pompelmi 1.8.0 → 1.10.0

package/BADGE.md

@@ -5,25 +5,25 @@ Add this badge to your repository's `README.md` to show that your file uploads a
 ## Markdown
 
 ```markdown
-[![Scanned by pompelmi](https://img.shields.io/badge/scanned%20by-pompelmi-orange?logo=github)](https://github.com/pompelmi/pompelmi)
+[![Scanned by pompelmi](https://img.shields.io/badge/scanned%20by-pompelmi-orange?logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAA4AAAAOCAYAAAAfSC3RAAAAAXNSR0IArs4c6QAAAQxlWElmTU0AKgAAAAgABwESAAMAAAABAAEAAAEaAAUAAAABAAAAYgEbAAUAAAABAAAAagEoAAMAAAABAAIAAAExAAIAAAA5AAAAcgE7AAIAAAASAAAArIdpAAQAAAABAAAAvgAAAAAAAABgAAAAAQAAAGAAAAABQ2FudmEgZG9jPURBSEdqUE42M19JIHVzZXI9VUFHZVZYTlJxNEkgYnJhbmQ9QkFHZVZib2RxREkAAFRvbW1hc28gQmVydG9jY2hpAAAGkAAABwAAAAQwMjEwkQEABwAAAAQBAgMAoAAABwAAAAQwMTAwoAEAAwAAAAEAAQAAoAIABAAAAAEAAAAOoAMABAAAAAEAAAAOAAAAAOn+IX8AAAAJcEhZcwAADsQAAA7EAZUrDhsAAAZHaVRYdFhNTDpjb20uYWRvYmUueG1wAAAAAAA8eDp4bXBtZXRhIHhtbG5zOng9ImFkb2JlOm5zOm1ldGEvIiB4OnhtcHRrPSJYTVAgQ29yZSA2LjAuMCI+CiAgIDxyZGY6UkRGIHhtbG5zOnJkZj0iaHR0cDovL3d3dy53My5vcmcvMTk5OS8wMi8yMi1yZGYtc3ludGF4LW5zIyI+CiAgICAgIDxyZGY6RGVzY3JpcHRpb24gcmRmOmFib3V0PSIiCiAgICAgICAgICAgIHhtbG5zOmV4aWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20vZXhpZi8xLjAvIgogICAgICAgICAgICB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iCiAgICAgICAgICAgIHhtbG5zOnRpZmY9Imh0dHA6Ly9ucy5hZG9iZS5jb20vdGlmZi8xLjAvIgogICAgICAgICAgICB4bWxuczpkYz0iaHR0cDovL3B1cmwub3JnL2RjL2VsZW1lbnRzLzEuMS8iPgogICAgICAgICA8ZXhpZjpDb2xvclNwYWNlPjY1NTM1PC9leGlmOkNvbG9yU3BhY2U+CiAgICAgICAgIDxleGlmOlBpeGVsWERpbWVuc2lvbj4xNTAwPC9leGlmOlBpeGVsWERpbWVuc2lvbj4KICAgICAgICAgPGV4aWY6RXhpZlZlcnNpb24+MDIxMDwvZXhpZjpFeGlmVmVyc2lvbj4KICAgICAgICAgPGV4aWY6Rmxhc2hQaXhWZXJzaW9uPjAxMDA8L2V4aWY6Rmxhc2hQaXhWZXJzaW9uPgogICAgICAgICA8ZXhpZjpQaXhlbFlEaW1lbnNpb24+MTUwMDwvZXhpZjpQaXhlbFlEaW1lbnNpb24+CiAgICAgICAgIDxleGlmOkNvbXBvbmVudHNDb25maWd1cmF0aW9uPgogICAgICAgICAgICA8cmRmOlNlcT4KICAgICAgICAgICAgICAgPHJkZjpsaT4xPC9yZGY6bGk+CiAgICAgICAgICAgICAgIDxyZGY6bGk+MjwvcmRmOmxpPgogICAgICAgICAgICAgICA8cmRmOmxpPjM8L3JkZjpsaT4KICAgICAgICAgICAgICAgPHJkZjpsaT4wPC9yZGY6bGk+CiAgICAgICAgICAgIDwvcmRmOlNlcT4KICAgICAgICAgPC9leGlmOkNvbXBvbmVudHNDb25maWd1cmF0aW9uPgogICAgICAgICA8eG1wOkNyZWF0b3JUb29sPkNhbnZhIGRvYz1EQUhHalBONjNfSSB1c2VyPVVBR2VWWE5ScTRJIGJyYW5kPUJBR2VWYm9kcURJPC94bXA6Q3JlYXRvclRvb2w+CiAgICAgICAgIDx0aWZmOlJlc29sdXRpb25Vbml0PjI8L3RpZmY6UmVzb2x1dGlvblVuaXQ+CiAgICAgICAgIDx0aWZmOk9yaWVudGF0aW9uPjE8L3RpZmY6T3JpZW50YXRpb24+CiAgICAgICAgIDx0aWZmOlhSZXNvbHV0aW9uPjk2PC90aWZmOlhSZXNvbHV0aW9uPgogICAgICAgICA8dGlmZjpZUmVzb2x1dGlvbj45NjwvdGlmZjpZUmVzb2x1dGlvbj4KICAgICAgICAgPGRjOnRpdGxlPgogICAgICAgICAgICA8cmRmOkFsdD4KICAgICAgICAgICAgICAgPHJkZjpsaSB4bWw6bGFuZz0ieC1kZWZhdWx0Ij5Qcm9nZXR0byBzZW56YSB0aXRvbG8gLSAxPC9yZGY6bGk+CiAgICAgICAgICAgIDwvcmRmOkFsdD4KICAgICAgICAgPC9kYzp0aXRsZT4KICAgICAgICAgPGRjOmNyZWF0b3I+CiAgICAgICAgICAgIDxyZGY6U2VxPgogICAgICAgICAgICAgICA8cmRmOmxpPlRvbW1hc28gQmVydG9jY2hpPC9yZGY6bGk+CiAgICAgICAgICAgIDwvcmRmOlNlcT4KICAgICAgICAgPC9kYzpjcmVhdG9yPgogICAgICA8L3JkZjpEZXNjcmlwdGlvbj4KICAgPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4Kn4j/DQAAAeFJREFUKBWtUjtrFFEU/u68Z5zs7LLPhEgEG0ljETGFImgnNhKsYiEBLYU0KqiERaxEQbcRK8HCiH/AUrFVEEQQ0YiurvvIRp2d2ZnZeezJzIZZSAxi4S3uOffc73zfOede4H8vImJ/4/zj8t7Tc3MdixaYJ70RcsaL6uKd7m4E3M6g6TgrduBf7TQbF463zQX//rXDOzHJeZvixdrJTC7a89hreqdO62VntlzUZD+MAsd96HDqcuXS7X5KIqROYi8fWgom1nsFcX4SimFoYbeF4P1bXhUH54Mw+BZDbqT4can0HEIh7C4rhdx8xMtwbRv+18/wLROm08dgODz7sVaT08SRYjJB/+Wjm+KHzpWNxiswXQE/sxcYAoHVBjERJHIZs/NOiRMHSfKW4u+7hr9uLXk/XUCSwHEcqNWCVNkHafYIpHwJvKquTZ84GqaKW4nZZuS7Zhj0TbC8AfBirJqBV6+DYi7SJ6GVZuaMbOkZ/XitjRUZu2UNNXFVmVBAn9bANroQBA5CpQyKeyTPhZTVFebZByAbo/bGU6XWl2qvOE2cyo6xYtaPdPaEK04dVGR5kTxbo1+dJvrSCsuf6SWK295xVD/FMQYa+fHWfnB9v+4MDNP8Xp+qru76i1LsP9lNSkO4P3HUKYoAAAAASUVORK5CYII=)](https://github.com/pompelmi/pompelmi)
 ```
 
