npm - pompelmi - Versions diffs - 0.30.0 → 0.31.0 - Mend

pompelmi 0.30.0 → 0.31.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/README.md +100 -134
package/package.json +14 -2

package/README.md CHANGED Viewed

@@ -82,13 +82,14 @@
   <a href="https://github.com/pompelmi/pompelmi/network/members"><img alt="GitHub forks" src="https://img.shields.io/github/forks/pompelmi/pompelmi?style=social"></a>
   <a href="https://github.com/pompelmi/pompelmi/watchers"><img alt="GitHub watchers" src="https://img.shields.io/github/watchers/pompelmi/pompelmi?style=social"></a>
   <a href="https://github.com/pompelmi/pompelmi/issues"><img alt="open issues" src="https://img.shields.io/github/issues/pompelmi/pompelmi?color=orange"></a>
+  <a href="https://github.com/sponsors/pompelmi"><img alt="GitHub Sponsors" src="https://img.shields.io/github/sponsors/pompelmi?style=social&label=Sponsor"></a>
 </p>
 <p align="center">
   <strong>
     <a href="https://pompelmi.github.io/pompelmi/">📚 Documentation</a> •
     <a href="#-installation">💾 Install</a> •
-    <a href="#-quick-start">⚡ Quick Start</a> •
+    <a href="#-quickstart">⚡ Quickstart</a> •
     <a href="#-adapters">🧩 Adapters</a> •
     <a href="#-yara-getting-started">🧬 YARA</a> •
     <a href="#-github-action">🤖 CI/CD</a>
@@ -101,6 +102,37 @@
 ---
+## 📦 Installation
+```bash
+npm install pompelmi
+```
+> Node.js 18+ required. No daemon, no cloud API keys, no configuration files needed to get started.
+---
+## ⚡ Quickstart
+Scan a file and act on the result in three lines:
+```ts
+import { scanFile } from 'pompelmi';
+const result = await scanFile('path/to/upload.pdf');
+// result.verdict → "clean" | "suspicious" | "malicious"
+if (result.verdict !== 'clean') {
+  console.error('Blocked:', result.verdict, result.reasons);
+} else {
+  console.log('Safe to process.');
+}
+```
+That's it. No server required, no framework dependency — works standalone in any Node.js script or service.
+---
 ## 🎬 Demo
 ![Pompelmi Demo](./assets/malware-detection-node-demo.gif)
@@ -130,78 +162,29 @@ npm i pompelmi @pompelmi/express-middleware
 ---
-## ⚡ Quick Start
-Get secure file upload scanning running in **under 5 minutes**.
-### Express Integration
-```ts
-import express from 'express';
-import multer from 'multer';
-import { createUploadGuard } from '@pompelmi/express-middleware';
-import { CommonHeuristicsScanner, createZipBombGuard, composeScanners } from 'pompelmi';
-const app = express();
-const upload = multer({ storage: multer.memoryStorage() });
-// Configure your security policy
-const scanner = composeScanners(
-  [
-    ['zipGuard', createZipBombGuard({ maxEntries: 512, maxCompressionRatio: 12 })],
-    ['heuristics', CommonHeuristicsScanner],
-  ],
-  { parallel: false, stopOn: 'suspicious', timeoutMsPerScanner: 1500 }
-);
-app.post('/upload',
-  upload.single('file'),
-  createUploadGuard({
-    includeExtensions: ['pdf', 'zip', 'png', 'jpg'],
-    allowedMimeTypes: ['application/pdf', 'application/zip', 'image/png', 'image/jpeg'],
-    maxFileSizeBytes: 20 * 1024 * 1024, // 20MB
-    scanner,
-    failClosed: true
-  }),
-  (req, res) => {
-    // File is safe - proceed with your logic
-    res.json({ success: true, message: 'File uploaded successfully' });
-  }
-);
-app.listen(3000, () => console.log('🚀 Server running on http://localhost:3000'));
-```
-**Test it:**
-```bash
-curl -X POST http://localhost:3000/upload -F "file=@test.pdf"
-```
-✅ **Done!** Your app now blocks malicious uploads before they hit disk.
