npm - pompelmi - Versions diffs - 0.34.10 → 0.35.0 - Mend

pompelmi 0.34.10 → 0.35.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (112) hide show

package/README.md +26 -15
package/dist/pompelmi.audit.cjs +13 -15
package/dist/pompelmi.audit.cjs.map +1 -1
package/dist/pompelmi.audit.esm.js +13 -15
package/dist/pompelmi.audit.esm.js.map +1 -1
package/dist/pompelmi.browser.cjs +585 -534
package/dist/pompelmi.browser.cjs.map +1 -1
package/dist/pompelmi.browser.esm.js +585 -534
package/dist/pompelmi.browser.esm.js.map +1 -1
package/dist/pompelmi.cjs +2066 -2016
package/dist/pompelmi.cjs.map +1 -1
package/dist/pompelmi.esm.js +2066 -2016
package/dist/pompelmi.esm.js.map +1 -1
package/dist/pompelmi.hooks.cjs +2 -2
package/dist/pompelmi.hooks.cjs.map +1 -1
package/dist/pompelmi.hooks.esm.js +2 -2
package/dist/pompelmi.hooks.esm.js.map +1 -1
package/dist/pompelmi.policy-packs.cjs +74 -73
package/dist/pompelmi.policy-packs.cjs.map +1 -1
package/dist/pompelmi.policy-packs.esm.js +74 -73
package/dist/pompelmi.policy-packs.esm.js.map +1 -1
package/dist/pompelmi.quarantine.cjs +135 -133
package/dist/pompelmi.quarantine.cjs.map +1 -1
package/dist/pompelmi.quarantine.esm.js +135 -133
package/dist/pompelmi.quarantine.esm.js.map +1 -1
package/dist/pompelmi.react.cjs +585 -534
package/dist/pompelmi.react.cjs.map +1 -1
package/dist/pompelmi.react.esm.js +585 -534
package/dist/pompelmi.react.esm.js.map +1 -1
package/dist/types/audit.d.ts +12 -12
package/dist/types/browser-index.d.ts +12 -12
package/dist/types/config.d.ts +4 -4
package/dist/types/engines/dynamic-taint.d.ts +1 -1
package/dist/types/engines/hybrid-orchestrator.d.ts +1 -1
package/dist/types/engines/hybrid-taint-integration.d.ts +6 -6
package/dist/types/engines/taint-policies.d.ts +4 -4
package/dist/types/hipaa-compliance.d.ts +2 -2
package/dist/types/hooks.d.ts +2 -2
package/dist/types/index.d.ts +20 -20
package/dist/types/node/scanDir.d.ts +5 -5
package/dist/types/policy-packs.d.ts +2 -2
package/dist/types/presets.d.ts +3 -3
package/dist/types/quarantine/index.d.ts +3 -3
package/dist/types/quarantine/storage.d.ts +1 -1
package/dist/types/quarantine/types.d.ts +3 -3
package/dist/types/quarantine/workflow.d.ts +4 -4
package/dist/types/react-index.d.ts +2 -2
package/dist/types/risk.d.ts +1 -1
package/dist/types/scan/remote.d.ts +2 -2
package/dist/types/scan.d.ts +5 -5
package/dist/types/scanners/common-heuristics.d.ts +1 -1
package/dist/types/scanners/zip-bomb-guard.d.ts +1 -1
package/dist/types/src/audit.d.ts +84 -0
package/dist/types/src/browser-index.d.ts +29 -0
package/dist/types/src/config.d.ts +143 -0
package/dist/types/src/engines/dynamic-taint.d.ts +102 -0
package/dist/types/src/engines/hybrid-orchestrator.d.ts +65 -0
package/dist/types/src/engines/hybrid-taint-integration.d.ts +129 -0
package/dist/types/src/engines/taint-policies.d.ts +84 -0
package/dist/types/src/hipaa-compliance.d.ts +110 -0
package/dist/types/src/hooks.d.ts +89 -0
package/dist/types/src/index.d.ts +29 -0
package/dist/types/src/magic.d.ts +7 -0
package/dist/types/src/node/scanDir.d.ts +30 -0
package/dist/types/src/policy-packs.d.ts +98 -0
package/dist/types/src/policy.d.ts +12 -0
package/dist/types/src/presets.d.ts +72 -0
package/dist/types/src/quarantine/index.d.ts +18 -0
package/dist/types/src/quarantine/storage.d.ts +77 -0
package/dist/types/src/quarantine/types.d.ts +78 -0
package/dist/types/src/quarantine/workflow.d.ts +97 -0
package/dist/types/src/react-index.d.ts +13 -0
package/dist/types/src/risk.d.ts +18 -0
package/dist/types/src/scan/remote.d.ts +12 -0
package/dist/types/src/scan.d.ts +17 -0
package/dist/types/src/scanners/common-heuristics.d.ts +14 -0
package/dist/types/src/scanners/zip-bomb-guard.d.ts +9 -0
package/dist/types/src/scanners/zipTraversalGuard.d.ts +19 -0
package/dist/types/src/stream.d.ts +10 -0
package/dist/types/src/types/decompilation.d.ts +96 -0
package/dist/types/src/types/taint-tracking.d.ts +495 -0
package/dist/types/src/types.d.ts +48 -0
package/dist/types/src/useFileScanner.d.ts +15 -0
package/dist/types/src/utils/advanced-detection.d.ts +21 -0
package/dist/types/src/utils/batch-scanner.d.ts +62 -0
package/dist/types/src/utils/cache-manager.d.ts +95 -0
package/dist/types/src/utils/export.d.ts +51 -0
package/dist/types/src/utils/performance-metrics.d.ts +68 -0
package/dist/types/src/utils/threat-intelligence.d.ts +96 -0
package/dist/types/src/validate.d.ts +7 -0
package/dist/types/src/verdict.d.ts +2 -0
package/dist/types/src/yara/browser.d.ts +7 -0
package/dist/types/src/yara/index.d.ts +17 -0
package/dist/types/src/yara/node.d.ts +2 -0
package/dist/types/src/yara/remote.d.ts +10 -0
package/dist/types/src/yara-bridge.d.ts +3 -0
package/dist/types/src/zip.d.ts +13 -0
package/dist/types/types/decompilation.d.ts +4 -4
package/dist/types/types/taint-tracking.d.ts +19 -19
package/dist/types/types.d.ts +3 -3
package/dist/types/useFileScanner.d.ts +1 -1
package/dist/types/utils/advanced-detection.d.ts +1 -1
package/dist/types/utils/batch-scanner.d.ts +3 -3
package/dist/types/utils/cache-manager.d.ts +1 -1
package/dist/types/utils/export.d.ts +2 -2
package/dist/types/utils/threat-intelligence.d.ts +4 -4
package/dist/types/verdict.d.ts +1 -1
package/dist/types/yara/browser.d.ts +1 -1
package/dist/types/yara/index.d.ts +1 -1
package/dist/types/yara/node.d.ts +1 -1
package/dist/types/yara/remote.d.ts +2 -2
package/package.json +6 -6

package/dist/pompelmi.hooks.cjs CHANGED Viewed

@@ -46,7 +46,7 @@ function createScanHooks(hooks) {
  */
 function withHooks(scanFn, hooks) {
     return async (bytes, opts = {}) => {
-        const scanId = typeof crypto !== 'undefined' && 'randomUUID' in crypto
+        const scanId = typeof crypto !== "undefined" && "randomUUID" in crypto
             ? crypto.randomUUID()
             : undefined;
         const startedAt = Date.now();
@@ -63,7 +63,7 @@ function withHooks(scanFn, hooks) {
         const durationMs = Date.now() - startedAt;
         const completeCtx = { ...ctx, durationMs };
         void hooks.onScanComplete?.(completeCtx, report);
-        if (report.verdict === 'suspicious' || report.verdict === 'malicious') {
+        if (report.verdict === "suspicious" || report.verdict === "malicious") {
             void hooks.onThreatDetected?.(completeCtx, report);
         }
         return report;

package/dist/pompelmi.hooks.cjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"pompelmi.hooks.cjs","sources":["~~../~~src/hooks.ts"],"sourcesContent":["/*\n Scan lifecycle hooks for Pompelmi.\n \n Hooks let you observe and react to scan events without modifying the scan\n * pipeline itself. They are the recommended integration point for:\n * - logging / metrics collection\n * - alerting on threats\n * - triggering quarantine automatically\n * - OpenTelemetry span creation\n \n Usage:\n * ```ts\n * import { scanBytes } from 'pompelmi';\n * import { createScanHooks, withHooks } from 'pompelmi/hooks';\n \n const hooks = createScanHooks({\n * onScanComplete(ctx, report) {\n * console.log(ctx.filename, report.verdict, report.durationMs + 'ms');\n * },\n * onThreatDetected(ctx, report) {\n * alertTeam({ file: ctx.filename, verdict: report.verdict });\n * },\n * });\n \n const scan = withHooks(scanBytes, hooks);\n * const report = await scan(bytes, { ctx: { filename: 'upload.zip' } });\n * ```\n \n @module hooks\n /\n\nimport type { ~~ScanContext,~~ ~~ScanReport~~ } from './types';\nimport type { ~~QuarantineEntry~~ } from './~~quarantine/~~types';\n\n// ── Event payloads ────────────────────────────────────────────────────────────\n\nexport interface ScanStartContext extends ScanContext {\n /* Unique identifier for this scan invocation (useful for correlating logs). /\n scanId?: string;\n /* Timestamp when the scan started (ms since epoch). /\n startedAt: number;\n}\n\nexport interface ScanCompleteContext extends ScanStartContext {\n /* Duration of the scan in milliseconds. /\n durationMs: number;\n}\n\n// ── Hook interface ────────────────────────────────────────────────────────────\n\n/\n Callbacks for the scan lifecycle. All hooks are optional.\n \n Hooks MUST NOT throw — wrap logic in try/catch if it can fail.\n * Async hooks are fire-and-forget; they do not block the scan result.\n /\nexport interface ScanHooks {\n /\n Called immediately before a scan begins.\n /\n onScanStart?: (ctx: ScanStartContext) => void \| Promise<void>;\n\n /\n Called when a scan completes successfully (any verdict, including clean).\n /\n onScanComplete?: (ctx: ScanCompleteContext, report: ScanReport) => void \| Promise<void>;\n\n /\n Called when the scan verdict is 'suspicious' or 'malicious'.\n * Fired in addition to `onScanComplete`.\n /\n onThreatDetected?: (ctx: ScanCompleteContext, report: ScanReport) => void \| Promise<void>;\n\n /\n Called when a file has been quarantined.\n * Requires wiring with a `QuarantineManager`; not fired automatically by `scanBytes`.\n /\n onQuarantine?: (entry: QuarantineEntry) => void \| Promise<void>;\n\n /\n Called when a scan throws an unexpected error.