 ## HTML
 
 ```html
 <a href="https://github.com/pompelmi/pompelmi">
-  <img src="https://img.shields.io/badge/scanned%20by-pompelmi-orange?logo=github" alt="Scanned by pompelmi">
+  <img src="https://img.shields.io/badge/scanned%20by-pompelmi-orange?logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAA4AAAAOCAYAAAAfSC3RAAAAAXNSR0IArs4c6QAAAQxlWElmTU0AKgAAAAgABwESAAMAAAABAAEAAAEaAAUAAAABAAAAYgEbAAUAAAABAAAAagEoAAMAAAABAAIAAAExAAIAAAA5AAAAcgE7AAIAAAASAAAArIdpAAQAAAABAAAAvgAAAAAAAABgAAAAAQAAAGAAAAABQ2FudmEgZG9jPURBSEdqUE42M19JIHVzZXI9VUFHZVZYTlJxNEkgYnJhbmQ9QkFHZVZib2RxREkAAFRvbW1hc28gQmVydG9jY2hpAAAGkAAABwAAAAQwMjEwkQEABwAAAAQBAgMAoAAABwAAAAQwMTAwoAEAAwAAAAEAAQAAoAIABAAAAAEAAAAOoAMABAAAAAEAAAAOAAAAAOn+IX8AAAAJcEhZcwAADsQAAA7EAZUrDhsAAAZHaVRYdFhNTDpjb20uYWRvYmUueG1wAAAAAAA8eDp4bXBtZXRhIHhtbG5zOng9ImFkb2JlOm5zOm1ldGEvIiB4OnhtcHRrPSJYTVAgQ29yZSA2LjAuMCI+CiAgIDxyZGY6UkRGIHhtbG5zOnJkZj0iaHR0cDovL3d3dy53My5vcmcvMTk5OS8wMi8yMi1yZGYtc3ludGF4LW5zIyI+CiAgICAgIDxyZGY6RGVzY3JpcHRpb24gcmRmOmFib3V0PSIiCiAgICAgICAgICAgIHhtbG5zOmV4aWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20vZXhpZi8xLjAvIgogICAgICAgICAgICB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iCiAgICAgICAgICAgIHhtbG5zOnRpZmY9Imh0dHA6Ly9ucy5hZG9iZS5jb20vdGlmZi8xLjAvIgogICAgICAgICAgICB4bWxuczpkYz0iaHR0cDovL3B1cmwub3JnL2RjL2VsZW1lbnRzLzEuMS8iPgogICAgICAgICA8ZXhpZjpDb2xvclNwYWNlPjY1NTM1PC9leGlmOkNvbG9yU3BhY2U+CiAgICAgICAgIDxleGlmOlBpeGVsWERpbWVuc2lvbj4xNTAwPC9leGlmOlBpeGVsWERpbWVuc2lvbj4KICAgICAgICAgPGV4aWY6RXhpZlZlcnNpb24+MDIxMDwvZXhpZjpFeGlmVmVyc2lvbj4KICAgICAgICAgPGV4aWY6Rmxhc2hQaXhWZXJzaW9uPjAxMDA8L2V4aWY6Rmxhc2hQaXhWZXJzaW9uPgogICAgICAgICA8ZXhpZjpQaXhlbFlEaW1lbnNpb24+MTUwMDwvZXhpZjpQaXhlbFlEaW1lbnNpb24+CiAgICAgICAgIDxleGlmOkNvbXBvbmVudHNDb25maWd1cmF0aW9uPgogICAgICAgICAgICA8cmRmOlNlcT4KICAgICAgICAgICAgICAgPHJkZjpsaT4xPC9yZGY6bGk+CiAgICAgICAgICAgICAgIDxyZGY6bGk+MjwvcmRmOmxpPgogICAgICAgICAgICAgICA8cmRmOmxpPjM8L3JkZjpsaT4KICAgICAgICAgICAgICAgPHJkZjpsaT4wPC9yZGY6bGk+CiAgICAgICAgICAgIDwvcmRmOlNlcT4KICAgICAgICAgPC9leGlmOkNvbXBvbmVudHNDb25maWd1cmF0aW9uPgogICAgICAgICA8eG1wOkNyZWF0b3JUb29sPkNhbnZhIGRvYz1EQUhHalBONjNfSSB1c2VyPVVBR2VWWE5ScTRJIGJyYW5kPUJBR2VWYm9kcURJPC94bXA6Q3JlYXRvclRvb2w+CiAgICAgICAgIDx0aWZmOlJlc29sdXRpb25Vbml0PjI8L3RpZmY6UmVzb2x1dGlvblVuaXQ+CiAgICAgICAgIDx0aWZmOk9yaWVudGF0aW9uPjE8L3RpZmY6T3JpZW50YXRpb24+CiAgICAgICAgIDx0aWZmOlhSZXNvbHV0aW9uPjk2PC90aWZmOlhSZXNvbHV0aW9uPgogICAgICAgICA8dGlmZjpZUmVzb2x1dGlvbj45NjwvdGlmZjpZUmVzb2x1dGlvbj4KICAgICAgICAgPGRjOnRpdGxlPgogICAgICAgICAgICA8cmRmOkFsdD4KICAgICAgICAgICAgICAgPHJkZjpsaSB4bWw6bGFuZz0ieC1kZWZhdWx0Ij5Qcm9nZXR0byBzZW56YSB0aXRvbG8gLSAxPC9yZGY6bGk+CiAgICAgICAgICAgIDwvcmRmOkFsdD4KICAgICAgICAgPC9kYzp0aXRsZT4KICAgICAgICAgPGRjOmNyZWF0b3I+CiAgICAgICAgICAgIDxyZGY6U2VxPgogICAgICAgICAgICAgICA8cmRmOmxpPlRvbW1hc28gQmVydG9jY2hpPC9yZGY6bGk+CiAgICAgICAgICAgIDwvcmRmOlNlcT4KICAgICAgICAgPC9kYzpjcmVhdG9yPgogICAgICA8L3JkZjpEZXNjcmlwdGlvbj4KICAgPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4Kn4j/DQAAAeFJREFUKBWtUjtrFFEU/u68Z5zs7LLPhEgEG0ljETGFImgnNhKsYiEBLYU0KqiERaxEQbcRK8HCiH/AUrFVEEQQ0YiurvvIRp2d2ZnZeezJzIZZSAxi4S3uOffc73zfOede4H8vImJ/4/zj8t7Tc3MdixaYJ70RcsaL6uKd7m4E3M6g6TgrduBf7TQbF463zQX//rXDOzHJeZvixdrJTC7a89hreqdO62VntlzUZD+MAsd96HDqcuXS7X5KIqROYi8fWgom1nsFcX4SimFoYbeF4P1bXhUH54Mw+BZDbqT4can0HEIh7C4rhdx8xMtwbRv+18/wLROm08dgODz7sVaT08SRYjJB/+Wjm+KHzpWNxiswXQE/sxcYAoHVBjERJHIZs/NOiRMHSfKW4u+7hr9uLXk/XUCSwHEcqNWCVNkHafYIpHwJvKquTZ84GqaKW4nZZuS7Zhj0TbC8AfBirJqBV6+DYi7SJ6GVZuaMbOkZ/XitjRUZu2UNNXFVmVBAn9bANroQBA5CpQyKeyTPhZTVFebZByAbo/bGU6XWl2qvOE2cyo6xYtaPdPaEK04dVGR5kTxbo1+dJvrSCsuf6SWK295xVD/FMQYa+fHWfnB9v+4MDNP8Xp+qru76i1LsP9lNSkO4P3HUKYoAAAAASUVORK5CYII=" alt="Scanned by pompelmi">
 </a>
 ```
 
 ## RST (reStructuredText)
 
 ```rst
-.. image:: https://img.shields.io/badge/scanned%20by-pompelmi-orange?logo=github
+.. image:: https://img.shields.io/badge/scanned%20by-pompelmi-orange?logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAA4AAAAOCAYAAAAfSC3RAAAAAXNSR0IArs4c6QAAAQxlWElmTU0AKgAAAAgABwESAAMAAAABAAEAAAEaAAUAAAABAAAAYgEbAAUAAAABAAAAagEoAAMAAAABAAIAAAExAAIAAAA5AAAAcgE7AAIAAAASAAAArIdpAAQAAAABAAAAvgAAAAAAAABgAAAAAQAAAGAAAAABQ2FudmEgZG9jPURBSEdqUE42M19JIHVzZXI9VUFHZVZYTlJxNEkgYnJhbmQ9QkFHZVZib2RxREkAAFRvbW1hc28gQmVydG9jY2hpAAAGkAAABwAAAAQwMjEwkQEABwAAAAQBAgMAoAAABwAAAAQwMTAwoAEAAwAAAAEAAQAAoAIABAAAAAEAAAAOoAMABAAAAAEAAAAOAAAAAOn+IX8AAAAJcEhZcwAADsQAAA7EAZUrDhsAAAZHaVRYdFhNTDpjb20uYWRvYmUueG1wAAAAAAA8eDp4bXBtZXRhIHhtbG5zOng9ImFkb2JlOm5zOm1ldGEvIiB4OnhtcHRrPSJYTVAgQ29yZSA2LjAuMCI+CiAgIDxyZGY6UkRGIHhtbG5zOnJkZj0iaHR0cDovL3d3dy53My5vcmcvMTk5OS8wMi8yMi1yZGYtc3ludGF4LW5zIyI+CiAgICAgIDxyZGY6RGVzY3JpcHRpb24gcmRmOmFib3V0PSIiCiAgICAgICAgICAgIHhtbG5zOmV4aWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20vZXhpZi8xLjAvIgogICAgICAgICAgICB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iCiAgICAgICAgICAgIHhtbG5zOnRpZmY9Imh0dHA6Ly9ucy5hZG9iZS5jb20vdGlmZi8xLjAvIgogICAgICAgICAgICB4bWxuczpkYz0iaHR0cDovL3B1cmwub3JnL2RjL2VsZW1lbnRzLzEuMS8iPgogICAgICAgICA8ZXhpZjpDb2xvclNwYWNlPjY1NTM1PC9leGlmOkNvbG9yU3BhY2U+CiAgICAgICAgIDxleGlmOlBpeGVsWERpbWVuc2lvbj4xNTAwPC9leGlmOlBpeGVsWERpbWVuc2lvbj4KICAgICAgICAgPGV4aWY6RXhpZlZlcnNpb24+MDIxMDwvZXhpZjpFeGlmVmVyc2lvbj4KICAgICAgICAgPGV4aWY6Rmxhc2hQaXhWZXJzaW9uPjAxMDA8L2V4aWY6Rmxhc2hQaXhWZXJzaW9uPgogICAgICAgICA8ZXhpZjpQaXhlbFlEaW1lbnNpb24+MTUwMDwvZXhpZjpQaXhlbFlEaW1lbnNpb24+CiAgICAgICAgIDxleGlmOkNvbXBvbmVudHNDb25maWd1cmF0aW9uPgogICAgICAgICAgICA8cmRmOlNlcT4KICAgICAgICAgICAgICAgPHJkZjpsaT4xPC9yZGY6bGk+CiAgICAgICAgICAgICAgIDxyZGY6bGk+MjwvcmRmOmxpPgogICAgICAgICAgICAgICA8cmRmOmxpPjM8L3JkZjpsaT4KICAgICAgICAgICAgICAgPHJkZjpsaT4wPC9yZGY6bGk+CiAgICAgICAgICAgIDwvcmRmOlNlcT4KICAgICAgICAgPC9leGlmOkNvbXBvbmVudHNDb25maWd1cmF0aW9uPgogICAgICAgICA8eG1wOkNyZWF0b3JUb29sPkNhbnZhIGRvYz1EQUhHalBONjNfSSB1c2VyPVVBR2VWWE5ScTRJIGJyYW5kPUJBR2VWYm9kcURJPC94bXA6Q3JlYXRvclRvb2w+CiAgICAgICAgIDx0aWZmOlJlc29sdXRpb25Vbml0PjI8L3RpZmY6UmVzb2x1dGlvblVuaXQ+CiAgICAgICAgIDx0aWZmOk9yaWVudGF0aW9uPjE8L3RpZmY6T3JpZW50YXRpb24+CiAgICAgICAgIDx0aWZmOlhSZXNvbHV0aW9uPjk2PC90aWZmOlhSZXNvbHV0aW9uPgogICAgICAgICA8dGlmZjpZUmVzb2x1dGlvbj45NjwvdGlmZjpZUmVzb2x1dGlvbj4KICAgICAgICAgPGRjOnRpdGxlPgogICAgICAgICAgICA8cmRmOkFsdD4KICAgICAgICAgICAgICAgPHJkZjpsaSB4bWw6bGFuZz0ieC1kZWZhdWx0Ij5Qcm9nZXR0byBzZW56YSB0aXRvbG8gLSAxPC9yZGY6bGk+CiAgICAgICAgICAgIDwvcmRmOkFsdD4KICAgICAgICAgPC9kYzp0aXRsZT4KICAgICAgICAgPGRjOmNyZWF0b3I+CiAgICAgICAgICAgIDxyZGY6U2VxPgogICAgICAgICAgICAgICA8cmRmOmxpPlRvbW1hc28gQmVydG9jY2hpPC9yZGY6bGk+CiAgICAgICAgICAgIDwvcmRmOlNlcT4KICAgICAgICAgPC9kYzpjcmVhdG9yPgogICAgICA8L3JkZjpEZXNjcmlwdGlvbj4KICAgPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4Kn4j/DQAAAeFJREFUKBWtUjtrFFEU/u68Z5zs7LLPhEgEG0ljETGFImgnNhKsYiEBLYU0KqiERaxEQbcRK8HCiH/AUrFVEEQQ0YiurvvIRp2d2ZnZeezJzIZZSAxi4S3uOffc73zfOede4H8vImJ/4/zj8t7Tc3MdixaYJ70RcsaL6uKd7m4E3M6g6TgrduBf7TQbF463zQX//rXDOzHJeZvixdrJTC7a89hreqdO62VntlzUZD+MAsd96HDqcuXS7X5KIqROYi8fWgom1nsFcX4SimFoYbeF4P1bXhUH54Mw+BZDbqT4can0HEIh7C4rhdx8xMtwbRv+18/wLROm08dgODz7sVaT08SRYjJB/+Wjm+KHzpWNxiswXQE/sxcYAoHVBjERJHIZs/NOiRMHSfKW4u+7hr9uLXk/XUCSwHEcqNWCVNkHafYIpHwJvKquTZ84GqaKW4nZZuS7Zhj0TbC8AfBirJqBV6+DYi7SJ6GVZuaMbOkZ/XitjRUZu2UNNXFVmVBAn9bANroQBA5CpQyKeyTPhZTVFebZByAbo/bGU6XWl2qvOE2cyo6xYtaPdPaEK04dVGR5kTxbo1+dJvrSCsuf6SWK295xVD/FMQYa+fHWfnB9v+4MDNP8Xp+qru76i1LsP9lNSkO4P3HUKYoAAAAASUVORK5CYII=
    :target: https://github.com/pompelmi/pompelmi
    :alt: Scanned by pompelmi
 ```
 