-👉 **[Explore full documentation →](https://pompelmi.github.io/pompelmi/)** | **[See more examples →](./examples/)**
----
 ## Table of Contents
-- [Features](#features)
-- [Quick Start](#quick-start)
-- [Why pompelmi](#why-pompelmi)
-- [Use Cases](#use-cases)
-- [Installation](#installation)
-- [Getting Started](#getting-started)
-- [Code Examples](#code-examples)
-- [Adapters](#adapters)
-- [GitHub Action](#github-action)
-- [Configuration](#configuration)
-- [YARA Getting Started](#yara-getting-started)
-- [Security Notes](#security-notes)
-- [Production Checklist](#production-checklist)
-- [Community & Recognition](#community--recognition)
-- [FAQ](#faq)
-- [Contributing](#contributing)
-- [License](#license)
+- [Installation](#-installation)
+- [Quickstart](#-quickstart)
+- [Demo](#-demo)
+- [Features](#-features)
+- [Why pompelmi?](#-why-pompelmi)
+- [Use Cases](#-use-cases)
+- [Getting Started](#-getting-started)
+- [Code Examples](#-code-examples)
+- [Adapters](#-adapters)
+- [GitHub Action](#-github-action)
+- [Diagrams](#️-diagrams)
+- [Configuration](#️-configuration)
+- [Production Checklist](#-production-checklist)
+- [YARA Getting Started](#-yara-getting-started)
+- [Security Notes](#-security-notes)
+- [Releases & Security](#-releases--security)
+- [Community & Recognition](#-community--recognition)
+- [FAQ](#-faq)
+- [Tests & Coverage](#-tests--coverage)
+- [Contributing](#-contributing)
+- [License](#-license)
 ---
@@ -298,71 +281,11 @@ Validate user-generated content uploads (images, videos, documents) before proce
 ---
-## 📦 Installation
-**pompelmi** is a privacy-first Node.js library for local file scanning.
-**Requirements:**
-- Node.js 18+
-- Optional: ClamAV binaries (for signature-based scanning)
-- Optional: YARA libraries (for custom rules)
-<table>
-<tr>
-<td><b>npm</b></td>
-<td><code>npm install pompelmi</code></td>
-</tr>
-<tr>
-<td><b>pnpm</b></td>
-<td><code>pnpm add pompelmi</code></td>
-</tr>
-<tr>
-<td><b>yarn</b></td>
-<td><code>yarn add pompelmi</code></td>
-</tr>
-<tr>
-<td><b>bun</b></td>
-<td><code>bun add pompelmi</code></td>
-</tr>
-</table>
-#### 📦 Framework Adapters
-```bash
-# Express
-npm i @pompelmi/express-middleware
-# Koa
-npm i @pompelmi/koa-middleware
-# Next.js
-npm i @pompelmi/next-upload
-# NestJS
-npm i @pompelmi/nestjs-integration
-# Fastify (alpha)
-npm i @pompelmi/fastify-plugin
-# Standalone CLI
-npm i -g @pompelmi/cli
-```
-> **Note:** Core library works standalone. Install adapters only if using specific frameworks.
----
 ## 🚀 Getting Started
 Get secure file scanning running in under 5 minutes with pompelmi's zero-config defaults.
-### Step 1: Install
-```bash
-npm install pompelmi
-```
-### Step 2: Create Security Policy
+### Step 1: Create Security Policy
 Create a reusable security policy and scanner configuration:
@@ -399,7 +322,7 @@ export const scanner = composeScanners(
 );
 ```
-### Step 3: Choose Your Integration
+### Step 2: Choose Your Integration
 Pick the integration that matches your framework:
@@ -490,7 +413,7 @@ if (result.verdict === 'malicious') {
 }
 ```
-### Step 4: Test It
+### Step 3: Test It
 Upload a test file to verify everything works:
@@ -693,6 +616,28 @@ Use the adapter that matches your web framework. All adapters share the same pol
 | **SvelteKit** | - | 🔜 Planned | Coming soon |
 | **hapi** | - | 🔜 Planned | Coming soon |
+```bash
+# Express
+npm i @pompelmi/express-middleware
+# Koa
+npm i @pompelmi/koa-middleware
+# Next.js
+npm i @pompelmi/next-upload
+# NestJS
+npm i @pompelmi/nestjs-integration
+# Fastify (alpha)
+npm i @pompelmi/fastify-plugin
+# Standalone CLI
+npm i -g @pompelmi/cli
+```
+> **Note:** Core library works standalone. Install adapters only if using a specific framework.
