All Versions
33
Latest Version
Avg Release Cycle
5 days
Latest Release
32 days ago

Changelog History
Page 1

  • v1.20.0 Changes

    May 15, 2026

    โž• Added

    • ๐Ÿ‘ท Star prompt printed to stderr on first import (skipped in CI and non-TTY environments), with a ~/.pompelmi/.starred marker so it shows only once.
    • ๐Ÿ–จ scripts/postinstall.js โ€” prints a GitHub star nudge to stdout after npm install in interactive terminals.

    ๐Ÿ”„ Changed

    • ๐Ÿ“ฆ package.json โ€” added postinstall script pointing to scripts/postinstall.js; bumped version to 1.20.0.

  • v1.19.0 Changes

    May 12, 2026

    Title:

    v1.19.0 โ€” Scan Cache, Policies, Multi-Engine, Directory Streaming

    Body:

    ## What's New### SHA256 Scan CacheSkip rescanning files that have already been verified.
Cache results in memory or on disk with configurable TTL and LRU eviction.```jsconst{createCache}=require('pompelmi')constcache=createCache({ ttl:3600000, maxSize:1000})constresult=awaitcache.scan(filePath, options)// Second call with same file content: instant, no clamd roundtripcache.stats()// { hits: 42, misses: 8, size: 50, hitRate: 0.84 }

    File-based persistence across restarts:

    constcache=createCache({storage:'file',filePath:'./.pompelmi-cache.json',ttl:86400000})

    Scan Policies

    ๐Ÿ”’ Define all upload security rules in one place โ€” size, MIME type,
    extension, and virus scanning โ€” and apply them with a single call.

    const{createPolicy}=require('pompelmi')constpolicy=createPolicy({scan:{host:'localhost',port:3310},maxSize:10\*1024\*1024,allowedMimeTypes:['image/jpeg','image/png','application/pdf'],allowedExtensions:['.jpg','.jpeg','.png','.pdf'],rejectEncrypted:true,onScannerUnavailable:'reject'})constresult=awaitpolicy.check(buffer,{filename:'upload.pdf',mimeType:'application/pdf',size:buffer.length})// { allowed: true, reason: null, verdict: Verdict.Clean }// Express middlewareapp.post('/upload',upload.single('file'),policy.middleware(),handler)

    Multi-Engine Scanning

    Combine ClamAV with VirusTotal for higher confidence results.

    const{createMultiEngine}=require('pompelmi')constscanner=createMultiEngine({engines:[{type:'clamav',host:'localhost',port:3310},{type:'virustotal',apiKey:process.env.VIRUSTOTAL\_API\_KEY}],consensus:'any'})constresult=awaitscanner.scanBuffer(buffer)// {// verdict: Verdict.Malicious,// engines: [// { name: 'clamav', verdict: Verdict.Malicious, virus: 'Win.Malware.Agent' },// { name: 'virustotal', verdict: Verdict.Clean, detections: 0 }//]// }

    Consensus modes: any (strict) ยท all (lenient) ยท majority

    Directory Streaming with Progress Events

    Scan large directories with real-time progress via async iteration:

    forawait(consteventofscanDirectory.stream('/uploads',options)){if(event.type==='progress'){console.log(`${event.scanned}/${event.total} โ€” ${event.file}`)}if(event.type==='result'){console.log(event.file,event.verdict)}if(event.type==='complete'){console.log('Done:',event.summary)}}

    ๐Ÿ”„ Changes

    • src/ScanCache.js โ€” SHA256 cache with TTL, LRU, memory and file storage
    • ๐Ÿ”’ src/Policy.js โ€” unified upload security policy
    • src/MultiEngine.js โ€” multi-engine scanning with consensus modes
    • src/DirectoryScanner.js โ€” streaming async iterator with progress events
    • src/index.js โ€” exports createCache, createPolicy, createMultiEngine
    • types/index.d.ts โ€” full type declarations for all new exports
    • ๐Ÿ“„ docs/cache.html โ€” cache API reference
    • ๐Ÿ“„ docs/policy.html โ€” policy API reference
    • ๐Ÿ“„ docs/multi-engine.html โ€” multi-engine guide
    • โšก๏ธ docs/*.html โ€” navbar updated

