-uploads-in-minutes-with-pompelmi-3jfe"><img alt="Featured on DEV.to" src="https://img.shields.io/badge/featured-DEV.to-0A0A0A?logo=devdotto"></a>
   <br/>
 </p>
@@ -25,13 +26,17 @@
 <strong>Fast file‑upload malware scanning for Node.js</strong> — optional <strong>YARA</strong> integration, ZIP deep‑inspection, and drop‑in adapters for <em>Express</em>, <em>Koa</em>, and <em>Next.js</em>. Private by design. Typed. Tiny.
 </p>
+**Keywords:** file upload security · malware detection · YARA · Node.js middleware · Express · Koa · Next.js · ZIP bomb protection
 <p align="center">
   <a href="https://www.npmjs.com/package/pompelmi"><img alt="npm version" src="https://img.shields.io/npm/v/pompelmi?label=version&color=0a7ea4&logo=npm"></a>
   <a href="https://www.npmjs.com/package/pompelmi"><img alt="npm downloads" src="https://img.shields.io/npm/dm/pompelmi?label=downloads&color=6E9F18&logo=npm"></a>
   <a href="https://www.npmjs.com/package/pompelmi"><img alt="npm weekly downloads" src="https://img.shields.io/npm/dw/pompelmi?label=weekly&color=blue&logo=npm"></a>
+  <a href="https://www.npmjs.com/package/pompelmi"><img alt="npm total downloads" src="https://img.shields.io/npm/dt/pompelmi?label=total%20downloads&color=success&logo=npm"></a>
   <img alt="npm bundle size" src="https://img.shields.io/bundlephobia/minzip/pompelmi?label=size&color=success">
+  <a href="https://snyk.io/test/github/pompelmi/pompelmi"><img alt="Known Vulnerabilities" src="https://snyk.io/test/github/pompelmi/pompelmi/badge.svg"></a>
 </p>
 <p align="center">
@@ -51,9 +56,11 @@
 <p align="center">
   <a href="https://github.com/pompelmi/pompelmi/stargazers"><img alt="GitHub stars" src="https://img.shields.io/github/stars/pompelmi/pompelmi?style=social"></a>
   <a href="https://github.com/pompelmi/pompelmi/network/members"><img alt="GitHub forks" src="https://img.shields.io/github/forks/pompelmi/pompelmi?style=social"></a>
+  <a href="https://github.com/pompelmi/pompelmi/watchers"><img alt="GitHub watchers" src="https://img.shields.io/github/watchers/pompelmi/pompelmi?style=social"></a>
   <a href="https://github.com/pompelmi/pompelmi/issues"><img alt="open issues" src="https://img.shields.io/github/issues/pompelmi/pompelmi?color=orange"></a>
   <img alt="PRs welcome" src="https://img.shields.io/badge/PRs-welcome-brightgreen.svg">
   <a href="https://github.com/pompelmi/pompelmi/commits/main"><img alt="last commit" src="https://img.shields.io/github/last-commit/pompelmi/pompelmi?color=blue"></a>
+  <a href="https://github.com/pompelmi/pompelmi/graphs/contributors"><img alt="contributors" src="https://img.shields.io/github/contributors/pompelmi/pompelmi?color=purple"></a>
 </p>
 <p align="center">
@@ -80,41 +87,34 @@
 </div>
-<table>
-<tr>
-<td width="33%" align="center">
-<h4>🔒 Privacy First</h4>
-All scanning happens in-process. No cloud calls, no data leaks. Your files never leave your infrastructure.
-</td>
-<td width="33%" align="center">
-<h4>⚡ Lightning Fast</h4>
-In-process scanning with zero network latency. Configurable concurrency for high-throughput scenarios.
-</td>
-<td width="33%" align="center">
-<h4>🎨 Developer Friendly</h4>
-TypeScript-first, zero-config defaults, drop-in middleware. Get started in under 5 minutes.