\n /\n onScanError?: (ctx: ScanStartContext, error: unknown) => void \| Promise<void>;\n}\n\n// ── Factory ───────────────────────────────────────────────────────────────────\n\n/\n Create a `ScanHooks` object with optional defaults.\n * This is a thin factory — the value of using it is the inline TS types.\n /\nexport function createScanHooks(hooks: ScanHooks): ScanHooks {\n return hooks;\n}\n\n// ── withHooks wrapper ─────────────────────────────────────────────────────────\n\ntype ScanFn = (bytes: Uint8Array, opts?: { ctx?: ScanContext; [k: string]: unknown }) => Promise<ScanReport>;\n\n/\n Wrap a scan function with lifecycle hooks.\n \n Returns a new function with the same signature that fires the hooks\n * around each scan call.\n */\nexport function withHooks(scanFn: ScanFn, hooks: ScanHooks): ScanFn {\n return async (bytes, opts = {}) => {\n const scanId = typeof crypto !== 'undefined' && 'randomUUID' in crypto\n ? (crypto as { randomUUID(): string }).randomUUID()\n : undefined;\n\n const startedAt = Date.now();\n const ctx: ScanStartContext = { ...opts.ctx, scanId, startedAt };\n\n void hooks.onScanStart?.(ctx);\n\n let report: ScanReport;\n try {\n report = await scanFn(bytes, opts);\n } catch (err) {\n void hooks.onScanError?.({ ...ctx }, err);\n throw err;\n }\n\n const durationMs = Date.now() - startedAt;\n const completeCtx: ScanCompleteContext = { ...ctx, durationMs };\n\n void hooks.onScanComplete?.(completeCtx, report);\n\n if (report.verdict === 'suspicious' \|\| report.verdict === 'malicious') {\n void hooks.onThreatDetected?.(completeCtx, report);\n }\n\n return report;\n };\n}\n"],"names":[],"mappings":";;AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6BG;AAwDH;AAEA;;;AAGG;AACG,SAAU,eAAe,CAAC,KAAgB,EAAA;AAC9C,IAAA,OAAO,KAAK;AACd;~~AAMA~~;;;;;AAKG;AACG,SAAU,SAAS,CAAC,MAAc,EAAE,KAAgB,EAAA;IACxD,OAAO,OAAO,KAAK,EAAE,IAAI,GAAG,EAAE,KAAI;QAChC,MAAM,MAAM,~~GAAG~~,OAAO,MAAM,KAAK,WAAW,IAAI,YAAY,IAAI;~~AAC9D~~,cAAG,MAAmC,CAAC,UAAU;cAC/C,SAAS;~~AAEb~~,QAAA,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE;AAC5B,QAAA,MAAM,GAAG,GAAqB,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,EAAE;AAEhE,QAAA,KAAK,KAAK,CAAC,WAAW,GAAG,GAAG,CAAC;AAE7B,QAAA,IAAI,MAAkB;AACtB,QAAA,IAAI;YACF,MAAM,GAAG,MAAM,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC;QACpC;QAAE,OAAO,GAAG,EAAE;AACZ,YAAA,KAAK,KAAK,CAAC,WAAW,GAAG,EAAE,GAAG,GAAG,EAAE,EAAE,GAAG,CAAC;AACzC,YAAA,MAAM,GAAG;QACX;QAEA,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;QACzC,MAAM,WAAW,GAAwB,EAAE,GAAG,GAAG,EAAE,UAAU,EAAE;QAE/D,KAAK,KAAK,CAAC,cAAc,GAAG,WAAW,EAAE,MAAM,CAAC;AAEhD,QAAA,IAAI,MAAM,CAAC,OAAO,KAAK,YAAY,IAAI,MAAM,CAAC,OAAO,KAAK,WAAW,EAAE;YACrE,KAAK,KAAK,CAAC,gBAAgB,GAAG,WAAW,EAAE,MAAM,CAAC;QACpD;AAEA,QAAA,OAAO,MAAM;AACf,IAAA,CAAC;AACH;;;;;"}
1	+ {"version":3,"file":"pompelmi.hooks.cjs","sources":["../../src/hooks.ts"],"sourcesContent":["/*\n Scan lifecycle hooks for Pompelmi.\n \n Hooks let you observe and react to scan events without modifying the scan\n * pipeline itself. They are the recommended integration point for:\n * - logging / metrics collection\n * - alerting on threats\n * - triggering quarantine automatically\n * - OpenTelemetry span creation\n \n Usage:\n * ```ts\n * import { scanBytes } from 'pompelmi';\n * import { createScanHooks, withHooks } from 'pompelmi/hooks';\n \n const hooks = createScanHooks({\n * onScanComplete(ctx, report) {\n * console.log(ctx.filename, report.verdict, report.durationMs + 'ms');\n * },\n * onThreatDetected(ctx, report) {\n * alertTeam({ file: ctx.filename, verdict: report.verdict });\n * },\n * });\n \n const scan = withHooks(scanBytes, hooks);\n * const report = await scan(bytes, { ctx: { filename: 'upload.zip' } });\n * ```\n \n @module hooks\n /\n\nimport type { QuarantineEntry } from \"./quarantine/types\";\nimport type { ScanContext, ScanReport } from \"./types\";\n\n// ── Event payloads ────────────────────────────────────────────────────────────\n\nexport interface ScanStartContext extends ScanContext {\n /* Unique identifier for this scan invocation (useful for correlating logs). /\n scanId?: string;\n /* Timestamp when the scan started (ms since epoch). /\n startedAt: number;\n}\n\nexport interface ScanCompleteContext extends ScanStartContext {\n /* Duration of the scan in milliseconds. /\n durationMs: number;\n}\n\n// ── Hook interface ────────────────────────────────────────────────────────────\n\n/\n Callbacks for the scan lifecycle. All hooks are optional.\n \n Hooks MUST NOT throw — wrap logic in try/catch if it can fail.\n * Async hooks are fire-and-forget; they do not block the scan result.\n /\nexport interface ScanHooks {\n /\n Called immediately before a scan begins.\n /\n onScanStart?: (ctx: ScanStartContext) => void \| Promise<void>;\n\n /\n Called when a scan completes successfully (any verdict, including clean).\n /\n onScanComplete?: (ctx: ScanCompleteContext, report: ScanReport) => void \| Promise<void>;\n\n /\n Called when the scan verdict is 'suspicious' or 'malicious'.\n * Fired in addition to `onScanComplete`.\n /\n onThreatDetected?: (ctx: ScanCompleteContext, report: ScanReport) => void \| Promise<void>;\n\n /\n Called when a file has been quarantined.\n * Requires wiring with a `QuarantineManager`; not fired automatically by `scanBytes`.\n /\n onQuarantine?: (entry: QuarantineEntry) => void \| Promise<void>;\n\n /\n Called when a scan throws an unexpected error.\n /\n onScanError?: (ctx: ScanStartContext, error: unknown) => void \| Promise<void>;\n}\n\n// ── Factory ───────────────────────────────────────────────────────────────────\n\n/\n Create a `ScanHooks` object with optional defaults.\n * This is a thin factory — the value of using it is the inline TS types.\n /\nexport function createScanHooks(hooks: ScanHooks): ScanHooks {\n return hooks;\n}\n\n// ── withHooks wrapper ─────────────────────────────────────────────────────────\n\ntype ScanFn = (\n bytes: Uint8Array,\n opts?: { ctx?: ScanContext; [k: string]: unknown },\n) => Promise<ScanReport>;\n\n/\n Wrap a scan function with lifecycle hooks.\n \n Returns a new function with the same signature that fires the hooks\n * around each scan call.\n */\nexport function withHooks(scanFn: ScanFn, hooks: ScanHooks): ScanFn {\n return async (bytes, opts = {}) => {\n const scanId =\n typeof crypto !== \"undefined\" && \"randomUUID\" in crypto\n ? (crypto as { randomUUID(): string }).randomUUID()\n : undefined;\n\n const startedAt = Date.now();\n const ctx: ScanStartContext = { ...opts.ctx, scanId, startedAt };\n\n void hooks.onScanStart?.(ctx);\n\n let report: ScanReport;\n try {\n report = await scanFn(bytes, opts);\n } catch (err) {\n void hooks.onScanError?.({ ...ctx }, err);\n throw err;\n }\n\n const durationMs = Date.now() - startedAt;\n const completeCtx: ScanCompleteContext = { ...ctx, durationMs };\n\n void hooks.onScanComplete?.(completeCtx, report);\n\n if (report.verdict === \"suspicious\" \|\| report.verdict === \"malicious\") {\n void hooks.onThreatDetected?.(completeCtx, report);\n }\n\n return report;\n };\n}\n"],"names":[],"mappings":";;AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6BG;AAwDH;AAEA;;;AAGG;AACG,SAAU,eAAe,CAAC,KAAgB,EAAA;AAC9C,IAAA,OAAO,KAAK;AACd;AASA;;;;;AAKG;AACG,SAAU,SAAS,CAAC,MAAc,EAAE,KAAgB,EAAA;IACxD,OAAO,OAAO,KAAK,EAAE,IAAI,GAAG,EAAE,KAAI;QAChC,MAAM,MAAM,GACV,OAAO,MAAM,KAAK,WAAW,IAAI,YAAY,IAAI;AAC/C,cAAG,MAAmC,CAAC,UAAU;cAC/C,SAAS;AAEf,QAAA,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE;AAC5B,QAAA,MAAM,GAAG,GAAqB,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,EAAE;AAEhE,QAAA,KAAK,KAAK,CAAC,WAAW,GAAG,GAAG,CAAC;AAE7B,QAAA,IAAI,MAAkB;AACtB,QAAA,IAAI;YACF,MAAM,GAAG,MAAM,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC;QACpC;QAAE,OAAO,GAAG,EAAE;AACZ,YAAA,KAAK,KAAK,CAAC,WAAW,GAAG,EAAE,GAAG,GAAG,EAAE,EAAE,GAAG,CAAC;AACzC,YAAA,MAAM,GAAG;QACX;QAEA,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;QACzC,MAAM,WAAW,GAAwB,EAAE,GAAG,GAAG,EAAE,UAAU,EAAE;QAE/D,KAAK,KAAK,CAAC,cAAc,GAAG,WAAW,EAAE,MAAM,CAAC;AAEhD,QAAA,IAAI,MAAM,CAAC,OAAO,KAAK,YAAY,IAAI,MAAM,CAAC,OAAO,KAAK,WAAW,EAAE;YACrE,KAAK,KAAK,CAAC,gBAAgB,GAAG,WAAW,EAAE,MAAM,CAAC;QACpD;AAEA,QAAA,OAAO,MAAM;AACf,IAAA,CAAC;AACH;;;;;"}

package/dist/pompelmi.hooks.esm.js CHANGED Viewed

@@ -44,7 +44,7 @@ function createScanHooks(hooks) {
  */
 function withHooks(scanFn, hooks) {
     return async (bytes, opts = {}) => {
-        const scanId = typeof crypto !== 'undefined' && 'randomUUID' in crypto
+        const scanId = typeof crypto !== "undefined" && "randomUUID" in crypto
             ? crypto.randomUUID()
             : undefined;
         const startedAt = Date.now();
@@ -61,7 +61,7 @@ function withHooks(scanFn, hooks) {
         const durationMs = Date.now() - startedAt;
         const completeCtx = { ...ctx, durationMs };
         void hooks.onScanComplete?.(completeCtx, report);
-        if (report.verdict === 'suspicious' || report.verdict === 'malicious') {
+        if (report.verdict === "suspicious" || report.verdict === "malicious") {
             void hooks.onThreatDetected?.(completeCtx, report);
         }
         return report;

