pompelmi 0.9.0 → 0.10.0-dev.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +46 -1
- package/package.json +7 -3
package/README.md
CHANGED
|
@@ -27,6 +27,7 @@
|
|
|
27
27
|
<a href="https://pompelmi.github.io/pompelmi/">Documentation</a> ·
|
|
28
28
|
<a href="#installation">Install</a> ·
|
|
29
29
|
<a href="#quickstart">Quickstart</a> ·
|
|
30
|
+
<a href="#github-action">GitHub Action</a> ·
|
|
30
31
|
<a href="#adapters">Adapters</a> ·
|
|
31
32
|
<a href="#diagrams">Diagrams</a> ·
|
|
32
33
|
<a href="#configuration">Config</a> ·
|
|
@@ -169,7 +170,51 @@ export const POST = createNextUploadHandler({
|
|
|
169
170
|
});
|
|
170
171
|
```
|
|
171
172
|
|
|
172
|
-
|
|
173
|
+
----
|
|
174
|
+
|
|
175
|
+
## GitHub Action
|
|
176
|
+
|
|
177
|
+
Run **pompelmi** in CI to scan repository files or built artifacts.
|
|
178
|
+
|
|
179
|
+
**Minimal usage**
|
|
180
|
+
```yaml
|
|
181
|
+
name: Security scan (pompelmi)
|
|
182
|
+
on: [push, pull_request]
|
|
183
|
+
|
|
184
|
+
jobs:
|
|
185
|
+
scan:
|
|
186
|
+
runs-on: ubuntu-latest
|
|
187
|
+
steps:
|
|
188
|
+
- uses: actions/checkout@v4
|
|
189
|
+
|
|
190
|
+
- name: Scan repository with pompelmi
|
|
191
|
+
uses: pompelmi/pompelmi/.github/actions/pompelmi-scan@v1
|
|
192
|
+
with:
|
|
193
|
+
path: .
|
|
194
|
+
deep_zip: true
|
|
195
|
+
fail_on_detect: true
|
|
196
|
+
```
|
|
197
|
+
|
|
198
|
+
**Scan a single artifact**
|
|
199
|
+
```yaml
|
|
200
|
+
- uses: pompelmi/pompelmi/.github/actions/pompelmi-scan@v1
|
|
201
|
+
with:
|
|
202
|
+
artifact: build.zip
|
|
203
|
+
deep_zip: true
|
|
204
|
+
fail_on_detect: true
|
|
205
|
+
```
|
|
206
|
+
|
|
207
|
+
**Inputs**
|
|
208
|
+
| Input | Default | Description |
|
|
209
|
+
| --- | --- | --- |
|
|
210
|
+
| `path` | `.` | Directory to scan. |
|
|
211
|
+
| `artifact` | `""` | Single file/archive to scan. |
|
|
212
|
+
| `yara_rules` | `""` | Glob path to YARA rules (e.g. `rules/*.yar`). |
|
|
213
|
+
| `deep_zip` | `true` | Enable deep nested-archive inspection. |
|
|
214
|
+
| `max_depth` | `3` | Max nested-archive depth. |
|
|
215
|
+
| `fail_on_detect` | `true` | Fail the job if detections occur. |
|
|
216
|
+
|
|
217
|
+
> The Action lives in this repo at `.github/actions/pompelmi-scan`. When published to the Marketplace, consumers can copy the snippets above as-is.
|
|
173
218
|
|
|
174
219
|
## Adapters
|
|
175
220
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "pompelmi",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.10.0-dev.9",
|
|
4
4
|
"description": "RFI-safe file uploads for Node.js — Express/Koa/Next.js middleware with deep ZIP inspection, MIME/size checks, and optional YARA scanning.",
|
|
5
5
|
"main": "dist/pompelmi.cjs.js",
|
|
6
6
|
"module": "dist/pompelmi.esm.js",
|
|
@@ -16,8 +16,12 @@
|
|
|
16
16
|
},
|
|
17
17
|
"pnpm": {
|
|
18
18
|
"overrides": {
|
|
19
|
-
"regjsgen": "0.
|
|
20
|
-
"fflate": "0.
|
|
19
|
+
"regjsgen": "0.8.0",
|
|
20
|
+
"fflate": "0.8.2",
|
|
21
|
+
"@tokenizer/inflate>fflate": "0.8.2",
|
|
22
|
+
"file-type>fflate": "0.8.2",
|
|
23
|
+
"regexpu-core>regjsgen": "0.8.0",
|
|
24
|
+
"@babel/helper-create-regexp-features-plugin>regjsgen": "0.8.0"
|
|
21
25
|
}
|
|
22
26
|
},
|
|
23
27
|
"scripts": {
|