 ## Preview
 
-[![Scanned by pompelmi](https://img.shields.io/badge/scanned%20by-pompelmi-orange?logo=github)](https://github.com/pompelmi/pompelmi)
+[![Scanned by pompelmi](https://img.shields.io/badge/scanned%20by-pompelmi-orange?logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAA4AAAAOCAYAAAAfSC3RAAAAAXNSR0IArs4c6QAAAQxlWElmTU0AKgAAAAgABwESAAMAAAABAAEAAAEaAAUAAAABAAAAYgEbAAUAAAABAAAAagEoAAMAAAABAAIAAAExAAIAAAA5AAAAcgE7AAIAAAASAAAArIdpAAQAAAABAAAAvgAAAAAAAABgAAAAAQAAAGAAAAABQ2FudmEgZG9jPURBSEdqUE42M19JIHVzZXI9VUFHZVZYTlJxNEkgYnJhbmQ9QkFHZVZib2RxREkAAFRvbW1hc28gQmVydG9jY2hpAAAGkAAABwAAAAQwMjEwkQEABwAAAAQBAgMAoAAABwAAAAQwMTAwoAEAAwAAAAEAAQAAoAIABAAAAAEAAAAOoAMABAAAAAEAAAAOAAAAAOn+IX8AAAAJcEhZcwAADsQAAA7EAZUrDhsAAAZHaVRYdFhNTDpjb20uYWRvYmUueG1wAAAAAAA8eDp4bXBtZXRhIHhtbG5zOng9ImFkb2JlOm5zOm1ldGEvIiB4OnhtcHRrPSJYTVAgQ29yZSA2LjAuMCI+CiAgIDxyZGY6UkRGIHhtbG5zOnJkZj0iaHR0cDovL3d3dy53My5vcmcvMTk5OS8wMi8yMi1yZGYtc3ludGF4LW5zIyI+CiAgICAgIDxyZGY6RGVzY3JpcHRpb24gcmRmOmFib3V0PSIiCiAgICAgICAgICAgIHhtbG5zOmV4aWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20vZXhpZi8xLjAvIgogICAgICAgICAgICB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iCiAgICAgICAgICAgIHhtbG5zOnRpZmY9Imh0dHA6Ly9ucy5hZG9iZS5jb20vdGlmZi8xLjAvIgogICAgICAgICAgICB4bWxuczpkYz0iaHR0cDovL3B1cmwub3JnL2RjL2VsZW1lbnRzLzEuMS8iPgogICAgICAgICA8ZXhpZjpDb2xvclNwYWNlPjY1NTM1PC9leGlmOkNvbG9yU3BhY2U+CiAgICAgICAgIDxleGlmOlBpeGVsWERpbWVuc2lvbj4xNTAwPC9leGlmOlBpeGVsWERpbWVuc2lvbj4KICAgICAgICAgPGV4aWY6RXhpZlZlcnNpb24+MDIxMDwvZXhpZjpFeGlmVmVyc2lvbj4KICAgICAgICAgPGV4aWY6Rmxhc2hQaXhWZXJzaW9uPjAxMDA8L2V4aWY6Rmxhc2hQaXhWZXJzaW9uPgogICAgICAgICA8ZXhpZjpQaXhlbFlEaW1lbnNpb24+MTUwMDwvZXhpZjpQaXhlbFlEaW1lbnNpb24+CiAgICAgICAgIDxleGlmOkNvbXBvbmVudHNDb25maWd1cmF0aW9uPgogICAgICAgICAgICA8cmRmOlNlcT4KICAgICAgICAgICAgICAgPHJkZjpsaT4xPC9yZGY6bGk+CiAgICAgICAgICAgICAgIDxyZGY6bGk+MjwvcmRmOmxpPgogICAgICAgICAgICAgICA8cmRmOmxpPjM8L3JkZjpsaT4KICAgICAgICAgICAgICAgPHJkZjpsaT4wPC9yZGY6bGk+CiAgICAgICAgICAgIDwvcmRmOlNlcT4KICAgICAgICAgPC9leGlmOkNvbXBvbmVudHNDb25maWd1cmF0aW9uPgogICAgICAgICA8eG1wOkNyZWF0b3JUb29sPkNhbnZhIGRvYz1EQUhHalBONjNfSSB1c2VyPVVBR2VWWE5ScTRJIGJyYW5kPUJBR2VWYm9kcURJPC94bXA6Q3JlYXRvclRvb2w+CiAgICAgICAgIDx0aWZmOlJlc29sdXRpb25Vbml0PjI8L3RpZmY6UmVzb2x1dGlvblVuaXQ+CiAgICAgICAgIDx0aWZmOk9yaWVudGF0aW9uPjE8L3RpZmY6T3JpZW50YXRpb24+CiAgICAgICAgIDx0aWZmOlhSZXNvbHV0aW9uPjk2PC90aWZmOlhSZXNvbHV0aW9uPgogICAgICAgICA8dGlmZjpZUmVzb2x1dGlvbj45NjwvdGlmZjpZUmVzb2x1dGlvbj4KICAgICAgICAgPGRjOnRpdGxlPgogICAgICAgICAgICA8cmRmOkFsdD4KICAgICAgICAgICAgICAgPHJkZjpsaSB4bWw6bGFuZz0ieC1kZWZhdWx0Ij5Qcm9nZXR0byBzZW56YSB0aXRvbG8gLSAxPC9yZGY6bGk+CiAgICAgICAgICAgIDwvcmRmOkFsdD4KICAgICAgICAgPC9kYzp0aXRsZT4KICAgICAgICAgPGRjOmNyZWF0b3I+CiAgICAgICAgICAgIDxyZGY6U2VxPgogICAgICAgICAgICAgICA8cmRmOmxpPlRvbW1hc28gQmVydG9jY2hpPC9yZGY6bGk+CiAgICAgICAgICAgIDwvcmRmOlNlcT4KICAgICAgICAgPC9kYzpjcmVhdG9yPgogICAgICA8L3JkZjpEZXNjcmlwdGlvbj4KICAgPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4Kn4j/DQAAAeFJREFUKBWtUjtrFFEU/u68Z5zs7LLPhEgEG0ljETGFImgnNhKsYiEBLYU0KqiERaxEQbcRK8HCiH/AUrFVEEQQ0YiurvvIRp2d2ZnZeezJzIZZSAxi4S3uOffc73zfOede4H8vImJ/4/zj8t7Tc3MdixaYJ70RcsaL6uKd7m4E3M6g6TgrduBf7TQbF463zQX//rXDOzHJeZvixdrJTC7a89hreqdO62VntlzUZD+MAsd96HDqcuXS7X5KIqROYi8fWgom1nsFcX4SimFoYbeF4P1bXhUH54Mw+BZDbqT4can0HEIh7C4rhdx8xMtwbRv+18/wLROm08dgODz7sVaT08SRYjJB/+Wjm+KHzpWNxiswXQE/sxcYAoHVBjERJHIZs/NOiRMHSfKW4u+7hr9uLXk/XUCSwHEcqNWCVNkHafYIpHwJvKquTZ84GqaKW4nZZuS7Zhj0TbC8AfBirJqBV6+DYi7SJ6GVZuaMbOkZ/XitjRUZu2UNNXFVmVBAn9bANroQBA5CpQyKeyTPhZTVFebZByAbo/bGU6XWl2qvOE2cyo6xYtaPdPaEK04dVGR5kTxbo1+dJvrSCsuf6SWK295xVD/FMQYa+fHWfnB9v+4MDNP8Xp+qru76i1LsP9lNSkO4P3HUKYoAAAAASUVORK5CYII=)](https://github.com/pompelmi/pompelmi)