package/dist/pompelmi.hooks.esm.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"pompelmi.hooks.esm.js","sources":["~~../~~src/hooks.ts"],"sourcesContent":["/*\n Scan lifecycle hooks for Pompelmi.\n \n Hooks let you observe and react to scan events without modifying the scan\n * pipeline itself. They are the recommended integration point for:\n * - logging / metrics collection\n * - alerting on threats\n * - triggering quarantine automatically\n * - OpenTelemetry span creation\n \n Usage:\n * ```ts\n * import { scanBytes } from 'pompelmi';\n * import { createScanHooks, withHooks } from 'pompelmi/hooks';\n \n const hooks = createScanHooks({\n * onScanComplete(ctx, report) {\n * console.log(ctx.filename, report.verdict, report.durationMs + 'ms');\n * },\n * onThreatDetected(ctx, report) {\n * alertTeam({ file: ctx.filename, verdict: report.verdict });\n * },\n * });\n \n const scan = withHooks(scanBytes, hooks);\n * const report = await scan(bytes, { ctx: { filename: 'upload.zip' } });\n * ```\n \n @module hooks\n /\n\nimport type { ~~ScanContext,~~ ~~ScanReport~~ } from './types';\nimport type { ~~QuarantineEntry~~ } from './~~quarantine/~~types';\n\n// ── Event payloads ────────────────────────────────────────────────────────────\n\nexport interface ScanStartContext extends ScanContext {\n /* Unique identifier for this scan invocation (useful for correlating logs). /\n scanId?: string;\n /* Timestamp when the scan started (ms since epoch). /\n startedAt: number;\n}\n\nexport interface ScanCompleteContext extends ScanStartContext {\n /* Duration of the scan in milliseconds. /\n durationMs: number;\n}\n\n// ── Hook interface ────────────────────────────────────────────────────────────\n\n/\n Callbacks for the scan lifecycle. All hooks are optional.\n \n Hooks MUST NOT throw — wrap logic in try/catch if it can fail.\n * Async hooks are fire-and-forget; they do not block the scan result.\n /\nexport interface ScanHooks {\n /\n Called immediately before a scan begins.\n /\n onScanStart?: (ctx: ScanStartContext) => void \| Promise<void>;\n\n /\n Called when a scan completes successfully (any verdict, including clean).\n /\n onScanComplete?: (ctx: ScanCompleteContext, report: ScanReport) => void \| Promise<void>;\n\n /\n Called when the scan verdict is 'suspicious' or 'malicious'.\n * Fired in addition to `onScanComplete`.\n /\n onThreatDetected?: (ctx: ScanCompleteContext, report: ScanReport) => void \| Promise<void>;\n\n /\n Called when a file has been quarantined.\n * Requires wiring with a `QuarantineManager`; not fired automatically by `scanBytes`.\n /\n onQuarantine?: (entry: QuarantineEntry) => void \| Promise<void>;\n\n /\n Called when a scan throws an unexpected error.\n /\n onScanError?: (ctx: ScanStartContext, error: unknown) => void \| Promise<void>;\n}\n\n// ── Factory ───────────────────────────────────────────────────────────────────\n\n/\n Create a `ScanHooks` object with optional defaults.\n * This is a thin factory — the value of using it is the inline TS types.\n /\nexport function createScanHooks(hooks: ScanHooks): ScanHooks {\n return hooks;\n}\n\n// ── withHooks wrapper ─────────────────────────────────────────────────────────\n\ntype ScanFn = (bytes: Uint8Array, opts?: { ctx?: ScanContext; [k: string]: unknown }) => Promise<ScanReport>;\n\n/\n Wrap a scan function with lifecycle hooks.\n \n Returns a new function with the same signature that fires the hooks\n * around each scan call.\n */\nexport function withHooks(scanFn: ScanFn, hooks: ScanHooks): ScanFn {\n return async (bytes, opts = {}) => {\n const scanId = typeof crypto !== 'undefined' && 'randomUUID' in crypto\n ? (crypto as { randomUUID(): string }).randomUUID()\n : undefined;\n\n const startedAt = Date.now();\n const ctx: ScanStartContext = { ...opts.ctx, scanId, startedAt };\n\n void hooks.onScanStart?.(ctx);\n\n let report: ScanReport;\n try {\n report = await scanFn(bytes, opts);\n } catch (err) {\n void hooks.onScanError?.({ ...ctx }, err);\n throw err;\n }\n\n const durationMs = Date.now() - startedAt;\n const completeCtx: ScanCompleteContext = { ...ctx, durationMs };\n\n void hooks.onScanComplete?.(completeCtx, report);\n\n if (report.verdict === 'suspicious' \|\| report.verdict === 'malicious') {\n void hooks.onThreatDetected?.(completeCtx, report);\n }\n\n return report;\n };\n}\n"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6BG;AAwDH;AAEA;;;AAGG;AACG,SAAU,eAAe,CAAC,KAAgB,EAAA;AAC9C,IAAA,OAAO,KAAK;AACd;~~AAMA~~;;;;;AAKG;AACG,SAAU,SAAS,CAAC,MAAc,EAAE,KAAgB,EAAA;IACxD,OAAO,OAAO,KAAK,EAAE,IAAI,GAAG,EAAE,KAAI;QAChC,MAAM,MAAM,~~GAAG~~,OAAO,MAAM,KAAK,WAAW,IAAI,YAAY,IAAI;~~AAC9D~~,cAAG,MAAmC,CAAC,UAAU;cAC/C,SAAS;~~AAEb~~,QAAA,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE;AAC5B,QAAA,MAAM,GAAG,GAAqB,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,EAAE;AAEhE,QAAA,KAAK,KAAK,CAAC,WAAW,GAAG,GAAG,CAAC;AAE7B,QAAA,IAAI,MAAkB;AACtB,QAAA,IAAI;YACF,MAAM,GAAG,MAAM,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC;QACpC;QAAE,OAAO,GAAG,EAAE;AACZ,YAAA,KAAK,KAAK,CAAC,WAAW,GAAG,EAAE,GAAG,GAAG,EAAE,EAAE,GAAG,CAAC;AACzC,YAAA,MAAM,GAAG;QACX;QAEA,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;QACzC,MAAM,WAAW,GAAwB,EAAE,GAAG,GAAG,EAAE,UAAU,EAAE;QAE/D,KAAK,KAAK,CAAC,cAAc,GAAG,WAAW,EAAE,MAAM,CAAC;AAEhD,QAAA,IAAI,MAAM,CAAC,OAAO,KAAK,YAAY,IAAI,MAAM,CAAC,OAAO,KAAK,WAAW,EAAE;YACrE,KAAK,KAAK,CAAC,gBAAgB,GAAG,WAAW,EAAE,MAAM,CAAC;QACpD;AAEA,QAAA,OAAO,MAAM;AACf,IAAA,CAAC;AACH;;;;"}
1	+ {"version":3,"file":"pompelmi.hooks.esm.js","sources":["../../src/hooks.ts"],"sourcesContent":["/*\n Scan lifecycle hooks for Pompelmi.\n \n Hooks let you observe and react to scan events without modifying the scan\n * pipeline itself. They are the recommended integration point for:\n * - logging / metrics collection\n * - alerting on threats\n * - triggering quarantine automatically\n * - OpenTelemetry span creation\n \n Usage:\n * ```ts\n * import { scanBytes } from 'pompelmi';\n * import { createScanHooks, withHooks } from 'pompelmi/hooks';\n \n const hooks = createScanHooks({\n * onScanComplete(ctx, report) {\n * console.log(ctx.filename, report.verdict, report.durationMs + 'ms');\n * },\n * onThreatDetected(ctx, report) {\n * alertTeam({ file: ctx.filename, verdict: report.verdict });\n * },\n * });\n \n const scan = withHooks(scanBytes, hooks);\n * const report = await scan(bytes, { ctx: { filename: 'upload.zip' } });\n * ```\n \n @module hooks\n /\n\nimport type { QuarantineEntry } from \"./quarantine/types\";\nimport type { ScanContext, ScanReport } from \"./types\";\n\n// ── Event payloads ────────────────────────────────────────────────────────────\n\nexport interface ScanStartContext extends ScanContext {\n /* Unique identifier for this scan invocation (useful for correlating logs). /\n scanId?: string;\n /* Timestamp when the scan started (ms since epoch). /\n startedAt: number;\n}\n\nexport interface ScanCompleteContext extends ScanStartContext {\n /* Duration of the scan in milliseconds. /\n durationMs: number;\n}\n\n// ── Hook interface ────────────────────────────────────────────────────────────\n\n/\n Callbacks for the scan lifecycle. All hooks are optional.\n \n Hooks MUST NOT throw — wrap logic in try/catch if it can fail.\n * Async hooks are fire-and-forget; they do not block the scan result.\n /\nexport interface ScanHooks {\n /\n Called immediately before a scan begins.\n /\n onScanStart?: (ctx: ScanStartContext) => void \| Promise<void>;\n\n /\n Called when a scan completes successfully (any verdict, including clean).\n /\n onScanComplete?: (ctx: ScanCompleteContext, report: ScanReport) => void \| Promise<void>;\n\n /\n Called when the scan verdict is 'suspicious' or 'malicious'.\n * Fired in addition to `onScanComplete`.\n /\n onThreatDetected?: (ctx: ScanCompleteContext, report: ScanReport) => void \| Promise<void>;\n\n /\n Called when a file has been quarantined.\n * Requires wiring with a `QuarantineManager`; not fired automatically by `scanBytes`.\n /\n onQuarantine?: (entry: QuarantineEntry) => void \| Promise<void>;\n\n /\n Called when a scan throws an unexpected error.\n /\n onScanError?: (ctx: ScanStartContext, error: unknown) => void \| Promise<void>;\n}\n\n// ── Factory ───────────────────────────────────────────────────────────────────\n\n/\n Create a `ScanHooks` object with optional defaults.\n * This is a thin factory — the value of using it is the inline TS types.\n /\nexport function createScanHooks(hooks: ScanHooks): ScanHooks {\n return hooks;\n}\n\n// ── withHooks wrapper ─────────────────────────────────────────────────────────\n\ntype ScanFn = (\n bytes: Uint8Array,\n opts?: { ctx?: ScanContext; [k: string]: unknown },\n) => Promise<ScanReport>;\n\n/\n Wrap a scan function with lifecycle hooks.\n \n Returns a new function with the same signature that fires the hooks\n * around each scan call.\n */\nexport function withHooks(scanFn: ScanFn, hooks: ScanHooks): ScanFn {\n return async (bytes, opts = {}) => {\n const scanId =\n typeof crypto !