    Full Changelog

    v1.18.0...v1.19.0

  • v1.18.0 Changes

    May 08, 2026

    What's New

    ๐Ÿณ Official Docker Image

    ๐Ÿณ pompelmi/scanner is now available on Docker Hub.
    A self-contained image with ClamAV, clamd, and an HTTP scan API
    ๐Ÿ”ง built in โ€” no configuration required.

    docker pull pompelmi/scanner
docker run -p 8080:8080 pompelmi/scanner

# Scan a file via HTTPcurl -F"file=@./document.pdf"http://localhost:8080/scan# {"verdict":"clean","file":"document.pdf","viruses":[]}# Health checkcurl http://localhost:8080/health# {"status":"ok","clamd":"running"}

    ๐Ÿ”’ Security Scorecard

    ๐Ÿ”’ Grade your upload security configuration from A to F:

    const{generateScorecard}=require('pompelmi')constscorecard=awaitgenerateScorecard({scanEnabled:true,mimeTypeAllowlist:['image/jpeg','image/png','application/pdf'],fileSizeLimit:10\*1024\*1024,diskWriteBeforeScan:false,scanErrorBehavior:'reject',clamdUnavailableBehavior:'reject'})console.log(scorecard.grade)// 'A'console.log(scorecard.score)// 95console.log(scorecard.findings)// array of passed/failed checks

    From the CLI:

    npx pompelmi scorecard --config ./pompelmi.config.js

    VS Code Extension

    ๐Ÿ“ฆ A VS Code extension scaffold is now available at packages/vscode/.
    Right-click any file in the IDE and select "Scan with pompelmi".
    ๐Ÿš€ Marketplace publishing coming in a future release.

    Quarantine Mode

    ๐Ÿšš Automatically move infected files to a quarantine directory:

    watch('/uploads',{host:'localhost',port:3310,quarantine:'/quarantine'},{onMalicious:'quarantine'})

npx pompelmi watch ./uploads --quarantine ./quarantine

    Each quarantined file gets a sidecar JSON with original path,
    virus name, timestamp, and SHA256 hash.

    ๐Ÿ”„ Changes

    • ๐Ÿณ docker/ โ€” Dockerfile, entrypoint.sh, HTTP scan API server
    • ๐Ÿณ .github/workflows/docker.yml โ€” automated Docker Hub publishing
    • ๐Ÿ”’ src/Scorecard.js โ€” A-F grading for upload security config
    • ๐Ÿ‘ src/Watcher.js โ€” quarantine mode support
    • ๐Ÿ“ฆ packages/vscode/ โ€” VS Code extension scaffold
    • bin/pompelmi.js โ€” scorecard command and --quarantine flag
    • ๐Ÿณ docs/docker-image.html โ€” Docker Hub image guide
    • ๐Ÿ“„ docs/scorecard.html โ€” scorecard API and CLI reference
    • ๐Ÿ“„ docs/vscode.html โ€” VS Code extension guide
    • โšก๏ธ docs/*.html โ€” navbar updated across all pages
    • ๐Ÿณ README.md โ€” Docker Hub badge, new features

    Full Changelog

    v1.17.0...v1.18.0

  • v1.17.0 Changes

    May 08, 2026

    What's New

    ๐Ÿ‘ Native ESM Support

    ๐Ÿ‘ pompelmi now supports both CommonJS and ES Modules natively.
    โ†ช No more createRequire workarounds.

    // ESM (new)import{scan,scanBuffer,Verdict}from'pompelmi'// CommonJS (unchanged)const{scan,scanBuffer,Verdict}=require('pompelmi')

    ๐Ÿ‘ Deno Support

    pompelmi now works natively in Deno:

    import{scan,Verdict}from'npm:pompelmi'constresult=awaitscan('./file.pdf',{host:'localhost',port:3310})

    ๐Ÿ“ฆ Cloudflare Workers Package

    @pompelmi/cloudflare is now available on npm.
    Scan file uploads at the edge via a remote clamd instance.