package/README.md

@@ -15,7 +15,8 @@
   <img src="https://img.shields.io/badge/license-ISC-blue" alt="license">
   <a href="https://github.com/pompelmi/pompelmi/actions/workflows/ci.yml"><img src="https://github.com/pompelmi/pompelmi/actions/workflows/ci.yml/badge.svg" alt="CI"></a>
   <a href="https://github.com/pompelmi/pompelmi/actions/workflows/release.yml"><img src="https://github.com/pompelmi/pompelmi/actions/workflows/release.yml/badge.svg" alt="npm publish"></a>
-  <a href="https://github.com/pompelmi/pompelmi"><img src="https://img.shields.io/badge/scanned%20by-pompelmi-orange?logo=github" alt="Scanned by pompelmi"></a>
+  <img src="https://img.shields.io/badge/TypeScript-types%20included-3178c6?logo=typescript&logoColor=white" alt="TypeScript types included">
+  <a href="https://github.com/pompelmi/pompelmi"><img src="https://img.shields.io/badge/scanned%20by-pompelmi-orange?logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAA4AAAAOCAYAAAAfSC3RAAAAAXNSR0IArs4c6QAAAQxlWElmTU0AKgAAAAgABwESAAMAAAABAAEAAAEaAAUAAAABAAAAYgEbAAUAAAABAAAAagEoAAMAAAABAAIAAAExAAIAAAA5AAAAcgE7AAIAAAASAAAArIdpAAQAAAABAAAAvgAAAAAAAABgAAAAAQAAAGAAAAABQ2FudmEgZG9jPURBSEdqUE42M19JIHVzZXI9VUFHZVZYTlJxNEkgYnJhbmQ9QkFHZVZib2RxREkAAFRvbW1hc28gQmVydG9jY2hpAAAGkAAABwAAAAQwMjEwkQEABwAAAAQBAgMAoAAABwAAAAQwMTAwoAEAAwAAAAEAAQAAoAIABAAAAAEAAAAOoAMABAAAAAEAAAAOAAAAAOn+IX8AAAAJcEhZcwAADsQAAA7EAZUrDhsAAAZHaVRYdFhNTDpjb20uYWRvYmUueG1wAAAAAAA8eDp4bXBtZXRhIHhtbG5zOng9ImFkb2JlOm5zOm1ldGEvIiB4OnhtcHRrPSJYTVAgQ29yZSA2LjAuMCI+CiAgIDxyZGY6UkRGIHhtbG5zOnJkZj0iaHR0cDovL3d3dy53My5vcmcvMTk5OS8wMi8yMi1yZGYtc3ludGF4LW5zIyI+CiAgICAgIDxyZGY6RGVzY3JpcHRpb24gcmRmOmFib3V0PSIiCiAgICAgICAgICAgIHhtbG5zOmV4aWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20vZXhpZi8xLjAvIgogICAgICAgICAgICB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iCiAgICAgICAgICAgIHhtbG5zOnRpZmY9Imh0dHA6Ly9ucy5hZG9iZS5jb20vdGlmZi8xLjAvIgogICAgICAgICAgICB4bWxuczpkYz0iaHR0cDovL3B1cmwub3JnL2RjL2VsZW1lbnRzLzEuMS8iPgogICAgICAgICA8ZXhpZjpDb2xvclNwYWNlPjY1NTM1PC9leGlmOkNvbG9yU3BhY2U+CiAgICAgICAgIDxleGlmOlBpeGVsWERpbWVuc2lvbj4xNTAwPC9leGlmOlBpeGVsWERpbWVuc2lvbj4KICAgICAgICAgPGV4aWY6RXhpZlZlcnNpb24+MDIxMDwvZXhpZjpFeGlmVmVyc2lvbj4KICAgICAgICAgPGV4aWY6Rmxhc2hQaXhWZXJzaW9uPjAxMDA8L2V4aWY6Rmxhc2hQaXhWZXJzaW9uPgogICAgICAgICA8ZXhpZjpQaXhlbFlEaW1lbnNpb24+MTUwMDwvZXhpZjpQaXhlbFlEaW1lbnNpb24+CiAgICAgICAgIDxleGlmOkNvbXBvbmVudHNDb25maWd1cmF0aW9uPgogICAgICAgICAgICA8cmRmOlNlcT4KICAgICAgICAgICAgICAgPHJkZjpsaT4xPC9yZGY6bGk+CiAgICAgICAgICAgICAgIDxyZGY6bGk+MjwvcmRmOmxpPgogICAgICAgICAgICAgICA8cmRmOmxpPjM8L3JkZjpsaT4KICAgICAgICAgICAgICAgPHJkZjpsaT4wPC9yZGY6bGk+CiAgICAgICAgICAgIDwvcmRmOlNlcT4KICAgICAgICAgPC9leGlmOkNvbXBvbmVudHNDb25maWd1cmF0aW9uPgogICAgICAgICA8eG1wOkNyZWF0b3JUb29sPkNhbnZhIGRvYz1EQUhHalBONjNfSSB1c2VyPVVBR2VWWE5ScTRJIGJyYW5kPUJBR2VWYm9kcURJPC94bXA6Q3JlYXRvclRvb2w+CiAgICAgICAgIDx0aWZmOlJlc29sdXRpb25Vbml0PjI8L3RpZmY6UmVzb2x1dGlvblVuaXQ+CiAgICAgICAgIDx0aWZmOk9yaWVudGF0aW9uPjE8L3RpZmY6T3JpZW50YXRpb24+CiAgICAgICAgIDx0aWZmOlhSZXNvbHV0aW9uPjk2PC90aWZmOlhSZXNvbHV0aW9uPgogICAgICAgICA8dGlmZjpZUmVzb2x1dGlvbj45NjwvdGlmZjpZUmVzb2x1dGlvbj4KICAgICAgICAgPGRjOnRpdGxlPgogICAgICAgICAgICA8cmRmOkFsdD4KICAgICAgICAgICAgICAgPHJkZjpsaSB4bWw6bGFuZz0ieC1kZWZhdWx0Ij5Qcm9nZXR0byBzZW56YSB0aXRvbG8gLSAxPC9yZGY6bGk+CiAgICAgICAgICAgIDwvcmRmOkFsdD4KICAgICAgICAgPC9kYzp0aXRsZT4KICAgICAgICAgPGRjOmNyZWF0b3I+CiAgICAgICAgICAgIDxyZGY6U2VxPgogICAgICAgICAgICAgICA8cmRmOmxpPlRvbW1hc28gQmVydG9jY2hpPC9yZGY6bGk+CiAgICAgICAgICAgIDwvcmRmOlNlcT4KICAgICAgICAgPC9kYzpjcmVhdG9yPgogICAgICA8L3JkZjpEZXNjcmlwdGlvbj4KICAgPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4Kn4j/DQAAAeFJREFUKBWtUjtrFFEU/u68Z5zs7LLPhEgEG0ljETGFImgnNhKsYiEBLYU0KqiERaxEQbcRK8HCiH/AUrFVEEQQ0YiurvvIRp2d2ZnZeezJzIZZSAxi4S3uOffc73zfOede4H8vImJ/4/zj8t7Tc3MdixaYJ70RcsaL6uKd7m4E3M6g6TgrduBf7TQbF463zQX//rXDOzHJeZvixdrJTC7a89hreqdO62VntlzUZD+MAsd96HDqcuXS7X5KIqROYi8fWgom1nsFcX4SimFoYbeF4P1bXhUH54Mw+BZDbqT4can0HEIh7C4rhdx8xMtwbRv+18/wLROm08dgODz7sVaT08SRYjJB/+Wjm+KHzpWNxiswXQE/sxcYAoHVBjERJHIZs/NOiRMHSfKW4u+7hr9uLXk/XUCSwHEcqNWCVNkHafYIpHwJvKquTZ84GqaKW4nZZuS7Zhj0TbC8AfBirJqBV6+DYi7SJ6GVZuaMbOkZ/XitjRUZu2UNNXFVmVBAn9bANroQBA5CpQyKeyTPhZTVFebZByAbo/bGU6XWl2qvOE2cyo6xYtaPdPaEK04dVGR5kTxbo1+dJvrSCsuf6SWK295xVD/FMQYa+fHWfnB9v+4MDNP8Xp+qru76i1LsP9lNSkO4P3HUKYoAAAAASUVORK5CYII=" alt="Scanned by pompelmi"></a>
 </p>
 
