Description
Pompelmi is a fast file upload malware scanning toolkit designed for Node.js applications. It provides a TypeScript-first approach with composable scanners, deep ZIP inspection, and optional YARA integration. The tool is private by design, ensuring that no outbound calls are made and that all scanning occurs in-process, keeping your data secure. Pompelmi allows developers to block risky uploads early by classifying files as clean, suspicious, or malicious, and it includes built-in guards against ZIP bombs and other threats.
How to use pompelmi?
To use Pompelmi, install the library via npm or yarn, configure your scanning policy, and integrate it into your Node.js application using the provided middleware for Express, Koa, or Next.js. You can compose multiple scanners and set parameters for file size, allowed MIME types, and more.
Core features of pompelmi:
1️⃣
Fast file upload malware scanning
2️⃣
Deep ZIP inspection
3️⃣
Composable scanners with heuristics and signatures
4️⃣
Real-time classification of uploads
5️⃣
Drop-in adapters for popular web frameworks (Express, Koa, Next.js)
Why could be used pompelmi?
| # | Use case | Status | |
|---|---|---|---|
| # 1 | Scanning untrusted file uploads before they hit disk | ✅ | |
| # 2 | Integrating malware scanning into CI/CD pipelines | ✅ | |
| # 3 | Ensuring secure file uploads in web applications | ✅ | |
Who developed pompelmi?
Pompelmi is developed by a community of contributors focused on enhancing file upload security for Node.js applications. The project is open-source and encourages contributions from developers to improve its functionality and security features.