    npm install @pompelmi/cloudflare

import{scanBuffer}from'@pompelmi/cloudflare'exportdefault{asyncfetch(request,env){constformData=awaitrequest.formData()constfile=formData.get('file')constbuffer=awaitfile.arrayBuffer()constresult=awaitscanBuffer(buffer,{host:env.CLAMAV\_HOST,port:parseInt(env.CLAMAV\_PORT)})if(result!=='clean'){returnnewResponse('File rejected',{status:422})}returnnewResponse('OK')}}

    Landing Page Improvements

    pompelmi.app now shows:

    • ๐Ÿ‘ท Runtime compatibility logos: Node.js โ€ข Bun โ€ข Deno โ€ข Cloudflare Workers
    • Framework logos grid: Express โ€ข Fastify โ€ข NestJS โ€ข Next.js โ€ข Hono โ€ข Remix โ€ข SvelteKit
    • Live GitHub stars and npm downloads badges

    GitHub Sponsors

    A Sponsor button is now visible on the GitHub repo via .github/FUNDING.yml.

    โš™ Runtime Support

    Runtime Status
    Node.js โœ…
    Bun โœ…
    Deno โœ…
    ๐Ÿ‘ท Cloudflare Workers

    Framework Integrations

    ๐Ÿ“ฆ | Package | Framework | | --- | --- | ๐Ÿ“ฆ | @pompelmi/nestjs | NestJS | ๐Ÿ“ฆ | @pompelmi/fastify | Fastify | ๐Ÿ“ฆ | @pompelmi/nextjs | Next.js | ๐Ÿ“ฆ | @pompelmi/hono | Hono | ๐Ÿ“ฆ | @pompelmi/remix | Remix | ๐Ÿ“ฆ | @pompelmi/sveltekit | SvelteKit | ๐Ÿ“ฆ | @pompelmi/cloudflare | Cloudflare Workers | ๐Ÿ“ฆ | @pompelmi/testing | Jest / Vitest / Node |

    ๐Ÿ”„ Changes

    • src/index.mjs โ€” native ESM entry point
    • ๐Ÿ“ฆ package.json โ€” dual CJS/ESM exports field
    • ๐Ÿ”ง deno.json โ€” Deno configuration
    • ๐Ÿ“ฆ packages/cloudflare/ โ€” Cloudflare Workers package
    • .github/FUNDING.yml โ€” GitHub Sponsors button
    • ๐Ÿ“„ docs/deno.html โ€” Deno usage guide
    • ๐Ÿ‘ท docs/cloudflare.html โ€” Cloudflare Workers guide
    • โšก๏ธ docs/*.html โ€” navbar updated
    • index.html โ€” landing page runtime and framework logos

    Full Changelog

    v1.16.0...v1.17.0

  • v1.16.0 Changes

    May 07, 2026

    What's New

    ๐Ÿ”Œ Remix Plugin

    @pompelmi/remix is now available on npm.

    npm install @pompelmi/remix pompelmi

import{withPompelmi}from'@pompelmi/remix'exportconstaction=withPompelmi(async({request})=\>{constformData=awaitrequest.formData()returnjson({ok:true})},{host:'localhost',port:3310})

    ๐Ÿ”Œ SvelteKit Plugin

    @pompelmi/sveltekit is now available on npm.

    npm install @pompelmi/sveltekit pompelmi

import{withPompelmi}from'@pompelmi/sveltekit'exportconstPOST=withPompelmi(async({request})=\>{returnnewResponse(JSON.stringify({ok:true}))},{host:'localhost',port:3310})

    Scan Statistics

    โœ… Track scan activity in-memory with createStats():

    const{createStats}=require('pompelmi')conststats=createStats()constresult=awaitstats.track(()=\>scan(filePath,options))stats.get()// {// totalScanned: 1247,// totalClean: 1245,// totalInfected: 2,// totalErrors: 0,// avgScanTimeMs: 45,// lastScanAt: '2026-05-07T...',// uptime: 3600000// }app.get('/pompelmi/stats',(req,res)=\>res.json(stats.get()))

    Navbar Fix

    ๐Ÿ“„ All docs/ HTML pages now have a consistent navbar linking to every
    ๐Ÿ“š page in the documentation site. Previously several pages were missing
    ๐Ÿ”— links to newer sections.