 ---
@@ -26,6 +27,7 @@
 |-------|-------------|
 | [Getting Started](./docs/getting-started.md) | Installation, prerequisites, quickstart examples |
 | [API Reference](./docs/api.md) | Full function signatures, options, verdicts, error conditions |
+| [S3 Integration](./docs/s3.md) | Scan S3 objects directly, IAM setup, Lambda pattern |
 | [Docker / Remote Scanning](./docs/docker.md) | TCP sidecar, UNIX socket mount, docker-compose patterns |
 | [GitHub Action](./docs/github-action.md) | CI scanning, inputs/outputs, caching, example workflows |
 
@@ -58,6 +60,10 @@ Most integrations require parsing ClamAV's stdout with regex, managing a clamd d
 - `scanBuffer(buffer, [options])` — scan in-memory Buffers directly, no temp file required in TCP mode
 - `scanStream(stream, [options])` — scan a Readable stream directly. In TCP mode, streamed to clamd with no disk I/O.
 - `scanDirectory(dirPath, [options])` — recursively scan every file in a directory, returns clean/malicious/errors arrays
+- `scanS3(params, [options])` — scan S3 objects by streaming directly from AWS S3, no disk I/O
+- `createPool([options])` — persistent connection pool for high-throughput clamd scanning
+- `watch(dirPath, [options], callbacks)` — watch a directory and auto-scan new/modified files (300 ms debounce)
+- Auto-retry on connection error — `retries` and `retryDelay` options on every scan function
 - Symbol-based verdicts (`Verdict.Clean` / `Verdict.Malicious` / `Verdict.ScanError`) — typo-proof comparisons
 - Full clamd support via the INSTREAM protocol — TCP (`host`/`port`) or UNIX socket (`socket`) with configurable timeout
 - Built-in helpers to install ClamAV and update virus definitions programmatically
@@ -295,12 +301,14 @@ See **[docs/docker.md](./docs/docker.md)** for Docker Compose examples, UNIX soc
 
 pompelmi has no configuration file or environment variables. All options are passed directly to `scan()`.
 
-| Option    | Type     | Default         | Description                            |
-|-----------|----------|-----------------|----------------------------------------|
-| `socket`  | `string` | —               | Path to a clamd UNIX domain socket (e.g. `/run/clamav/clamd.sock`). Takes precedence over `host`/`port` when set. |
-| `host`    | `string` | —               | clamd hostname. Enables TCP mode when set. |
-| `port`    | `number` | `3310`          | clamd port.                            |
-| `timeout` | `number` | `15000`         | Socket idle timeout in milliseconds (clamd mode only). |
+| Option       | Type     | Default | Description                            |
+|--------------|----------|---------|----------------------------------------|
+| `socket`     | `string` | —       | Path to a clamd UNIX domain socket (e.g. `/run/clamav/clamd.sock`). Takes precedence over `host`/`port` when set. |
+| `host`       | `string` | —       | clamd hostname. Enables TCP mode when set. |
+| `port`       | `number` | `3310`  | clamd port.                            |
+| `timeout`    | `number` | `15000` | Socket idle timeout in milliseconds (clamd mode only). |
+| `retries`    | `number` | `0`     | Automatic retry attempts on connection error. |
+| `retryDelay` | `number` | `1000`  | Milliseconds to wait between retries. |
 
 When none of `socket`, `host`, or `port` is provided, pompelmi spawns `clamscan --no-summary <filePath>` locally.
 
@@ -312,12 +320,15 @@ See **[docs/api.md](./docs/api.md)** for the full reference: function signatures
 
 **Quick summary:**
 
-| Function | Input | clamd mode disk I/O |
-|----------|-------|---------------------|
-| `scan(filePath, [options])` | File path on disk | None (streamed) |
+| Function | Input | Disk I/O |
+|----------|-------|----------|
+| `scan(filePath, [options])` | File path on disk | None in clamd mode (streamed) |
 | `scanBuffer(buffer, [options])` | `Buffer` | None (streamed) |
 | `scanStream(stream, [options])` | Node.js `Readable` | None (streamed) |
-| `scanDirectory(dirPath, [options])` | Directory path | None (streamed) |
+| `scanDirectory(dirPath, [options])` | Directory path | None in clamd mode |
+| `scanS3(params, [options])` | S3 bucket + key | None (streamed from S3) |
+| `createPool([options])` | — | Returns a `ClamdPool` |
+| `watch(dirPath, [options], callbacks)` | Directory path | None in clamd mode |
 
 All four functions accept the same `options` object and resolve to the same three verdict Symbols:
 
@@ -346,7 +357,19 @@ choco install clamav -y
 
 ## Examples
 
-The [`examples/`](./examples/) directory contains standalone runnable scripts. Each can be run with `node examples/<name>.js`.
+The [`examples/`](./examples/) directory contains standalone runnable scripts and framework-specific starters.
+
+### Framework starters
+
+| Directory | Description |
+|-----------|-------------|
+| [`examples/express/`](./examples/express/) | Full Express app with multer + pompelmi middleware |
+| [`examples/nextjs/`](./examples/nextjs/) | Next.js API route that scans raw upload bytes |
+| [`examples/nestjs/`](./examples/nestjs/) | NestJS guard wrapping pompelmi for route-level protection |
+
+### Standalone scripts
+
+Each can be run with `node examples/<name>.js`.
 
 | File | Description |
 |------|-------------|
@@ -370,7 +393,7 @@ The [`examples/`](./examples/) directory contains standalone runnable scripts. E
 | `scan-zip.js` | ZIP archive scan (ClamAV recurses automatically) |
 | `install-clamav.js` | Programmatic ClamAV installation |
 | `update-virus-database.js` | Programmatic virus DB update |
-| `typescript-usage.ts` | TypeScript example with inline type declarations |
+| `typescript-usage.ts` | TypeScript example with full type declarations |
 
 ---
 
@@ -412,6 +435,7 @@ Scan any repository for viruses on every push or pull request — ClamAV is bund
 |-------|-------------|---------|
 | `path` | Directory or file to scan | `.` (full workspace) |
 | `fail-on-virus` | Fail the workflow step when infected files are found | `true` |
+| `comment-on-pr` | Post a PR comment listing infected files (requires `GITHUB_TOKEN`) | `true` |
 
 ### Outputs
 
@@ -457,6 +481,13 @@ Please read [CODE_OF_CONDUCT.md](./CODE_OF_CONDUCT.md) before contributing. To r
 
 ---
 
+## Coming soon
+
+- [ ] Cloudflare Workers support — edge-native scanning via the clamd TCP protocol
+- [ ] NestJS official module — `PompelmiModule.forRoot()` with injectable `PompelmiService`
+
+---
+
 ## License
 
 [ISC](./LICENSE) — © pompelmi contributors

package/action/scanner.js

@@ -6,6 +6,7 @@ const { scan, scanDirectory, Verdict } = require('pompelmi');
 
 const scanPath    = process.argv[2] || '.';
 const failOnVirus = process.argv[3] !== 'false';
+const commentOnPr = process.argv[4] !== 'false';
 
 async function writeReport(clean, malicious, errors, outputDir) {
     const total  = clean.length + malicious.length + errors.length;
@@ -67,6 +68,60 @@ function escHtml(s) {
     return s.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
 }
 
+async function postPrComment(malicious) {
+    if (!commentOnPr) return;
+
+    const token     = process.env.GITHUB_TOKEN;
+    const eventName = process.env.GITHUB_EVENT_NAME;
+    if (!token || eventName !== 'pull_request') return;
+
+    const eventPath = process.env.GITHUB_EVENT_PATH;
+    if (!eventPath || !fs.existsSync(eventPath)) return;
+
+    let event;
+    try { event = JSON.parse(fs.readFileSync(eventPath, 'utf8')); }
+    catch { return; }
+
+    const prNumber = event.pull_request && event.pull_request.number;
+    const repo     = process.env.GITHUB_REPOSITORY;
+    if (!prNumber || !repo) return;
+
+    const rows = malicious
+        .map(f => `| \`${escHtml(f)}\` | Malicious |`)
+        .join('\n');
+    const body =
+        `## ❌ Pompelmi: Virus Detected\n\n` +
+        `The following infected file(s) were found during the scan:\n\n` +
+        `| File | Verdict |\n|------|--------|\n${rows}\n\n` +
+        `> Scanned by [pompelmi](https://pompelmi.app)`;
+
+    const https   = require('https');
+    const payload = JSON.stringify({ body });
+
+    await new Promise((resolve, reject) => {
+        const req = https.request({
+            hostname: 'api.github.com',
+            path:     `/repos/${repo}/issues/${prNumber}/comments`,
+            method:   'POST',
+            headers: {
+                'Authorization': `Bearer ${token}`,
+                'Content-Type':  'application/json',
+                'Content-Length': Buffer.byteLength(payload),
+                'User-Agent':    'pompelmi-action',
+                'Accept':        'application/vnd.github+json',
+                'X-GitHub-Api-Version': '2022-11-28',
+            },
+        }, (res) => {
+            res.resume();
+            if (res.statusCode >= 200 && res.statusCode < 300) resolve();
+            else reject(new Error(`GitHub API returned HTTP ${res.statusCode}`));
+        });
+        req.on('error', reject);
+        req.write(payload);
+        req.end();
+    }).catch(err => console.warn(`Could not post PR comment: ${err.message}`));
+}
+
 async function uploadArtifact(jsonPath, htmlPath) {
     try {
         const { DefaultArtifactClient } = require('@actions/artifact');
@@ -152,6 +207,7 @@ async function main() {
     if (malicious.length > 0) {
         console.error('\nInfected files:');
         malicious.forEach(f => console.error(`  ${f}`));
+        await postPrComment(malicious);
         if (failOnVirus) {
             console.error('\n::error::Virus(es) detected — failing workflow.');
             process.exit(1);