-</td>
-</tr>
-</table>
+| 🔒 Privacy First | ⚡ Lightning Fast | 🎨 Developer Friendly |
+| --- | --- | --- |
+| All scanning happens in-process. No cloud calls, no data leaks. Your files never leave your infrastructure. | In-process scanning with zero network latency. Configurable concurrency for high-throughput scenarios. | TypeScript-first, zero-config defaults, drop-in middleware. Get started in under 5 minutes. |
 ---
-<details>
-<summary><strong>Table of contents</strong></summary>
-- [Install](#installation)
-- [Quick‑start](#quick-start)
-- [Minimal Node usage](#minimal-node-usage)
-- [GitHub Action](#github-action)
-- [Adapters](#adapters)
-- [Diagrams](#diagrams)
-- [Config](#configuration)
-- [Production checklist](#production-checklist)
-- [YARA](#yara-getting-started)
-- [Quick test](#quick-test-no-eicar)
-- [Security](#security-notes)
+## Table of Contents
+- [Overview](#overview)
+- [Highlights](#highlights)
+- [Why pompelmi](#why-pompelmi)
+- [How it compares](#how-it-compares)
+- [What Developers Say](#what-developers-say)
+- [What Makes pompelmi Special](#what-makes-pompelmi-special)
+- [Use Cases](#use-cases)
+- [Installation](#installation)
+- [Quick Start](#quick-start)
+  - [Minimal Node usage](#minimal-node-usage)
+  - [Express](#express)
+  - [Koa](#koa)
+  - [Next.js (App Router)](#nextjs-app-router)
+- [CLI Tool](#cli-tool)
+- [Configuration](#configuration)
+- [Security Notes](#security-notes)
+- [Testing & Development](#testing--development)
 - [FAQ](#faq)
-</details>
+- [Contributing](#contributing)
+- [License](#license)
 ---
@@ -155,7 +155,7 @@ TypeScript-first, zero-config defaults, drop-in middleware. Get started in under
 ## 🧠 Why pompelmi?
 - **On‑device, private scanning** – no outbound calls, no data sharing.
-- **Blocks early** – runs *before* you write to disk or persist anything.
+- **Blocks early** – runs _before_ you write to disk or persist anything.
 - **Fits your stack** – drop‑in adapters for Express, Koa, Next.js (Fastify plugin in alpha).
 - **Defense‑in‑depth** – ZIP traversal limits, ratio caps, server‑side MIME sniffing, size caps.
 - **Pluggable detection** – bring your own engine (e.g., YARA) via a tiny `{ scan(bytes) }` contract.
@@ -193,7 +193,7 @@ TypeScript-first, zero-config defaults, drop-in middleware. Get started in under
 > "The YARA integration is seamless. We went from prototype to production in less than a week."
 > — DevSecOps Engineer
-*Want to share your experience? [Open a discussion](https://github.com/pompelmi/pompelmi/discussions)!*
+_Want to share your experience? [Open a discussion](https://github.com/pompelmi/pompelmi/discussions)!_
 ---
@@ -391,6 +391,76 @@ export const POST = createNextUploadHandler({ ...policy, scanner });
 ---
+## 🖥️ CLI Tool
+**pompelmi** includes a modern command-line interface for scanning files directly from your terminal. Perfect for CI/CD pipelines, security audits, and local development.
+### Installation
+```bash
+# Install globally
+npm install -g @pompelmi/cli
+# Or use with npx
+npx @pompelmi/cli scan file.pdf
+```
+### Features
+🎨 **Modern Terminal UI** — Emoji-rich interface with progress indicators
+⚡ **Fast Scanning** — Parallel file processing with real-time feedback
+📊 **Detailed Reports** — Human-readable scan summaries with timing
+🎯 **Smart Detection** — Built-in heuristics for common threats
+🛡️ **Safe Defaults** — ZIP bomb protection and file size limits
+### Usage
+```bash
+# Scan a single file
+pompelmi scan document.pdf
+# Scan a directory with progress
+pompelmi scan-dir ./uploads
+# Watch directory for changes
+pompelmi watch ./uploads
+# Get help
+pompelmi --help
+```
+### Example Output
+```
+🛡️ Pompelmi Security Scanner v0.23.0
+📁 Scanning: document.pdf
+🔍 Checking file safety...
+✅ File passed all security checks
+📊 Scan Summary (0.1s)
+• Files scanned: 1
+• Clean: 1 ✅
+• Suspicious: 0 ⚠️
+• Malicious: 0 ❌
+```
+### CI/CD Integration
+Use the CLI in your build pipelines:
+```yaml
+# GitHub Actions
+- name: Security Scan
+  run: npx @pompelmi/cli scan-dir ./dist
+# GitLab CI
+script:
+  - npx @pompelmi/cli scan build.zip
+```
+---
 ## 🤖 GitHub Action
 Run **pompelmi** in CI to scan repository files or built artifacts.

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "pompelmi",
-  "version": "0.21.0",
+  "version": "0.23.0",
   "description": "RFI-safe file uploads for Node.js — Express/Koa/Next.js middleware with deep ZIP inspection, MIME/size checks, and optional YARA scanning.",
   "main": "./dist/pompelmi.cjs",
   "module": "./dist/pompelmi.esm.js",