 See the [📘 Code Examples](#-code-examples) section above for integration examples.
 👉 **[View adapter documentation →](https://pompelmi.github.io/pompelmi/)** | **[Browse all examples →](./examples/)**
@@ -1131,6 +1076,7 @@ _Want to share your experience? [Open a discussion](https://github.com/pompelmi/
 - 🐛 **[Issue Tracker](https://github.com/pompelmi/pompelmi/issues)** — Report bugs, request features
 - 🔒 **[Security Policy](https://github.com/pompelmi/pompelmi/security)** — Report security vulnerabilities privately
 - 💼 **Commercial Support** — For enterprise support and consulting, contact the maintainers
+- 💖 **[Sponsor pompelmi](https://github.com/sponsors/pompelmi)** — Support ongoing development via GitHub Sponsors
 **Supported Frameworks:**
 - ✅ Express
@@ -1160,6 +1106,26 @@ Thanks to all the amazing contributors who have helped make pompelmi better!
 ---
+## 💖 Sponsors
+Pompelmi is free and open-source. If it saves you time or helps protect your users, consider supporting its development!
+<p align="center">
+  <a href="https://github.com/sponsors/pompelmi">
+    <img src="https://img.shields.io/badge/Sponsor-pompelmi-EA4AAA?style=for-the-badge&logo=githubsponsors&logoColor=white" alt="Sponsor pompelmi on GitHub" />
+  </a>
+</p>
+Your sponsorship helps fund:
+- 🧬 New detection engine integrations
+- 🧪 Expanded test coverage and CI infrastructure
+- 📚 Documentation and examples
+- 🔒 Security audits and CVE response
+Thank you to all current and future sponsors for keeping this project alive!
+---
 ## ⭐ Star History
 <p align="center">

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "pompelmi",
-  "version": "0.30.0",
+  "version": "0.31.0",
   "description": "Fast, private malware scanner for Node.js file uploads. TypeScript-first library with Express, Koa, Fastify, Next.js & Nuxt/Nitro adapters. Features deep ZIP inspection, YARA integration, ZIP bomb protection, and real-time threat detection. Zero cloud dependencies - scan files in-process before they hit disk. Perfect for GDPR/HIPAA compliance.",
   "main": "./dist/pompelmi.cjs",
   "module": "./dist/pompelmi.esm.js",
@@ -14,6 +14,10 @@
     "url": "https://github.com/pompelmi/pompelmi.git"
   },
   "homepage": "https://pompelmi.github.io/pompelmi/",
+  "funding": {
+    "type": "github",
+    "url": "https://github.com/sponsors/pompelmi"
+  },
   "pnpm": {
     "overrides": {
       "process": "0.11.10",
@@ -53,7 +57,12 @@
       "mdast-util-to-hast@>=13.0.0 <13.2.1": ">=13.2.1",
       "next@>=16.0.0-canary.0 <16.0.7": ">=16.0.7",
       "next@>=16.0.0-beta.0 <16.0.9": ">=16.0.9",
-      "qs@<6.14.1": ">=6.14.1",
+      "qs@<6.14.2": ">=6.14.2",
+      "multer@<2.0.2": ">=2.0.2",
+      "@isaacs/brace-expansion@<=5.0.0": ">=5.0.1",
+      "ajv@<8.18.0": ">=8.18.0",
+      "fastify@<5.7.3": ">=5.7.3",
+      "next@>=16.0.9 <16.1.5": ">=16.1.5",
       "preact@>=10.28.0 <10.28.2": ">=10.28.2",
       "devalue@>=5.1.0 <5.6.2": ">=5.6.2",
       "h3@<=1.15.4": ">=1.15.5",
@@ -65,6 +74,9 @@
   },
   "scripts": {
     "build": "rollup -c",
+    "test": "vitest run --passWithNoTests",
+    "test:coverage": "vitest run --coverage --passWithNoTests",
+    "test:coverage:ci": "vitest run --coverage --reporter=verbose --passWithNoTests",
     "prepublishOnly": "npm run build && npm run pack:strict",
     "yara:node:smoke": "tsx scripts/yara-node-smoke.ts",
     "yara:int:smoke": "tsx scripts/yara-integration-smoke.ts",