package/action.yml

@@ -14,6 +14,10 @@ inputs:
     description: 'Fail the workflow step when infected files are found'
     required: false
     default: 'true'
+  comment-on-pr:
+    description: 'Post a PR comment listing infected files when a virus is found (requires GITHUB_TOKEN)'
+    required: false
+    default: 'true'
 
 outputs:
   infected-files:
@@ -27,3 +31,4 @@ runs:
   args:
     - ${{ inputs.path }}
     - ${{ inputs.fail-on-virus }}
+    - ${{ inputs.comment-on-pr }}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pompelmi",
-  "version": "1.8.0",
+  "version": "1.10.0",
   "description": "ClamAV for humans — scan any file and get back Clean, Malicious, or ScanError. No daemons. No cloud. No native bindings.",
   "license": "ISC",
   "author": "pompelmi contributors",
@@ -32,6 +32,7 @@
   ],
   "type": "commonjs",
   "main": "./src/index.js",
+  "types": "./types/index.d.ts",
   "scripts": {
     "test": "node --test test/unit.test.js && node test/scan.test.js",
     "lint": "eslint src/"

package/src/BufferScanner.js

@@ -26,45 +26,59 @@ function parseClamdResponse(raw) {
  * @param {number} [options.timeout=15000]
  * @returns {Promise<symbol>}
  */
-function scanBufferViaClamd(buffer, { host = '127.0.0.1', port = 3310, socket: socketPath, timeout = 15_000 } = {}) {
-    return new Promise((resolve, reject) => {
-        const connOpts = socketPath ? { path: socketPath } : { host, port };
-        const conn     = net.createConnection(connOpts);
-        const chunks   = [];
-        let   settled  = false;
+function scanBufferViaClamd(buffer, options = {}) {
+    const { retries = 0, retryDelay = 1000, host = '127.0.0.1', port = 3310, socket: socketPath, timeout = 15_000 } = options;
 
-        function settle(fn, value) {
-            if (settled) return;
-            settled = true;
-            conn.destroy();
-            fn(value);
-        }
+    function attempt() {
+        return new Promise((resolve, reject) => {
+            const connOpts = socketPath ? { path: socketPath } : { host, port };
+            const conn     = net.createConnection(connOpts);
+            const chunks   = [];
+            let   settled  = false;
 
-        conn.setTimeout(timeout);
-        conn.on('timeout', () =>
-            settle(reject, new Error(`clamd connection timed out after ${timeout}ms`))
-        );
-        conn.on('error', (err) => settle(reject, err));
-        conn.on('data',  (chunk) => chunks.push(chunk));
-        conn.on('end',   () => settle(resolve, parseClamdResponse(Buffer.concat(chunks))));
+            function settle(fn, value) {
+                if (settled) return;
+                settled = true;
+                conn.destroy();
+                fn(value);
+            }
 
-        conn.on('connect', () => {
-            conn.write(CLAMD_INSTREAM);
+            conn.setTimeout(timeout);
+            conn.on('timeout', () =>
+                settle(reject, new Error(`clamd connection timed out after ${timeout}ms`))
+            );
+            conn.on('error', (err) => settle(reject, err));
+            conn.on('data',  (chunk) => chunks.push(chunk));
+            conn.on('end',   () => settle(resolve, parseClamdResponse(Buffer.concat(chunks))));
 
-            let offset = 0;
-            while (offset < buffer.length) {
-                const chunk  = buffer.slice(offset, offset + CHUNK_SIZE);
-                const header = Buffer.allocUnsafe(4);
-                header.writeUInt32BE(chunk.length, 0);
-                conn.write(header);
-                conn.write(chunk);
-                offset += chunk.length;
-            }
+            conn.on('connect', () => {
+                conn.write(CLAMD_INSTREAM);
+
+                let offset = 0;
+                while (offset < buffer.length) {
+                    const chunk  = buffer.slice(offset, offset + CHUNK_SIZE);
+                    const header = Buffer.allocUnsafe(4);
+                    header.writeUInt32BE(chunk.length, 0);
+                    conn.write(header);
+                    conn.write(chunk);
+                    offset += chunk.length;
+                }
 
-            conn.write(Buffer.alloc(4)); // terminating zero-length chunk
-            conn.end();
+                conn.write(Buffer.alloc(4)); // terminating zero-length chunk
+                conn.end();
+            });
         });
-    });
+    }
+
+    function run(left) {
+        return attempt().catch(async (err) => {
+            if (left <= 0) throw err;
+            await new Promise(r => setTimeout(r, retryDelay));
+            return run(left - 1);
+        });
+    }
+
+    return run(retries);
 }
 
 module.exports = { scanBufferViaClamd };

package/src/ClamdPool.js

@@ -0,0 +1,183 @@
+'use strict';
+
+const net  = require('net');
+const fs   = require('fs');
+const { Verdict } = require('./verdicts.js');
+
+const CLAMD_INSTREAM = Buffer.from('zINSTREAM\0');
+const CHUNK_SIZE     = 64 * 1024;
+
+function parseClamdResponse(raw) {
+    const text = raw.toString('utf8').replace(/\0/g, '').trim();
+    if (text === 'stream: OK')   return Verdict.Clean;
+    if (text.endsWith(' FOUND')) return Verdict.Malicious;
+    return Verdict.ScanError;
+}
+
+// One INSTREAM scan on a persistent socket. Does NOT call sock.end() — connection stays open.
+// Detects end-of-response via the null terminator sent by clamd (z-prefix protocol).
+function scanOnSocket(sock, sendPayload) {
+    return new Promise((resolve, reject) => {
+        const chunks = [];
+        let   done   = false;
+
+        function settle(fn, val) {
+            if (done) return;
+            done = true;
+            sock.removeListener('data',  onData);
+            sock.removeListener('end',   onEnd);
+            sock.removeListener('error', onError);
+            fn(val);
+        }
+
+        function onData(chunk) {
+            chunks.push(chunk);
+            const buf = Buffer.concat(chunks);
+            if (buf.includes(0)) settle(resolve, parseClamdResponse(buf));
+        }
+        function onEnd()      { settle(resolve, parseClamdResponse(Buffer.concat(chunks))); }
+        function onError(err) { settle(reject, err); }
+
+        sock.on('data',  onData);
+        sock.on('end',   onEnd);
+        sock.on('error', onError);
+
+        sock.write(CLAMD_INSTREAM);
+        sendPayload(sock, (err) => settle(reject, err));
+    });
+}
+
+function openConnection(connOpts, timeout) {
+    return new Promise((resolve, reject) => {
+        const sock = net.createConnection(connOpts);
+        let   done = false;
+        function settle(err) {
+            if (done) return;
+            done = true;
+            if (err) { sock.destroy(); reject(err); }
+            else resolve(sock);
+        }
+        sock.setTimeout(timeout);
+        sock.on('timeout', () => settle(new Error(`clamd connect timed out after ${timeout}ms`)));
+        sock.once('error',   (err) => settle(err));
+        sock.once('connect', () => { sock.setTimeout(0); settle(null); });
+    });
+}
+
+/**
+ * Create a pool of `size` persistent clamd connections.
+ *
+ * @param {object} [options]
+ * @param {string} [options.host='127.0.0.1']
+ * @param {number} [options.port=3310]
+ * @param {string} [options.socket]   - UNIX socket path (takes precedence over host/port)
+ * @param {number} [options.size=5]   - Maximum number of concurrent connections
+ * @param {number} [options.timeout=15000]
+ * @returns {{ scan, scanBuffer, scanStream, destroy }}
+ */
+function createPool({ host = '127.0.0.1', port = 3310, socket: socketPath, size = 5, timeout = 15_000 } = {}) {
+    const connOpts = socketPath ? { path: socketPath } : { host, port };
+    const slots    = Array.from({ length: size }, () => ({ socket: null, busy: false }));
+    const queue    = [];
+
+    function dequeue(slot) {
+        slot.busy = false;
+        if (queue.length > 0) {
+            const { fn, resolve, reject } = queue.shift();
+            runOnSlot(slot, fn).then(resolve, reject);
+        }
+    }
+
+    async function ensureConnected(slot) {
+        if (slot.socket && !slot.socket.destroyed && slot.socket.readyState === 'open') return;
+        if (slot.socket && !slot.socket.destroyed) slot.socket.destroy();
+        slot.socket = await openConnection(connOpts, timeout);
+        const sock = slot.socket;
+        sock.on('error', () => { if (slot.socket === sock) slot.socket = null; });
+    }
+
+    async function runOnSlot(slot, fn) {
+        slot.busy = true;
+        try {
+            await ensureConnected(slot);
+            return await fn(slot.socket);
+        } catch (err) {
+            if (slot.socket) { slot.socket.destroy(); slot.socket = null; }
+            throw err;
+        } finally {
+            dequeue(slot);
+        }
+    }
+
+    function enqueue(fn) {
+        return new Promise((resolve, reject) => {
+            const free = slots.find(s => !s.busy);
+            if (free) {
+                runOnSlot(free, fn).then(resolve, reject);
+            } else {
+                queue.push({ fn, resolve, reject });
+            }
+        });
+    }
+
+    return {
+        scan(filePath) {
+            if (typeof filePath !== 'string')
+                return Promise.reject(new Error('filePath must be a string'));
+            if (!fs.existsSync(filePath))
+                return Promise.reject(new Error(`File not found: ${filePath}`));
+            return enqueue((sock) => scanOnSocket(sock, (s, onErr) => {
+                const stream = fs.createReadStream(filePath, { highWaterMark: CHUNK_SIZE });
+                stream.on('error', onErr);
+                stream.on('data', (chunk) => {
+                    const hdr = Buffer.allocUnsafe(4);
+                    hdr.writeUInt32BE(chunk.length, 0);
+                    s.write(hdr);
+                    s.write(chunk);
+                });
+                stream.on('end', () => s.write(Buffer.alloc(4)));
+            }));
+        },
+
+        scanBuffer(buffer) {
+            return enqueue((sock) => scanOnSocket(sock, (s) => {
+                let offset = 0;
+                while (offset < buffer.length) {
+                    const chunk = buffer.subarray(offset, offset + CHUNK_SIZE);
+                    const hdr   = Buffer.allocUnsafe(4);
+                    hdr.writeUInt32BE(chunk.length, 0);
+                    s.write(hdr);
+                    s.write(chunk);
+                    offset += chunk.length;
+                }
+                s.write(Buffer.alloc(4));
+            }));
+        },
+
+        scanStream(stream) {
+            return enqueue((sock) => scanOnSocket(sock, (s, onErr) => {
+                stream.on('error', onErr);
+                stream.on('data', (chunk) => {
+                    const hdr = Buffer.allocUnsafe(4);
+                    hdr.writeUInt32BE(chunk.length, 0);
+                    s.write(hdr);
+                    s.write(chunk);
+                });
+                stream.on('end', () => s.write(Buffer.alloc(4)));
+            }));
+        },
+
+        destroy() {
+            for (const slot of slots) {
+                if (slot.socket) { slot.socket.destroy(); slot.socket = null; }
+                slot.busy = false;
+            }
+            while (queue.length > 0) {
+                const { reject } = queue.shift();
+                reject(new Error('Pool destroyed'));
+            }
+        },
+    };
+}
+
+module.exports = { createPool };

