{"id":30196340,"url":"https://github.com/pompelmi/pompelmi","last_synced_at":"2026-04-03T00:11:17.508Z","repository":{"id":306411739,"uuid":"1026124833","full_name":"pompelmi/pompelmi","owner":"pompelmi","description":"File-upload malware scanning for Node.js. Express/Koa/Next.js adapters, ZIP deep-inspection, MIME/size checks, optional YARA.","archived":false,"fork":false,"pushed_at":"2025-08-12T10:44:11.000Z","size":13804,"stargazers_count":26,"open_issues_count":0,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-08-12T12:37:23.439Z","etag":null,"topics":["antivirus","api","automation","backend","cli","cybersecurity","devops","files","filesystem","javascript","library","module","nodejs","npm","opensource","scanner","security","server","typescript","web"],"latest_commit_sha":null,"homepage":"https://pompelmi.github.io/pompelmi/","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pompelmi.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-07-25T10:51:35.000Z","updated_at":"2025-08-12T10:44:14.000Z","dependencies_parsed_at":"2025-07-25T15:53:41.629Z","dependency_job_id":"3d74fd9a-2d60-4019-8be3-305fd872c7f1","html_url":"https://github.com/pompelmi/pompelmi","commit_stats":null,"previous_names":["pompelmi/pompelmi"],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/pompelmi/pompelmi","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pompelmi%2Fpompelmi","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pompelmi%2Fpompelmi/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pompelmi%2Fpompelmi/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pompelmi%2Fpompelmi/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pompelmi","download_url":"https://codeload.github.com/pompelmi/pompelmi/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pompelmi%2Fpompelmi/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":270148543,"owners_count":24535701,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-12T02:00:09.011Z","response_time":80,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["antivirus","api","automation","backend","cli","cybersecurity","devops","files","filesystem","javascript","library","module","nodejs","npm","opensource","scanner","security","server","typescript","web"],"created_at":"2025-08-13T05:18:05.503Z","updated_at":"2026-04-03T00:11:17.498Z","avatar_url":"https://github.com/pompelmi.png","language":"TypeScript","readme":"\u003cdiv align=\"center\"\u003e\n  \u003cimg src=\"assets/logo.svg\" alt=\"Pompelmi logo\" width=\"160\" /\u003e\n  \u003ch1\u003ePompelmi\u003c/h1\u003e\n  \u003cp\u003eLocal-first file upload scanning for Node.js.\u003c/p\u003e\n  \u003cp\u003e\n    \u003ca href=\"https://www.npmjs.com/package/pompelmi\"\u003e\u003cimg alt=\"npm version\" src=\"https://img.shields.io/npm/v/pompelmi\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://github.com/pompelmi/pompelmi/actions/workflows/ci.yml\"\u003e\u003cimg alt=\"CI\" src=\"https://img.shields.io/github/actions/workflow/status/pompelmi/pompelmi/ci.yml?label=ci\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://github.com/pompelmi/pompelmi/stargazers\"\u003e\u003cimg alt=\"GitHub stars\" src=\"https://img.shields.io/github/stars/pompelmi/pompelmi\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://www.npmjs.com/package/pompelmi\"\u003e\u003cimg alt=\"npm downloads\" src=\"https://img.shields.io/npm/dm/pompelmi\"\u003e\u003c/a\u003e\n  \u003c/p\u003e\n\u003c/div\u003e\n\nPompelmi inspects untrusted files before storage and helps you decide whether to allow, reject, or quarantine them before they reach downstream systems.\n\nIt is built for upload endpoints that cannot rely on filenames, extensions, or client-provided MIME types alone.\n\n## Install\n\n```bash\nnpm install pompelmi\n```\n\nRequires Node.js 18+.\n\n## Quick Start\n\n```ts\nimport { scanBytes } from 'pompelmi';\n\nconst report = await scanBytes(file.buffer, {\n  ctx: {\n    filename: file.originalname,\n    mimeType: file.mimetype,\n    size: file.size,\n  },\n});\n\nif (!report.ok) {\n  return res.status(422).json({\n    error: 'Upload blocked',\n    verdict: report.verdict,\n    reasons: report.reasons,\n  });\n}\n```\n\n## What Problem It Solves\n\nUpload endpoints are part of your attack surface. A renamed executable, a risky PDF, or a hostile archive can look harmless until it is stored, unpacked, served, or parsed by another system.\n\nPompelmi adds checks at the upload boundary for:\n\n- MIME spoofing and magic-byte mismatches\n- Archive abuse such as ZIP bombs, traversal, and deep nesting\n- Polyglot files and risky document structures\n- Optional YARA-based signature matching\n\nThe goal is simple: inspect first, store later.\n\n## Why This Shape\n\n- Plain Markdown, readable in GitHub and in a terminal\n- Fast path first: install, example, then deeper links\n- Minimal top-level detail, with docs and examples for everything else\n\n## Ecosystem\n\n- `pompelmi`\n- `@pompelmi/express-middleware`\n- `@pompelmi/koa-middleware`\n- `@pompelmi/next-upload`\n- `@pompelmi/nestjs-integration`\n- `@pompelmi/fastify-plugin`\n- `@pompelmi/ui-react`\n- `@pompelmi/cli`\n\n## Repository Layout\n\n- `src/` core library\n- `packages/` framework adapters and supporting packages\n- `examples/` runnable examples\n- `tests/` test coverage\n- `website/` documentation site\n\n## Development\n\n```bash\npnpm install\npnpm test\npnpm build\n```\n\n## Links\n\n- [Documentation](https://pompelmi.github.io/pompelmi/)\n- [Examples](./examples)\n- [Contributing](./CONTRIBUTING.md)\n- [Security](./SECURITY.md)\n- [Roadmap](./ROADMAP.md)\n\n## License\n\n[MIT](./LICENSE)\n","funding_links":[],"categories":["Analysis Tools","Security Hardening","Web","Tools","Security"],"sub_categories":["Development","IDE","Runner"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpompelmi%2Fpompelmi","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpompelmi%2Fpompelmi","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpompelmi%2Fpompelmi/lists"}