== \"undefined\" && \"randomUUID\" in crypto\n ? (crypto as { randomUUID(): string }).randomUUID()\n : undefined;\n\n const startedAt = Date.now();\n const ctx: ScanStartContext = { ...opts.ctx, scanId, startedAt };\n\n void hooks.onScanStart?.(ctx);\n\n let report: ScanReport;\n try {\n report = await scanFn(bytes, opts);\n } catch (err) {\n void hooks.onScanError?.({ ...ctx }, err);\n throw err;\n }\n\n const durationMs = Date.now() - startedAt;\n const completeCtx: ScanCompleteContext = { ...ctx, durationMs };\n\n void hooks.onScanComplete?.(completeCtx, report);\n\n if (report.verdict === \"suspicious\" \|\| report.verdict === \"malicious\") {\n void hooks.onThreatDetected?.(completeCtx, report);\n }\n\n return report;\n };\n}\n"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6BG;AAwDH;AAEA;;;AAGG;AACG,SAAU,eAAe,CAAC,KAAgB,EAAA;AAC9C,IAAA,OAAO,KAAK;AACd;AASA;;;;;AAKG;AACG,SAAU,SAAS,CAAC,MAAc,EAAE,KAAgB,EAAA;IACxD,OAAO,OAAO,KAAK,EAAE,IAAI,GAAG,EAAE,KAAI;QAChC,MAAM,MAAM,GACV,OAAO,MAAM,KAAK,WAAW,IAAI,YAAY,IAAI;AAC/C,cAAG,MAAmC,CAAC,UAAU;cAC/C,SAAS;AAEf,QAAA,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE;AAC5B,QAAA,MAAM,GAAG,GAAqB,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,EAAE;AAEhE,QAAA,KAAK,KAAK,CAAC,WAAW,GAAG,GAAG,CAAC;AAE7B,QAAA,IAAI,MAAkB;AACtB,QAAA,IAAI;YACF,MAAM,GAAG,MAAM,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC;QACpC;QAAE,OAAO,GAAG,EAAE;AACZ,YAAA,KAAK,KAAK,CAAC,WAAW,GAAG,EAAE,GAAG,GAAG,EAAE,EAAE,GAAG,CAAC;AACzC,YAAA,MAAM,GAAG;QACX;QAEA,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;QACzC,MAAM,WAAW,GAAwB,EAAE,GAAG,GAAG,EAAE,UAAU,EAAE;QAE/D,KAAK,KAAK,CAAC,cAAc,GAAG,WAAW,EAAE,MAAM,CAAC;AAEhD,QAAA,IAAI,MAAM,CAAC,OAAO,KAAK,YAAY,IAAI,MAAM,CAAC,OAAO,KAAK,WAAW,EAAE;YACrE,KAAK,KAAK,CAAC,gBAAgB,GAAG,WAAW,EAAE,MAAM,CAAC;QACpD;AAEA,QAAA,OAAO,MAAM;AACf,IAAA,CAAC;AACH;;;;"}

package/dist/pompelmi.policy-packs.cjs CHANGED Viewed

@@ -2,25 +2,25 @@
 const MB$1 = 1024 * 1024;
 const DEFAULT_POLICY = {
-    includeExtensions: ['zip', 'png', 'jpg', 'jpeg', 'pdf'],
-    allowedMimeTypes: ['application/zip', 'image/png', 'image/jpeg', 'application/pdf', 'text/plain'],
+    includeExtensions: ["zip", "png", "jpg", "jpeg", "pdf"],
+    allowedMimeTypes: ["application/zip", "image/png", "image/jpeg", "application/pdf", "text/plain"],
     maxFileSizeBytes: 20 * MB$1,
     timeoutMs: 5000,
     concurrency: 4,
-    failClosed: true
+    failClosed: true,
 };
 function definePolicy(input = {}) {
     const p = { ...DEFAULT_POLICY, ...input };
     if (!Array.isArray(p.includeExtensions))
-        throw new TypeError('includeExtensions must be string[]');
+        throw new TypeError("includeExtensions must be string[]");
     if (!Array.isArray(p.allowedMimeTypes))
-        throw new TypeError('allowedMimeTypes must be string[]');
+        throw new TypeError("allowedMimeTypes must be string[]");
     if (!(Number.isFinite(p.maxFileSizeBytes) && p.maxFileSizeBytes > 0))
-        throw new TypeError('maxFileSizeBytes must be > 0');
+        throw new TypeError("maxFileSizeBytes must be > 0");
     if (!(Number.isFinite(p.timeoutMs) && p.timeoutMs > 0))
-        throw new TypeError('timeoutMs must be > 0');
+        throw new TypeError("timeoutMs must be > 0");
     if (!(Number.isInteger(p.concurrency) && p.concurrency > 0))
-        throw new TypeError('concurrency must be > 0');
+        throw new TypeError("concurrency must be > 0");
     return p;
 }
@@ -64,33 +64,39 @@ const MB = 1024 * KB;
  */
 const DOCUMENTS_ONLY = definePolicy({
     includeExtensions: [
-        'pdf',
-        'doc', 'docx',
-        'xls', 'xlsx',
-        'ppt', 'pptx',
-        'odt', 'ods', 'odp',
-        'csv',
-        'txt',
-        'json',
-        'yaml', 'yml',
-        'md',
+        "pdf",
+        "doc",
+        "docx",
+        "xls",
+        "xlsx",
+        "ppt",
+        "pptx",
+        "odt",
+        "ods",
+        "odp",
+        "csv",
+        "txt",
+        "json",
+        "yaml",
+        "yml",
+        "md",
     ],
     allowedMimeTypes: [
-        'application/pdf',
-        'application/msword',
-        'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
-        'application/vnd.ms-excel',
-        'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
-        'application/vnd.ms-powerpoint',
-        'application/vnd.openxmlformats-officedocument.presentationml.presentation',
-        'application/vnd.oasis.opendocument.text',
-        'application/vnd.oasis.opendocument.spreadsheet',
-        'application/vnd.oasis.opendocument.presentation',
-        'text/csv',
-        'text/plain',
-        'application/json',
-        'text/yaml',
-        'text/markdown',
+        "application/pdf",
+        "application/msword",
+        "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
+        "application/vnd.ms-excel",
+        "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
+        "application/vnd.ms-powerpoint",
+        "application/vnd.openxmlformats-officedocument.presentationml.presentation",
+        "application/vnd.oasis.opendocument.text",
+        "application/vnd.oasis.opendocument.spreadsheet",
+        "application/vnd.oasis.opendocument.presentation",
+        "text/csv",
+        "text/plain",
+        "application/json",
+        "text/yaml",
+        "text/markdown",
     ],
     maxFileSizeBytes: 25 * MB,
     timeoutMs: 10000,
@@ -108,17 +114,17 @@ const DOCUMENTS_ONLY = definePolicy({
  * Note: SVG is intentionally excluded — inline SVGs can contain scripts.
  */
 const IMAGES_ONLY = definePolicy({
-    includeExtensions: ['jpg', 'jpeg', 'png', 'gif', 'webp', 'avif', 'tiff', 'tif', 'bmp', 'ico'],
+    includeExtensions: ["jpg", "jpeg", "png", "gif", "webp", "avif", "tiff", "tif", "bmp", "ico"],
     allowedMimeTypes: [
-        'image/jpeg',
-        'image/png',
-        'image/gif',
-        'image/webp',
-        'image/avif',
-        'image/tiff',
-        'image/bmp',
-        'image/x-icon',
-        'image/vnd.microsoft.icon',
+        "image/jpeg",
+        "image/png",
+        "image/gif",
+        "image/webp",
+        "image/avif",
+        "image/tiff",
+        "image/bmp",
+        "image/x-icon",
+        "image/vnd.microsoft.icon",
     ],
     maxFileSizeBytes: 10 * MB,
     timeoutMs: 5000,
@@ -135,13 +141,8 @@ const IMAGES_ONLY = definePolicy({
  * allowlist.  Only allows plain images and PDF.
  */
 const STRICT_PUBLIC_UPLOAD = definePolicy({
-    includeExtensions: ['jpg', 'jpeg', 'png', 'webp', 'pdf'],
-    allowedMimeTypes: [
-        'image/jpeg',
-        'image/png',
-        'image/webp',
-        'application/pdf',
-    ],
+    includeExtensions: ["jpg", "jpeg", "png", "webp", "pdf"],
+    allowedMimeTypes: ["image/jpeg", "image/png", "image/webp", "application/pdf"],
     maxFileSizeBytes: 5 * MB,
     timeoutMs: 4000,
     concurrency: 2,
@@ -155,16 +156,16 @@ const STRICT_PUBLIC_UPLOAD = definePolicy({
  * shorter timeout than the permissive default.
  */
 const CONSERVATIVE_DEFAULT = definePolicy({
-    includeExtensions: ['zip', 'png', 'jpg', 'jpeg', 'pdf', 'txt', 'csv', 'docx', 'xlsx'],
+    includeExtensions: ["zip", "png", "jpg", "jpeg", "pdf", "txt", "csv", "docx", "xlsx"],
     allowedMimeTypes: [
-        'application/zip',
-        'image/png',
-        'image/jpeg',
-        'application/pdf',
-        'text/plain',
-        'text/csv',
-        'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
-        'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
+        "application/zip",
+        "image/png",
+        "image/jpeg",
+        "application/pdf",
+        "text/plain",
+        "text/csv",
+        "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
+        "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
     ],
     maxFileSizeBytes: 10 * MB,
     timeoutMs: 8000,
@@ -188,15 +189,15 @@ const CONSERVATIVE_DEFAULT = definePolicy({
  * ```
  */
 const ARCHIVES = definePolicy({
-    includeExtensions: ['zip', 'tar', 'gz', 'tgz', 'bz2', 'xz', '7z', 'rar'],
+    includeExtensions: ["zip", "tar", "gz", "tgz", "bz2", "xz", "7z", "rar"],
     allowedMimeTypes: [
-        'application/zip',
-        'application/x-tar',
-        'application/gzip',
-        'application/x-bzip2',
-        'application/x-xz',
-        'application/x-7z-compressed',
-        'application/x-rar-compressed',
+        "application/zip",
+        "application/x-tar",
+        "application/gzip",
+        "application/x-bzip2",
+        "application/x-xz",
+        "application/x-7z-compressed",
+        "application/x-rar-compressed",
     ],
     maxFileSizeBytes: 100 * MB,
     timeoutMs: 30000,
@@ -212,11 +213,11 @@ const ARCHIVES = definePolicy({
  * ```
  */
 const POLICY_PACKS = {
-    'documents-only': DOCUMENTS_ONLY,
-    'images-only': IMAGES_ONLY,
-    'strict-public-upload': STRICT_PUBLIC_UPLOAD,
-    'conservative-default': CONSERVATIVE_DEFAULT,
-    'archives': ARCHIVES,
+    "documents-only": DOCUMENTS_ONLY,
+    "images-only": IMAGES_ONLY,
+    "strict-public-upload": STRICT_PUBLIC_UPLOAD,
+    "conservative-default": CONSERVATIVE_DEFAULT,
+    archives: ARCHIVES,
 };
 /**
  * Look up a policy pack by name.