package/src/ClamdScanner.js

@@ -31,55 +31,69 @@ function parseClamdResponse(raw) {
  * @param {number} [options.timeout=15000]  - Socket idle timeout in ms.
  * @returns {Promise<'Clean'|'Malicious'|'ScanError'>}
  */
-function scanViaClamd(filePath, { host = '127.0.0.1', port = 3310, socket: socketPath, timeout = 15_000 } = {}) {
-    return new Promise((resolve, reject) => {
-        if (typeof filePath !== 'string') {
-            return reject(new Error('filePath must be a string'));
-        }
-        if (!fs.existsSync(filePath)) {
-            return reject(new Error(`File not found: ${filePath}`));
-        }
-
-        const connOpts   = socketPath ? { path: socketPath } : { host, port };
-        const conn       = net.createConnection(connOpts);
-        const chunks     = [];
-        let   settled    = false;
-
-        function settle(fn, value) {
-            if (settled) return;
-            settled = true;
-            conn.destroy();
-            fn(value);
-        }
-
-        conn.setTimeout(timeout);
-        conn.on('timeout', () =>
-            settle(reject, new Error(`clamd connection timed out after ${timeout}ms`))
-        );
-        conn.on('error', (err) => settle(reject, err));
-        conn.on('data',  (chunk) => chunks.push(chunk));
-        conn.on('end',   () => settle(resolve, parseClamdResponse(Buffer.concat(chunks))));
-
-        conn.on('connect', () => {
-            conn.write(CLAMD_INSTREAM);
-
-            const fileStream = fs.createReadStream(filePath, { highWaterMark: CHUNK_SIZE });
-
-            fileStream.on('error', (err) => settle(reject, err));
-
-            fileStream.on('data', (chunk) => {
-                const header = Buffer.allocUnsafe(4);
-                header.writeUInt32BE(chunk.length, 0);
-                conn.write(header);
-                conn.write(chunk);
-            });
+function scanViaClamd(filePath, options = {}) {
+    const { retries = 0, retryDelay = 1000, host = '127.0.0.1', port = 3310, socket: socketPath, timeout = 15_000 } = options;
+
+    function attempt() {
+        return new Promise((resolve, reject) => {
+            if (typeof filePath !== 'string') {
+                return reject(new Error('filePath must be a string'));
+            }
+            if (!fs.existsSync(filePath)) {
+                return reject(new Error(`File not found: ${filePath}`));
+            }
+
+            const connOpts   = socketPath ? { path: socketPath } : { host, port };
+            const conn       = net.createConnection(connOpts);
+            const chunks     = [];
+            let   settled    = false;
+
+            function settle(fn, value) {
+                if (settled) return;
+                settled = true;
+                conn.destroy();
+                fn(value);
+            }
+
+            conn.setTimeout(timeout);
+            conn.on('timeout', () =>
+                settle(reject, new Error(`clamd connection timed out after ${timeout}ms`))
+            );
+            conn.on('error', (err) => settle(reject, err));
+            conn.on('data',  (chunk) => chunks.push(chunk));
+            conn.on('end',   () => settle(resolve, parseClamdResponse(Buffer.concat(chunks))));
+
+            conn.on('connect', () => {
+                conn.write(CLAMD_INSTREAM);
 
-            fileStream.on('end', () => {
-                conn.write(Buffer.alloc(4)); // terminating zero-length chunk
-                conn.end();
+                const fileStream = fs.createReadStream(filePath, { highWaterMark: CHUNK_SIZE });
+
+                fileStream.on('error', (err) => settle(reject, err));
+
+                fileStream.on('data', (chunk) => {
+                    const header = Buffer.allocUnsafe(4);
+                    header.writeUInt32BE(chunk.length, 0);
+                    conn.write(header);
+                    conn.write(chunk);
+                });
+
+                fileStream.on('end', () => {
+                    conn.write(Buffer.alloc(4)); // terminating zero-length chunk
+                    conn.end();
+                });
             });
         });
-    });
+    }
+
+    function run(left) {
+        return attempt().catch(async (err) => {
+            if (left <= 0) throw err;
+            await new Promise(r => setTimeout(r, retryDelay));
+            return run(left - 1);
+        });
+    }
+
+    return run(retries);
 }
 
 module.exports = { scanViaClamd };

package/src/S3Scanner.js

@@ -0,0 +1,38 @@
+'use strict';
+
+const { scanStream } = require('./ClamAVScanner.js');
+const { Readable }   = require('stream');
+
+/**
+ * Scan an S3 object by streaming it directly to clamd — no disk I/O.
+ *
+ * Requires @aws-sdk/client-s3: npm install @aws-sdk/client-s3
+ *
+ * @param {{ bucket: string, key: string, region?: string, credentials?: object }} s3Params
+ * @param {object} [options] - Same options as scanStream (host, port, socket, timeout, retries, retryDelay)
+ * @returns {Promise<symbol>}
+ */
+async function scanS3({ bucket, key, region, credentials } = {}, options = {}) {
+    let S3Client, GetObjectCommand;
+    try {
+        ({ S3Client, GetObjectCommand } = require('@aws-sdk/client-s3'));
+    } catch {
+        throw new Error('Install AWS SDK: npm install @aws-sdk/client-s3');
+    }
+
+    const clientOpts = {};
+    if (region)      clientOpts.region      = region;
+    if (credentials) clientOpts.credentials = credentials;
+
+    const client   = new S3Client(clientOpts);
+    const response = await client.send(new GetObjectCommand({ Bucket: bucket, Key: key }));
+
+    const body = response.Body;
+    const stream = body instanceof Readable
+        ? body
+        : (Readable.fromWeb ? Readable.fromWeb(body) : body);
+
+    return scanStream(stream, options);
+}
+
+module.exports = { scanS3 };

package/src/StreamScanner.js

@@ -25,46 +25,60 @@ function parseClamdResponse(raw) {
  * @param {number} [options.timeout=15000]
  * @returns {Promise<symbol>}
  */
-function scanStreamViaClamd(stream, { host = '127.0.0.1', port = 3310, socket: socketPath, timeout = 15_000 } = {}) {
-    return new Promise((resolve, reject) => {
-        const connOpts = socketPath ? { path: socketPath } : { host, port };
-        const conn     = net.createConnection(connOpts);
-        const chunks   = [];
-        let   settled  = false;
+function scanStreamViaClamd(stream, options = {}) {
+    const { retries = 0, retryDelay = 1000, host = '127.0.0.1', port = 3310, socket: socketPath, timeout = 15_000 } = options;
 
-        function settle(fn, value) {
-            if (settled) return;
-            settled = true;
-            conn.destroy();
-            fn(value);
-        }
+    function attempt() {
+        return new Promise((resolve, reject) => {
+            const connOpts = socketPath ? { path: socketPath } : { host, port };
+            const conn     = net.createConnection(connOpts);
+            const chunks   = [];
+            let   settled  = false;
 
-        conn.setTimeout(timeout);
-        conn.on('timeout', () =>
-            settle(reject, new Error(`clamd connection timed out after ${timeout}ms`))
-        );
-        conn.on('error', (err) => settle(reject, err));
-        conn.on('data',  (chunk) => chunks.push(chunk));
-        conn.on('end',   () => settle(resolve, parseClamdResponse(Buffer.concat(chunks))));
+            function settle(fn, value) {
+                if (settled) return;
+                settled = true;
+                conn.destroy();
+                fn(value);
+            }
 