@@ -225,7 +226,7 @@ const POLICY_PACKS = {
 function getPolicyPack(name) {
     const policy = POLICY_PACKS[name];
     if (!policy)
-        throw new Error(`Unknown policy pack: '${name}'. Valid names: ${Object.keys(POLICY_PACKS).join(', ')}`);
+        throw new Error(`Unknown policy pack: '${name}'. Valid names: ${Object.keys(POLICY_PACKS).join(", ")}`);
     return policy;
 }

package/dist/pompelmi.policy-packs.cjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"pompelmi.policy-packs.cjs","sources":["../src/policy.ts","../src/policy-packs.ts"],"sourcesContent":["export interface Policy {\n includeExtensions: string[];\n allowedMimeTypes: string[];\n maxFileSizeBytes: number;\n timeoutMs: number;\n concurrency: number;\n failClosed: boolean;\n onScanEvent?: (ev: unknown) => void;\n}\nexport type PolicyInput = Partial<Policy>;\n\nconst MB = 1024 * 1024;\n\nexport const DEFAULT_POLICY: Policy = {\n includeExtensions: ['zip','png','jpg','jpeg','pdf'],\n allowedMimeTypes: ['application/zip','image/png','image/jpeg','application/pdf','text/plain'],\n maxFileSizeBytes: 20 * MB,\n timeoutMs: 5000,\n concurrency: 4,\n failClosed: true\n};\n\nexport function definePolicy(input: PolicyInput = {}): Policy {\n const p: Policy = { ...DEFAULT_POLICY, ...input };\n if (!Array.isArray(p.includeExtensions)) throw new TypeError('includeExtensions must be string[]');\n if (!Array.isArray(p.allowedMimeTypes)) throw new TypeError('allowedMimeTypes must be string[]');\n if (!(Number.isFinite(p.maxFileSizeBytes) && p.maxFileSizeBytes > 0)) throw new TypeError('maxFileSizeBytes must be > 0');\n if (!(Number.isFinite(p.timeoutMs) && p.timeoutMs > 0)) throw new TypeError('timeoutMs must be > 0');\n if (!(Number.isInteger(p.concurrency) && p.concurrency > 0)) throw new TypeError('concurrency must be > 0');\n return p;\n}\n","/*\n Policy packs for Pompelmi.\n \n Pre-configured, named policies for common upload scenarios. Each pack\n * defines the file type allowlist, size limits, and timeout appropriate for\n * its use case.\n \n All packs are built on `definePolicy` and are fully overridable:\n \n ```ts\n * import { POLICY_PACKS } from 'pompelmi/policy-packs';\n \n // Use a pack as-is:\n * const policy = POLICY_PACKS['images-only'];\n \n // Or override individual fields:\n * import { definePolicy } from 'pompelmi';\n * const custom = definePolicy({ ...POLICY_PACKS['documents-only'], maxFileSizeBytes: 5 * 1024 * 1024 });\n * ```\n \n These packs are deterministic and descriptor-based — they do not\n * depend on any external threat intelligence feed.\n \n @module policy-packs\n /\n\nimport { definePolicy, type Policy } from './policy';\n\nconst KB = 1024;\nconst MB = 1024 KB;\n\n// ── Policy packs ──────────────────────────────────────────────────────────────\n\n/*\n Documents-only policy.\n \n Appropriate for: document management APIs, PDF/Office file upload endpoints,\n * data import pipelines.\n \n Allowed: PDF, Word (.docx/.doc), Excel (.xlsx/.xls), PowerPoint (.pptx/.ppt),\n * CSV, plain text, JSON, YAML, ODT/ODS/ODP (OpenDocument).\n * Max size: 25 MB.\n /\nexport const DOCUMENTS_ONLY: Policy = definePolicy({\n includeExtensions: [\n 'pdf',\n 'doc', 'docx',\n 'xls', 'xlsx',\n 'ppt', 'pptx',\n 'odt', 'ods', 'odp',\n 'csv',\n 'txt',\n 'json',\n 'yaml', 'yml',\n 'md',\n ],\n allowedMimeTypes: [\n 'application/pdf',\n 'application/msword',\n 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',\n 'application/vnd.ms-excel',\n 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',\n 'application/vnd.ms-powerpoint',\n 'application/vnd.openxmlformats-officedocument.presentationml.presentation',\n 'application/vnd.oasis.opendocument.text',\n 'application/vnd.oasis.opendocument.spreadsheet',\n 'application/vnd.oasis.opendocument.presentation',\n 'text/csv',\n 'text/plain',\n 'application/json',\n 'text/yaml',\n 'text/markdown',\n ],\n maxFileSizeBytes: 25 MB,\n timeoutMs: 10_000,\n concurrency: 4,\n failClosed: true,\n});\n\n/*\n Images-only policy.\n \n Appropriate for: avatar uploads, product image APIs, content platforms with\n * user-generated imagery.\n \n Allowed: JPEG, PNG, GIF, WebP, AVIF, TIFF, BMP, ICO.\n * Max size: 10 MB.\n * Note: SVG is intentionally excluded — inline SVGs can contain scripts.\n /\nexport const IMAGES_ONLY: Policy = definePolicy({\n includeExtensions: ['jpg', 'jpeg', 'png', 'gif', 'webp', 'avif', 'tiff', 'tif', 'bmp', 'ico'],\n allowedMimeTypes: [\n 'image/jpeg',\n 'image/png',\n 'image/gif',\n 'image/webp',\n 'image/avif',\n 'image/tiff',\n 'image/bmp',\n 'image/x-icon',\n 'image/vnd.microsoft.icon',\n ],\n maxFileSizeBytes: 10 MB,\n timeoutMs: 5_000,\n concurrency: 8,\n failClosed: true,\n});\n\n/*\n Strict public-upload policy.\n \n Appropriate for: anonymous or low-trust upload endpoints, public APIs,\n * any surface exposed to untrusted users.\n \n Aggressive size limit (5 MB), short timeout, fail-closed, narrow MIME\n * allowlist. Only allows plain images and PDF.\n /\nexport const STRICT_PUBLIC_UPLOAD: Policy = definePolicy({\n includeExtensions: ['jpg', 'jpeg', 'png', 'webp', 'pdf'],\n allowedMimeTypes: [\n 'image/jpeg',\n 'image/png',\n 'image/webp',\n 'application/pdf',\n ],\n maxFileSizeBytes: 5 MB,\n timeoutMs: 4_000,\n concurrency: 2,\n failClosed: true,\n});\n\n/*\n Conservative default policy.\n \n A hardened version of the built-in `DEFAULT_POLICY` suitable for\n * production without further customisation. Stricter size limit and\n * shorter timeout than the permissive default.\n /\nexport const CONSERVATIVE_DEFAULT: Policy = definePolicy({\n includeExtensions: ['zip', 'png', 'jpg', 'jpeg', 'pdf', 'txt', 'csv', 'docx', 'xlsx'],\n allowedMimeTypes: [\n 'application/zip',\n 'image/png',\n 'image/jpeg',\n 'application/pdf',\n 'text/plain',\n 'text/csv',\n 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',\n 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',\n ],\n maxFileSizeBytes: 10 MB,\n timeoutMs: 8_000,\n concurrency: 4,\n failClosed: true,\n});\n\n/*\n Archives policy.\n \n Appropriate for: endpoints that accept ZIP, tar, or compressed archives.\n * Combines a generous size allowance with a longer timeout for deep inspection.\n \n NOTE: Pair this policy with `createZipBombGuard()` to defend against\n * decompression-bomb attacks:\n \n ```ts\n * import { composeScanners, createZipBombGuard, CommonHeuristicsScanner } from 'pompelmi';\n * const scanner = composeScanners(\n * [['zipGuard', createZipBombGuard()], ['heuristics', CommonHeuristicsScanner]]\n * );\n * ```\n /\nexport const ARCHIVES: Policy = definePolicy({\n includeExtensions: ['zip', 'tar', 'gz', 'tgz', 'bz2', 'xz', '7z', 'rar'],\n allowedMimeTypes: [\n 'application/zip',\n 'application/x-tar',\n 'application/gzip',\n 'application/x-bzip2',\n 'application/x-xz',\n 'application/x-7z-compressed',\n 'application/x-rar-compressed',\n ],\n maxFileSizeBytes: 100 MB,\n timeoutMs: 30_000,\n concurrency: 2,\n failClosed: true,\n});\n\n// ── Named map ────────────────────────────────────────────────────────────────\n\nexport type PolicyPackName =\n \| 'documents-only'\n \| 'images-only'\n \| 'strict-public-upload'\n \| 'conservative-default'\n \| 'archives';\n\n/*\n Named map of all built-in policy packs.\n \n ```ts\n * import { POLICY_PACKS } from 'pompelmi/policy-packs';\n * const policy = POLICY_PACKS['strict-public-upload'];\n * ```\n /\nexport const POLICY_PACKS: Record<PolicyPackName, Policy> = {\n 'documents-only': DOCUMENTS_ONLY,\n 'images-only': IMAGES_ONLY,\n 'strict-public-upload': STRICT_PUBLIC_UPLOAD,\n 'conservative-default': CONSERVATIVE_DEFAULT,\n 'archives': ARCHIVES,\n};\n\n/\n Look up a policy pack by name.\n * Throws if the name is not recognised.\n */\nexport function getPolicyPack(name: PolicyPackName): Policy {\n const policy = POLICY_PACKS[name];\n if (!policy) throw new Error(`Unknown policy pack: '${name}'. Valid names: ${Object.keys(POLICY_PACKS).join(', ')}`);\n return policy;\n}\n"],"names":["MB"],"mappings":";;AAWA,MAAMA,IAAE,GAAG,IAAI,GAAG,IAAI;AAEf,MAAM,cAAc,GAAW;IACpC,iBAAiB,EAAE,CAAC,KAAK,EAAC,KAAK,EAAC,KAAK,EAAC,MAAM,EAAC,KAAK,CAAC;IACnD,gBAAgB,EAAE,CAAC,iBAAiB,EAAC,WAAW,EAAC,YAAY,EAAC,iBAAiB,EAAC,YAAY,CAAC;IAC7F,gBAAgB,EAAE,EAAE,GAAGA,IAAE;AACzB,IAAA,SAAS,EAAE,IAAI;AACf,IAAA,WAAW,EAAE,CAAC;AACd,IAAA,UAAU,EAAE;CACb;AAEK,SAAU,YAAY,CAAC,KAAA,GAAqB,EAAE,EAAA;IAClD,MAAM,CAAC,GAAW,EAAE,GAAG,cAAc,EAAE,GAAG,KAAK,EAAE;IACjD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,iBAAiB,CAAC;AAAE,QAAA,MAAM,IAAI,SAAS,CAAC,oCAAoC,CAAC;IAClG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,gBAAgB,CAAC;AAAE,QAAA,MAAM,IAAI,SAAS,CAAC,mCAAmC,CAAC;AAChG,IAAA,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,gBAAgB,GAAG,CAAC,CAAC;AAAE,QAAA,MAAM,IAAI,SAAS,CAAC,8BAA8B,CAAC;AACzH,IAAA,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC;AAAE,QAAA,MAAM,IAAI,SAAS,CAAC,uBAAuB,CAAC;AACpG,IAAA,IAAI,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,WAAW,GAAG,CAAC,CAAC;AAAE,QAAA,MAAM,IAAI,SAAS,CAAC,yBAAyB,CAAC;AAC3G,IAAA,OAAO,CAAC;AACV;;AC9BA;;;;;;;;;;;;;;;;;;;;;;;;AAwBG;AAIH,MAAM,EAAE,GAAG,IAAI;AACf,MAAM,EAAE,GAAG,IAAI,GAAG,EAAE;AAEpB;AAEA;;;;;;;;;AASG;AACI,MAAM,cAAc,GAAW,YAAY,CAAC;AACjD,IAAA,iBAAiB,EAAE;QACjB,KAAK;AACL,QAAA,KAAK,EAAE,MAAM;AACb,QAAA,KAAK,EAAE,MAAM;AACb,QAAA,KAAK,EAAE,MAAM;QACb,KAAK,EAAE,KAAK,EAAE,KAAK;QACnB,KAAK;QACL,KAAK;QACL,MAAM;AACN,QAAA,MAAM,EAAE,KAAK;QACb,IAAI;AACL,KAAA;AACD,IAAA,gBAAgB,EAAE;QAChB,iBAAiB;QACjB,oBAAoB;QACpB,yEAAyE;QACzE,0BAA0B;QAC1B,mEAAmE;QACnE,+BAA+B;QAC/B,2EAA2E;QAC3E,yCAAyC;QACzC,gDAAgD;QAChD,iDAAiD;QACjD,UAAU;QACV,YAAY;QACZ,kBAAkB;QAClB,WAAW;QACX,eAAe;AAChB,KAAA;IACD,gBAAgB,EAAE,EAAE,GAAG,EAAE;AACzB,IAAA,SAAS,EAAE,KAAM;AACjB,IAAA,WAAW,EAAE,CAAC;AACd,IAAA,UAAU,EAAE,IAAI;AACjB,CAAA;AAED;;;;;;;;;AASG;AACI,MAAM,WAAW,GAAW,YAAY,CAAC;IAC9C,iBAAiB,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC;AAC7F,IAAA,gBAAgB,EAAE;QAChB,YAAY;QACZ,WAAW;QACX,WAAW;QACX,YAAY;QACZ,YAAY;QACZ,YAAY;QACZ,WAAW;QACX,cAAc;QACd,0BAA0B;AAC3B,KAAA;IACD,gBAAgB,EAAE,EAAE,GAAG,EAAE;AACzB,IAAA,SAAS,EAAE,IAAK;AAChB,IAAA,WAAW,EAAE,CAAC;AACd,IAAA,UAAU,EAAE,IAAI;AACjB,CAAA;AAED;;;;;;;;AAQG;AACI,MAAM,oBAAoB,GAAW,YAAY,CAAC;IACvD,iBAAiB,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC;AACxD,IAAA,gBAAgB,EAAE;QAChB,YAAY;QACZ,WAAW;QACX,YAAY;QACZ,iBAAiB;AAClB,KAAA;IACD,gBAAgB,EAAE,CAAC,GAAG,EAAE;AACxB,IAAA,SAAS,EAAE,IAAK;AAChB,IAAA,WAAW,EAAE,CAAC;AACd,IAAA,UAAU,EAAE,IAAI;AACjB,CAAA;AAED;;;;;;AAMG;AACI,MAAM,oBAAoB,GAAW,YAAY,CAAC;AACvD,IAAA,iBAAiB,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC;AACrF,IAAA,gBAAgB,EAAE;QAChB,iBAAiB;QACjB,WAAW;QACX,YAAY;QACZ,iBAAiB;QACjB,YAAY;QACZ,UAAU;QACV,yEAAyE;QACzE,mEAAmE;AACpE,KAAA;IACD,gBAAgB,EAAE,EAAE,GAAG,EAAE;AACzB,IAAA,SAAS,EAAE,IAAK;AAChB,IAAA,WAAW,EAAE,CAAC;AACd,IAAA,UAAU,EAAE,IAAI;AACjB,CAAA;AAED;;;;;;;;;;;;;;;AAeG;AACI,MAAM,QAAQ,GAAW,YAAY,CAAC;AAC3C,IAAA,iBAAiB,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC;AACxE,IAAA,gBAAgB,EAAE;QAChB,iBAAiB;QACjB,mBAAmB;QACnB,kBAAkB;QAClB,qBAAqB;QACrB,kBAAkB;QAClB,6BAA6B;QAC7B,8BAA8B;AAC/B,KAAA;IACD,gBAAgB,EAAE,GAAG,GAAG,EAAE;AAC1B,IAAA,SAAS,EAAE,KAAM;AACjB,IAAA,WAAW,EAAE,CAAC;AACd,IAAA,UAAU,EAAE,IAAI;AACjB,CAAA;AAWD;;;;;;;AAOG;AACI,MAAM,YAAY,GAAmC;AAC1D,IAAA,gBAAgB,EAAE,cAAc;AAChC,IAAA,aAAa,EAAE,WAAW;AAC1B,IAAA,sBAAsB,EAAE,oBAAoB;AAC5C,IAAA,sBAAsB,EAAE,oBAAoB;AAC5C,IAAA,UAAU,EAAE,QAAQ;;AAGtB;;;AAGG;AACG,SAAU,aAAa,CAAC,IAAoB,EAAA;AAChD,IAAA,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,CAAC;AACjC,IAAA,IAAI,CAAC,MAAM;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,yBAAyB,IAAI,CAAA,gBAAA,EAAmB,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA,CAAE,CAAC;AACpH,IAAA,OAAO,MAAM;AACf;;;;;;;;;;"}
1	+ {"version":3,"file":"pompelmi.policy-packs.cjs","sources":["../../src/policy.ts","../../src/policy-packs.ts"],"sourcesContent":["export interface Policy {\n includeExtensions: string[];\n allowedMimeTypes: string[];\n maxFileSizeBytes: number;\n timeoutMs: number;\n concurrency: number;\n failClosed: boolean;\n onScanEvent?: (ev: unknown) => void;\n}\nexport type PolicyInput = Partial<Policy>;\n\nconst MB = 1024 * 1024;\n\nexport const DEFAULT_POLICY: Policy = {\n includeExtensions: [\"zip\", \"png\", \"jpg\", \"jpeg\", \"pdf\"],\n allowedMimeTypes: [\"application/zip\", \"image/png\", \"image/jpeg\", \"application/pdf\", \"text/plain\"],\n maxFileSizeBytes: 20 * MB,\n timeoutMs: 5000,\n concurrency: 4,\n failClosed: true,\n};\n\nexport function definePolicy(input: PolicyInput = {}): Policy {\n const p: Policy = { ...DEFAULT_POLICY, ...input };\n if (!Array.isArray(p.includeExtensions))\n throw new TypeError(\"includeExtensions must be string[]\");\n if (!Array.isArray(p.allowedMimeTypes)) throw new TypeError(\"allowedMimeTypes must be string[]\");\n if (!(Number.isFinite(p.maxFileSizeBytes) && p.maxFileSizeBytes > 0))\n throw new TypeError(\"maxFileSizeBytes must be > 0\");\n if (!(Number.isFinite(p.timeoutMs) && p.timeoutMs > 0))\n throw new TypeError(\"timeoutMs must be > 0\");\n if (!(Number.isInteger(p.concurrency) && p.concurrency > 0))\n throw new TypeError(\"concurrency must be > 0\");\n return p;\n}\n","/*\n Policy packs for Pompelmi.\n \n Pre-configured, named policies for common upload scenarios. Each pack\n * defines the file type allowlist, size limits, and timeout appropriate for\n * its use case.\n \n All packs are built on `definePolicy` and are fully overridable:\n \n ```ts\n * import { POLICY_PACKS } from 'pompelmi/policy-packs';\n \n // Use a pack as-is:\n * const policy = POLICY_PACKS['images-only'];\n \n // Or override individual fields:\n * import { definePolicy } from 'pompelmi';\n * const custom = definePolicy({ ...POLICY_PACKS['documents-only'], maxFileSizeBytes: 5 * 1024 * 1024 });\n * ```\n \n These packs are deterministic and descriptor-based — they do not\n * depend on any external threat intelligence feed.\n \n @module policy-packs\n /\n\nimport { definePolicy, type Policy } from \"./policy\";\n\nconst KB = 1024;\nconst MB = 1024 KB;\n\n// ── Policy packs ──────────────────────────────────────────────────────────────\n\n/*\n Documents-only policy.\n \n Appropriate for: document management APIs, PDF/Office file upload endpoints,\n * data import pipelines.\n \n Allowed: PDF, Word (.docx/.doc), Excel (.xlsx/.xls), PowerPoint (.pptx/.ppt),\n * CSV, plain text, JSON, YAML, ODT/ODS/ODP (OpenDocument).\n * Max size: 25 MB.\n /\nexport const DOCUMENTS_ONLY: Policy = definePolicy({\n includeExtensions: [\n \"pdf\",\n \"doc\",\n \"docx\",\n \"xls\",\n \"xlsx\",\n \"ppt\",\n \"pptx\",\n \"odt\",\n \"ods\",\n \"odp\",\n \"csv\",\n \"txt\",\n \"json\",\n \"yaml\",\n \"yml\",\n \"md\",\n ],\n allowedMimeTypes: [\n \"application/pdf\",\n \"application/msword\",\n \"application/vnd.openxmlformats-officedocument.wordprocessingml.document\",\n \"application/vnd.ms-excel\",\n \"application/vnd.openxmlformats-officedocument.spreadsheetml.sheet\",\n \"application/vnd.ms-powerpoint\",\n \"application/vnd.openxmlformats-officedocument.presentationml.presentation\",\n \"application/vnd.oasis.opendocument.text\",\n \"application/vnd.oasis.opendocument.spreadsheet\",\n \"application/vnd.oasis.opendocument.presentation\",\n \"text/csv\",\n \"text/plain\",\n \"application/json\",\n \"text/yaml\",\n \"text/markdown\",\n ],\n maxFileSizeBytes: 25 MB,\n timeoutMs: 10_000,\n concurrency: 4,\n failClosed: true,\n});\n\n/*\n Images-only policy.\n \n Appropriate for: avatar uploads, product image APIs, content platforms with\n * user-generated imagery.