-        conn.on('connect', () => {
-            conn.write(CLAMD_INSTREAM);
+            conn.setTimeout(timeout);
+            conn.on('timeout', () =>
+                settle(reject, new Error(`clamd connection timed out after ${timeout}ms`))
+            );
+            conn.on('error', (err) => settle(reject, err));
+            conn.on('data',  (chunk) => chunks.push(chunk));
+            conn.on('end',   () => settle(resolve, parseClamdResponse(Buffer.concat(chunks))));
 
-            stream.on('error', (err) => settle(reject, err));
+            conn.on('connect', () => {
+                conn.write(CLAMD_INSTREAM);
 
-            stream.on('data', (chunk) => {
-                const header = Buffer.allocUnsafe(4);
-                header.writeUInt32BE(chunk.length, 0);
-                conn.write(header);
-                conn.write(chunk);
-            });
+                stream.on('error', (err) => settle(reject, err));
+
+                stream.on('data', (chunk) => {
+                    const header = Buffer.allocUnsafe(4);
+                    header.writeUInt32BE(chunk.length, 0);
+                    conn.write(header);
+                    conn.write(chunk);
+                });
 
-            stream.on('end', () => {
-                conn.write(Buffer.alloc(4)); // terminating zero-length chunk
-                conn.end();
+                stream.on('end', () => {
+                    conn.write(Buffer.alloc(4)); // terminating zero-length chunk
+                    conn.end();
+                });
             });
         });
-    });
+    }
+
+    function run(left) {
+        return attempt().catch(async (err) => {
+            if (left <= 0) throw err;
+            await new Promise(r => setTimeout(r, retryDelay));
+            return run(left - 1);
+        });
+    }
+
+    return run(retries);
 }
 
 module.exports = { scanStreamViaClamd };

package/src/Watcher.js

@@ -0,0 +1,50 @@
+'use strict';
+
+const fs   = require('fs');
+const path = require('path');
+const { scan }    = require('./ClamAVScanner.js');
+const { Verdict } = require('./verdicts.js');
+
+const DEBOUNCE_MS = 300;
+
+/**
+ * Watch a directory for new/modified files and scan each one automatically.
+ * Uses fs.watch (no dependencies) with a 300 ms debounce.
+ *
+ * @param {string} dirPath
+ * @param {object} [options] - Passed to scan() (host, port, socket, timeout, retries, retryDelay)
+ * @param {{ onClean?: Function, onMalicious?: Function, onError?: Function }} [callbacks]
+ * @returns {import('fs').FSWatcher}
+ */
+function watch(dirPath, options = {}, { onClean, onMalicious, onError } = {}) {
+    const timers = new Map();
+
+    return fs.watch(dirPath, { recursive: true }, (_eventType, filename) => {
+        if (!filename) return;
+
+        const fullPath = path.join(dirPath, filename);
+
+        if (timers.has(fullPath)) clearTimeout(timers.get(fullPath));
+
+        timers.set(fullPath, setTimeout(async () => {
+            timers.delete(fullPath);
+
+            if (!fs.existsSync(fullPath)) return;
+
+            let stat;
+            try { stat = fs.statSync(fullPath); } catch { return; }
+            if (!stat.isFile()) return;
+
+            try {
+                const verdict = await scan(fullPath, options);
+                if (verdict === Verdict.Clean)          onClean     && onClean(fullPath);
+                else if (verdict === Verdict.Malicious) onMalicious && onMalicious(fullPath);
+                else                                    onError     && onError(new Error(`ScanError for ${fullPath}`), fullPath);
+            } catch (err) {
+                onError && onError(err, fullPath);
+            }
+        }, DEBOUNCE_MS));
+    });
+}
+
+module.exports = { watch };

package/src/index.js

@@ -1,5 +1,8 @@
 const { scan, scanBuffer, scanStream, scanDirectory } = require('./ClamAVScanner.js');
 const { Verdict }                                     = require('./verdicts.js');
 const { middleware }                                  = require('./middleware.js');
+const { scanS3 }                                      = require('./S3Scanner.js');
+const { createPool }                                  = require('./ClamdPool.js');
+const { watch }                                       = require('./Watcher.js');
 
-module.exports = { scan, scanBuffer, scanStream, scanDirectory, Verdict, middleware };
+module.exports = { scan, scanBuffer, scanStream, scanDirectory, Verdict, middleware, scanS3, createPool, watch };

package/types/index.d.ts

@@ -0,0 +1,154 @@
+import { Readable } from 'stream';
+import { FSWatcher } from 'fs';
+import { IncomingMessage, ServerResponse } from 'http';
+
+/** Options passed to any scan function */
+export interface ScanOptions {
+  /** clamd hostname — enables TCP mode when set */
+  host?: string;
+  /** clamd port (default: 3310) */
+  port?: number;
+  /** Path to a clamd UNIX domain socket (e.g. /run/clamav/clamd.sock) */
+  socket?: string;
+  /** Socket idle timeout in milliseconds, clamd mode only (default: 15000) */
+  timeout?: number;
+  /** Number of retry attempts on connection error (default: 0) */
+  retries?: number;
+  /** Delay in milliseconds between retries (default: 1000) */
+  retryDelay?: number;
+}
+
+/** Options for the Express/Fastify middleware */
+export interface MiddlewareOptions extends ScanOptions {
+  /** multer field name to look for uploaded files (default: 'file') */
+  uploadField?: string;
+}
+
+/** Result returned by scanDirectory */
+export interface DirectoryScanResult {
+  /** Absolute paths of files that scanned clean */
+  clean: string[];
+  /** Absolute paths of infected files */
+  malicious: string[];
+  /** Absolute paths of files that produced a scan error */
+  errors: string[];
+}
+
+/** Opaque Symbol-based scan verdicts */
+export declare const Verdict: {
+  readonly Clean: unique symbol;
+  readonly Malicious: unique symbol;
+  readonly ScanError: unique symbol;
+};
+
+/** The type of any Verdict symbol */
+export type VerdictValue = typeof Verdict[keyof typeof Verdict];
+
+type NextFunction = (err?: unknown) => void;
+type RequestHandler = (
+  req: IncomingMessage,
+  res: ServerResponse,
+  next: NextFunction
+) => void | Promise<void>;
+
+/**
+ * Scan a file at the given path.
+ * Resolves to Verdict.Clean, Verdict.Malicious, or Verdict.ScanError.
+ * Rejects if the file is not found or clamscan is unavailable.
+ */
+export declare function scan(filePath: string, options?: ScanOptions): Promise<VerdictValue>;
+
+/**
+ * Scan an in-memory Buffer.
+ * In TCP/socket mode the buffer is streamed to clamd with no disk I/O.
+ */
+export declare function scanBuffer(buffer: Buffer, options?: ScanOptions): Promise<VerdictValue>;
+
+/**
+ * Scan a Node.js Readable stream.
+ * In TCP/socket mode the stream is piped to clamd with no disk I/O.
+ */
+export declare function scanStream(stream: Readable, options?: ScanOptions): Promise<VerdictValue>;
+
+/**
+ * Recursively scan every file under dirPath.
+ * Per-file errors are caught and collected without aborting the full scan.
+ */
+export declare function scanDirectory(
+  dirPath: string,
+  options?: ScanOptions
+): Promise<DirectoryScanResult>;
+
+/**
+ * Express / Fastify middleware that scans multer-uploaded files
+ * (req.file / req.files) and responds HTTP 403 on any infection.
+ * Call after multer, before your route handler.
+ */
+export declare function middleware(options?: MiddlewareOptions): RequestHandler;
+
+/** Parameters for scanS3 */
+export interface S3ScanParams {
+  /** S3 bucket name */
+  bucket: string;
+  /** S3 object key */
+  key: string;
+  /** AWS region */
+  region?: string;
+  /** AWS credentials object */
+  credentials?: object;
+}
+
+/**
+ * Scan an S3 object by streaming it directly via GetObjectCommand — no disk I/O.
+ * Requires @aws-sdk/client-s3 to be installed separately.
+ */
+export declare function scanS3(params: S3ScanParams, options?: ScanOptions): Promise<VerdictValue>;
+
+/** Options for createPool */
+export interface PoolOptions {
+  host?: string;
+  port?: number;
+  socket?: string;
+  /** Number of persistent connections to maintain (default: 5) */
+  size?: number;
+  timeout?: number;
+}
+
+/** A pool of persistent clamd connections */
+export interface ClamdPool {
+  /** Scan a file by path using a pooled connection */
+  scan(filePath: string): Promise<VerdictValue>;
+  /** Scan an in-memory Buffer using a pooled connection */
+  scanBuffer(buffer: Buffer): Promise<VerdictValue>;
+  /** Scan a Readable stream using a pooled connection */
+  scanStream(stream: Readable): Promise<VerdictValue>;
+  /** Destroy all pooled connections and reject any queued requests */
+  destroy(): void;
+}
+
+/**
+ * Create a pool of persistent clamd connections for high-throughput scanning.
+ * Queues requests when all connections are busy.
+ */
+export declare function createPool(options?: PoolOptions): ClamdPool;
+
+/** Callbacks for the watch() function */
+export interface WatchCallbacks {
+  /** Called when a scanned file is clean */
+  onClean?: (filePath: string) => void;
+  /** Called when a scanned file is malicious */
+  onMalicious?: (filePath: string) => void;
+  /** Called on scan error or infrastructure failure */
+  onError?: (err: Error, filePath?: string) => void;
+}
+
+/**
+ * Watch a directory for new/modified files and scan each automatically.
+ * Uses fs.watch with a 300 ms debounce. No dependencies.
+ * Returns an FSWatcher; call .close() to stop watching.
+ */
+export declare function watch(
+  dirPath: string,
+  options?: ScanOptions,
+  callbacks?: WatchCallbacks
+): FSWatcher;