\n \n Allowed: JPEG, PNG, GIF, WebP, AVIF, TIFF, BMP, ICO.\n * Max size: 10 MB.\n * Note: SVG is intentionally excluded — inline SVGs can contain scripts.\n /\nexport const IMAGES_ONLY: Policy = definePolicy({\n includeExtensions: [\"jpg\", \"jpeg\", \"png\", \"gif\", \"webp\", \"avif\", \"tiff\", \"tif\", \"bmp\", \"ico\"],\n allowedMimeTypes: [\n \"image/jpeg\",\n \"image/png\",\n \"image/gif\",\n \"image/webp\",\n \"image/avif\",\n \"image/tiff\",\n \"image/bmp\",\n \"image/x-icon\",\n \"image/vnd.microsoft.icon\",\n ],\n maxFileSizeBytes: 10 MB,\n timeoutMs: 5_000,\n concurrency: 8,\n failClosed: true,\n});\n\n/*\n Strict public-upload policy.\n \n Appropriate for: anonymous or low-trust upload endpoints, public APIs,\n * any surface exposed to untrusted users.\n \n Aggressive size limit (5 MB), short timeout, fail-closed, narrow MIME\n * allowlist. Only allows plain images and PDF.\n /\nexport const STRICT_PUBLIC_UPLOAD: Policy = definePolicy({\n includeExtensions: [\"jpg\", \"jpeg\", \"png\", \"webp\", \"pdf\"],\n allowedMimeTypes: [\"image/jpeg\", \"image/png\", \"image/webp\", \"application/pdf\"],\n maxFileSizeBytes: 5 MB,\n timeoutMs: 4_000,\n concurrency: 2,\n failClosed: true,\n});\n\n/*\n Conservative default policy.\n \n A hardened version of the built-in `DEFAULT_POLICY` suitable for\n * production without further customisation. Stricter size limit and\n * shorter timeout than the permissive default.\n /\nexport const CONSERVATIVE_DEFAULT: Policy = definePolicy({\n includeExtensions: [\"zip\", \"png\", \"jpg\", \"jpeg\", \"pdf\", \"txt\", \"csv\", \"docx\", \"xlsx\"],\n allowedMimeTypes: [\n \"application/zip\",\n \"image/png\",\n \"image/jpeg\",\n \"application/pdf\",\n \"text/plain\",\n \"text/csv\",\n \"application/vnd.openxmlformats-officedocument.wordprocessingml.document\",\n \"application/vnd.openxmlformats-officedocument.spreadsheetml.sheet\",\n ],\n maxFileSizeBytes: 10 MB,\n timeoutMs: 8_000,\n concurrency: 4,\n failClosed: true,\n});\n\n/*\n Archives policy.\n \n Appropriate for: endpoints that accept ZIP, tar, or compressed archives.\n * Combines a generous size allowance with a longer timeout for deep inspection.\n \n NOTE: Pair this policy with `createZipBombGuard()` to defend against\n * decompression-bomb attacks:\n \n ```ts\n * import { composeScanners, createZipBombGuard, CommonHeuristicsScanner } from 'pompelmi';\n * const scanner = composeScanners(\n * [['zipGuard', createZipBombGuard()], ['heuristics', CommonHeuristicsScanner]]\n * );\n * ```\n /\nexport const ARCHIVES: Policy = definePolicy({\n includeExtensions: [\"zip\", \"tar\", \"gz\", \"tgz\", \"bz2\", \"xz\", \"7z\", \"rar\"],\n allowedMimeTypes: [\n \"application/zip\",\n \"application/x-tar\",\n \"application/gzip\",\n \"application/x-bzip2\",\n \"application/x-xz\",\n \"application/x-7z-compressed\",\n \"application/x-rar-compressed\",\n ],\n maxFileSizeBytes: 100 MB,\n timeoutMs: 30_000,\n concurrency: 2,\n failClosed: true,\n});\n\n// ── Named map ────────────────────────────────────────────────────────────────\n\nexport type PolicyPackName =\n \| \"documents-only\"\n \| \"images-only\"\n \| \"strict-public-upload\"\n \| \"conservative-default\"\n \| \"archives\";\n\n/*\n Named map of all built-in policy packs.\n \n ```ts\n * import { POLICY_PACKS } from 'pompelmi/policy-packs';\n * const policy = POLICY_PACKS['strict-public-upload'];\n * ```\n /\nexport const POLICY_PACKS: Record<PolicyPackName, Policy> = {\n \"documents-only\": DOCUMENTS_ONLY,\n \"images-only\": IMAGES_ONLY,\n \"strict-public-upload\": STRICT_PUBLIC_UPLOAD,\n \"conservative-default\": CONSERVATIVE_DEFAULT,\n archives: ARCHIVES,\n};\n\n/\n Look up a policy pack by name.\n * Throws if the name is not recognised.\n */\nexport function getPolicyPack(name: PolicyPackName): Policy {\n const policy = POLICY_PACKS[name];\n if (!policy)\n throw new Error(\n `Unknown policy pack: '${name}'. Valid names: ${Object.keys(POLICY_PACKS).join(\", \")}`,\n );\n return policy;\n}\n"],"names":["MB"],"mappings":";;AAWA,MAAMA,IAAE,GAAG,IAAI,GAAG,IAAI;AAEf,MAAM,cAAc,GAAW;IACpC,iBAAiB,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC;IACvD,gBAAgB,EAAE,CAAC,iBAAiB,EAAE,WAAW,EAAE,YAAY,EAAE,iBAAiB,EAAE,YAAY,CAAC;IACjG,gBAAgB,EAAE,EAAE,GAAGA,IAAE;AACzB,IAAA,SAAS,EAAE,IAAI;AACf,IAAA,WAAW,EAAE,CAAC;AACd,IAAA,UAAU,EAAE,IAAI;CACjB;AAEK,SAAU,YAAY,CAAC,KAAA,GAAqB,EAAE,EAAA;IAClD,MAAM,CAAC,GAAW,EAAE,GAAG,cAAc,EAAE,GAAG,KAAK,EAAE;IACjD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,iBAAiB,CAAC;AACrC,QAAA,MAAM,IAAI,SAAS,CAAC,oCAAoC,CAAC;IAC3D,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,gBAAgB,CAAC;AAAE,QAAA,MAAM,IAAI,SAAS,CAAC,mCAAmC,CAAC;AAChG,IAAA,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,gBAAgB,GAAG,CAAC,CAAC;AAClE,QAAA,MAAM,IAAI,SAAS,CAAC,8BAA8B,CAAC;AACrD,IAAA,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC;AACpD,QAAA,MAAM,IAAI,SAAS,CAAC,uBAAuB,CAAC;AAC9C,IAAA,IAAI,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,WAAW,GAAG,CAAC,CAAC;AACzD,QAAA,MAAM,IAAI,SAAS,CAAC,yBAAyB,CAAC;AAChD,IAAA,OAAO,CAAC;AACV;;AClCA;;;;;;;;;;;;;;;;;;;;;;;;AAwBG;AAIH,MAAM,EAAE,GAAG,IAAI;AACf,MAAM,EAAE,GAAG,IAAI,GAAG,EAAE;AAEpB;AAEA;;;;;;;;;AASG;AACI,MAAM,cAAc,GAAW,YAAY,CAAC;AACjD,IAAA,iBAAiB,EAAE;QACjB,KAAK;QACL,KAAK;QACL,MAAM;QACN,KAAK;QACL,MAAM;QACN,KAAK;QACL,MAAM;QACN,KAAK;QACL,KAAK;QACL,KAAK;QACL,KAAK;QACL,KAAK;QACL,MAAM;QACN,MAAM;QACN,KAAK;QACL,IAAI;AACL,KAAA;AACD,IAAA,gBAAgB,EAAE;QAChB,iBAAiB;QACjB,oBAAoB;QACpB,yEAAyE;QACzE,0BAA0B;QAC1B,mEAAmE;QACnE,+BAA+B;QAC/B,2EAA2E;QAC3E,yCAAyC;QACzC,gDAAgD;QAChD,iDAAiD;QACjD,UAAU;QACV,YAAY;QACZ,kBAAkB;QAClB,WAAW;QACX,eAAe;AAChB,KAAA;IACD,gBAAgB,EAAE,EAAE,GAAG,EAAE;AACzB,IAAA,SAAS,EAAE,KAAM;AACjB,IAAA,WAAW,EAAE,CAAC;AACd,IAAA,UAAU,EAAE,IAAI;AACjB,CAAA;AAED;;;;;;;;;AASG;AACI,MAAM,WAAW,GAAW,YAAY,CAAC;IAC9C,iBAAiB,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC;AAC7F,IAAA,gBAAgB,EAAE;QAChB,YAAY;QACZ,WAAW;QACX,WAAW;QACX,YAAY;QACZ,YAAY;QACZ,YAAY;QACZ,WAAW;QACX,cAAc;QACd,0BAA0B;AAC3B,KAAA;IACD,gBAAgB,EAAE,EAAE,GAAG,EAAE;AACzB,IAAA,SAAS,EAAE,IAAK;AAChB,IAAA,WAAW,EAAE,CAAC;AACd,IAAA,UAAU,EAAE,IAAI;AACjB,CAAA;AAED;;;;;;;;AAQG;AACI,MAAM,oBAAoB,GAAW,YAAY,CAAC;IACvD,iBAAiB,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC;IACxD,gBAAgB,EAAE,CAAC,YAAY,EAAE,WAAW,EAAE,YAAY,EAAE,iBAAiB,CAAC;IAC9E,gBAAgB,EAAE,CAAC,GAAG,EAAE;AACxB,IAAA,SAAS,EAAE,IAAK;AAChB,IAAA,WAAW,EAAE,CAAC;AACd,IAAA,UAAU,EAAE,IAAI;AACjB,CAAA;AAED;;;;;;AAMG;AACI,MAAM,oBAAoB,GAAW,YAAY,CAAC;AACvD,IAAA,iBAAiB,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC;AACrF,IAAA,gBAAgB,EAAE;QAChB,iBAAiB;QACjB,WAAW;QACX,YAAY;QACZ,iBAAiB;QACjB,YAAY;QACZ,UAAU;QACV,yEAAyE;QACzE,mEAAmE;AACpE,KAAA;IACD,gBAAgB,EAAE,EAAE,GAAG,EAAE;AACzB,IAAA,SAAS,EAAE,IAAK;AAChB,IAAA,WAAW,EAAE,CAAC;AACd,IAAA,UAAU,EAAE,IAAI;AACjB,CAAA;AAED;;;;;;;;;;;;;;;AAeG;AACI,MAAM,QAAQ,GAAW,YAAY,CAAC;AAC3C,IAAA,iBAAiB,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC;AACxE,IAAA,gBAAgB,EAAE;QAChB,iBAAiB;QACjB,mBAAmB;QACnB,kBAAkB;QAClB,qBAAqB;QACrB,kBAAkB;QAClB,6BAA6B;QAC7B,8BAA8B;AAC/B,KAAA;IACD,gBAAgB,EAAE,GAAG,GAAG,EAAE;AAC1B,IAAA,SAAS,EAAE,KAAM;AACjB,IAAA,WAAW,EAAE,CAAC;AACd,IAAA,UAAU,EAAE,IAAI;AACjB,CAAA;AAWD;;;;;;;AAOG;AACI,MAAM,YAAY,GAAmC;AAC1D,IAAA,gBAAgB,EAAE,cAAc;AAChC,IAAA,aAAa,EAAE,WAAW;AAC1B,IAAA,sBAAsB,EAAE,oBAAoB;AAC5C,IAAA,sBAAsB,EAAE,oBAAoB;AAC5C,IAAA,QAAQ,EAAE,QAAQ;;AAGpB;;;AAGG;AACG,SAAU,aAAa,CAAC,IAAoB,EAAA;AAChD,IAAA,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,CAAC;AACjC,IAAA,IAAI,CAAC,MAAM;AACT,QAAA,MAAM,IAAI,KAAK,CACb,yBAAyB,IAAI,CAAA,gBAAA,EAAmB,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA,CAAE,CACvF;AACH,IAAA,OAAO,MAAM;AACf;;;;;;;;;;"}

package/dist/pompelmi.policy-packs.esm.js CHANGED Viewed

@@ -1,24 +1,24 @@
 const MB$1 = 1024 * 1024;
 const DEFAULT_POLICY = {
-    includeExtensions: ['zip', 'png', 'jpg', 'jpeg', 'pdf'],
-    allowedMimeTypes: ['application/zip', 'image/png', 'image/jpeg', 'application/pdf', 'text/plain'],
+    includeExtensions: ["zip", "png", "jpg", "jpeg", "pdf"],
+    allowedMimeTypes: ["application/zip", "image/png", "image/jpeg", "application/pdf", "text/plain"],
     maxFileSizeBytes: 20 * MB$1,
     timeoutMs: 5000,
     concurrency: 4,
-    failClosed: true
+    failClosed: true,
 };
 function definePolicy(input = {}) {
     const p = { ...DEFAULT_POLICY, ...input };
     if (!Array.isArray(p.includeExtensions))
-        throw new TypeError('includeExtensions must be string[]');
+        throw new TypeError("includeExtensions must be string[]");
     if (!Array.isArray(p.allowedMimeTypes))
-        throw new TypeError('allowedMimeTypes must be string[]');
+        throw new TypeError("allowedMimeTypes must be string[]");
     if (!(Number.isFinite(p.maxFileSizeBytes) && p.maxFileSizeBytes > 0))
-        throw new TypeError('maxFileSizeBytes must be > 0');
+        throw new TypeError("maxFileSizeBytes must be > 0");
     if (!(Number.isFinite(p.timeoutMs) && p.timeoutMs > 0))
-        throw new TypeError('timeoutMs must be > 0');
+        throw new TypeError("timeoutMs must be > 0");
     if (!(Number.isInteger(p.concurrency) && p.concurrency > 0))
-        throw new TypeError('concurrency must be > 0');
+        throw new TypeError("concurrency must be > 0");
     return p;
 }
@@ -62,33 +62,39 @@ const MB = 1024 * KB;
  */
 const DOCUMENTS_ONLY = definePolicy({
     includeExtensions: [
-        'pdf',
-        'doc', 'docx',
-        'xls', 'xlsx',
-        'ppt', 'pptx',
-        'odt', 'ods', 'odp',
-        'csv',
-        'txt',
-        'json',
-        'yaml', 'yml',
-        'md',
+        "pdf",
+        "doc",
+        "docx",
+        "xls",
+        "xlsx",
+        "ppt",
+        "pptx",
+        "odt",
+        "ods",
+        "odp",
+        "csv",
+        "txt",
+        "json",
+        "yaml",
+        "yml",
+        "md",
     ],
     allowedMimeTypes: [
-        'application/pdf',
-        'application/msword',
-        'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
-        'application/vnd.ms-excel',
-        'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
-        'application/vnd.ms-powerpoint',
-        'application/vnd.openxmlformats-officedocument.presentationml.presentation',
-        'application/vnd.oasis.opendocument.text',
-        'application/vnd.oasis.opendocument.spreadsheet',
-        'application/vnd.oasis.opendocument.presentation',
-        'text/csv',
-        'text/plain',
-        'application/json',
-        'text/yaml',
-        'text/markdown',
+        "application/pdf",
+        "application/msword",
+        "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
+        "application/vnd.ms-excel",
+        "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
+        "application/vnd.ms-powerpoint",
+        "application/vnd.openxmlformats-officedocument.presentationml.presentation",
+        "application/vnd.oasis.opendocument.text",
+        "application/vnd.oasis.opendocument.spreadsheet",
+        "application/vnd.oasis.opendocument.presentation",
+        "text/csv",
+        "text/plain",
+        "application/json",
+        "text/yaml",
+        "text/markdown",
     ],
     maxFileSizeBytes: 25 * MB,
     timeoutMs: 10000,
@@ -106,17 +112,17 @@ const DOCUMENTS_ONLY = definePolicy({
  * Note: SVG is intentionally excluded — inline SVGs can contain scripts.
  */
 const IMAGES_ONLY = definePolicy({
-    includeExtensions: ['jpg', 'jpeg', 'png', 'gif', 'webp', 'avif', 'tiff', 'tif', 'bmp', 'ico'],
+    includeExtensions: ["jpg", "jpeg", "png", "gif", "webp", "avif", "tiff", "tif", "bmp", "ico"],
     allowedMimeTypes: [
-        'image/jpeg',
-        'image/png',
-        'image/gif',
-        'image/webp',
-        'image/avif',
-        'image/tiff',
-        'image/bmp',
-        'image/x-icon',
-        'image/vnd.microsoft.icon',
+        "image/jpeg",
+        "image/png",
+        "image/gif",
+        "image/webp",
+        "image/avif",
+        "image/tiff",
+        "image/bmp",
+        "image/x-icon",
+        "image/vnd.microsoft.icon",
     ],
     maxFileSizeBytes: 10 * MB,
     timeoutMs: 5000,
@@ -133,13 +139,8 @@ const IMAGES_ONLY = definePolicy({
  * allowlist.  Only allows plain images and PDF.
  */
 const STRICT_PUBLIC_UPLOAD = definePolicy({
-    includeExtensions: ['jpg', 'jpeg', 'png', 'webp', 'pdf'],
-    allowedMimeTypes: [
-        'image/jpeg',
-        'image/png',
-        'image/webp',
-        'application/pdf',
-    ],
+    includeExtensions: ["jpg", "jpeg", "png", "webp", "pdf"],
+    allowedMimeTypes: ["image/jpeg", "image/png", "image/webp", "application/pdf"],
     maxFileSizeBytes: 5 * MB,
     timeoutMs: 4000,
     concurrency: 2,
@@ -153,16 +154,16 @@ const STRICT_PUBLIC_UPLOAD = definePolicy({
  * shorter timeout than the permissive default.
  */
 const CONSERVATIVE_DEFAULT = definePolicy({
-    includeExtensions: ['zip', 'png', 'jpg', 'jpeg', 'pdf', 'txt', 'csv', 'docx', 'xlsx'],
+    includeExtensions: ["zip", "png", "jpg", "jpeg", "pdf", "txt", "csv", "docx", "xlsx"],
     allowedMimeTypes: [
-        'application/zip',
-        'image/png',
-        'image/jpeg',
-        'application/pdf',
-        'text/plain',
-        'text/csv',
-        'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
-        'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
+        "application/zip",
+        "image/png",
+        "image/jpeg",
+        "application/pdf",
+        "text/plain",
+        "text/csv",
+        "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
+        "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
     ],
     maxFileSizeBytes: 10 * MB,
     timeoutMs: 8000,
@@ -186,15 +187,15 @@ const CONSERVATIVE_DEFAULT = definePolicy({
  * ```
  */
 const ARCHIVES = definePolicy({
-    includeExtensions: ['zip', 'tar', 'gz', 'tgz', 'bz2', 'xz', '7z', 'rar'],
+    includeExtensions: ["zip", "tar", "gz", "tgz", "bz2", "xz", "7z", "rar"],
     allowedMimeTypes: [
-        'application/zip',
-        'application/x-tar',
-        'application/gzip',
-        'application/x-bzip2',
-        'application/x-xz',
-        'application/x-7z-compressed',
-        'application/x-rar-compressed',
+        "application/zip",
+        "application/x-tar",
+        "application/gzip",
+        "application/x-bzip2",
+        "application/x-xz",
+        "application/x-7z-compressed",
+        "application/x-rar-compressed",
     ],
     maxFileSizeBytes: 100 * MB,
     timeoutMs: 30000,
@@ -210,11 +211,11 @@ const ARCHIVES = definePolicy({
  * ```
  */
 const POLICY_PACKS = {
-    'documents-only': DOCUMENTS_ONLY,
-    'images-only': IMAGES_ONLY,
-    'strict-public-upload': STRICT_PUBLIC_UPLOAD,
-    'conservative-default': CONSERVATIVE_DEFAULT,
-    'archives': ARCHIVES,
+    "documents-only": DOCUMENTS_ONLY,
+    "images-only": IMAGES_ONLY,
+    "strict-public-upload": STRICT_PUBLIC_UPLOAD,
+    "conservative-default": CONSERVATIVE_DEFAULT,
+    archives: ARCHIVES,
 };
 /**
  * Look up a policy pack by name.
@@ -223,7 +224,7 @@ const POLICY_PACKS = {
 function getPolicyPack(name) {
     const policy = POLICY_PACKS[name];
     if (!policy)
-        throw new Error(`Unknown policy pack: '${name}'. Valid names: ${Object.keys(POLICY_PACKS).join(', ')}`);
+        throw new Error(`Unknown policy pack: '${name}'. Valid names: ${Object.keys(POLICY_PACKS).join(", ")}`);
     return policy;
 }