    Framework Integrations

    ๐Ÿ“ฆ | Package | Framework | | --- | --- | ๐Ÿ“ฆ | @pompelmi/nestjs | NestJS | ๐Ÿ“ฆ | @pompelmi/fastify | Fastify | ๐Ÿ“ฆ | @pompelmi/nextjs | Next.js | ๐Ÿ“ฆ | @pompelmi/hono | Hono | ๐Ÿ“ฆ | @pompelmi/remix | Remix | ๐Ÿ“ฆ | @pompelmi/sveltekit | SvelteKit | ๐Ÿ“ฆ | @pompelmi/testing | Jest / Vitest / Node |

    ๐Ÿ”„ Changes

    • ๐Ÿ“ฆ packages/remix/ โ€” Remix action wrapper
    • ๐Ÿ“ฆ packages/sveltekit/ โ€” SvelteKit server handler and hook
    • src/Stats.js โ€” in-memory scan statistics tracker
    • ๐Ÿ“„ docs/remix.html, docs/sveltekit.html, docs/stats.html โ€” new docs pages
    • ๐Ÿ“„ docs/*.html โ€” canonical navbar across all pages
    • โšก๏ธ README.md โ€” updated framework integrations table
    • โšก๏ธ .github/workflows/ci.yml โ€” updated to Node.js 24 actions

    Full Changelog

    v1.15.0...v1.16.0

  • v1.15.0 Changes

    May 06, 2026

    What's New

    ๐Ÿ”Œ Hono Plugin

    @pompelmi/hono is now available on npm. Works on Node.js, Bun,
    ๐Ÿ‘ท and Cloudflare Workers.

    npm install @pompelmi/hono pompelmi

import{pompelmiMiddleware}from'@pompelmi/hono'import{Hono}from'hono'constapp=newHono()app.use('/upload/\*',pompelmiMiddleware({host:'localhost',port:3310,field:'file',onInfected:(c)=\>c.json({error:'Malware detected'},422)}))

    ๐Ÿ‘ Bun Support

    ๐Ÿ‘ pompelmi now officially supports the Bun runtime. The core library
    detects Bun at runtime and uses native Bun APIs where available for
    ๐Ÿ‘ท faster file reads. Bun is now included in the CI test matrix.

    bun install pompelmi
bun run your-app.js

    Interactive Demo

    ๐Ÿ’ป A browser-based demo is now available at
    pompelmi.app/demo โ€” try the pompelmi
    ๐Ÿ‘€ terminal UI and see all three verdicts without installing anything.

    โœ… Testing Utilities

    โœ… @pompelmi/testing provides mock utilities for unit testing
    applications that use pompelmi.

    npm install --save-dev @pompelmi/testing

const{mockClean,mockInfected,mockScanError}=require('@pompelmi/testing')// In your testsit('rejects infected files',async()=\>{constscanner=mockInfected('Win.Malware.Test')constresult=awaitscanner.scanBuffer(buffer)expect(result).toBe(Verdict.Malicious)})

    โœ… Works with Jest, Vitest, and the Node.js built-in test runner.

    Comparison Page

    Side-by-side comparison of pompelmi against other Node.js ClamAV
    ๐Ÿ“„ integrations at docs/comparison.html.

    Framework Integrations

    ๐Ÿ“ฆ | Package | Framework | | --- | --- | ๐Ÿ“ฆ | @pompelmi/nestjs | NestJS | ๐Ÿ“ฆ | @pompelmi/fastify | Fastify | ๐Ÿ“ฆ | @pompelmi/nextjs | Next.js | ๐Ÿ“ฆ | @pompelmi/hono | Hono | ๐Ÿ“ฆ | @pompelmi/testing | Jest / Vitest / Node |

    ๐Ÿ”„ Changes

    • ๐Ÿ“ฆ packages/hono/ โ€” Hono middleware plugin
    • ๐Ÿ“ฆ packages/testing/ โ€” mock utilities for unit testing
    • src/ClamdScanner.js, BufferScanner.js, StreamScanner.js โ€” Bun runtime detection
    • โœ… .github/workflows/ci.yml โ€” Bun added to test matrix
    • ๐Ÿ’ป docs/demo.html โ€” interactive browser demo
    • ๐Ÿ“„ docs/comparison.html โ€” comparison with alternatives
    • โšก๏ธ docs/*.html โ€” navbar updated across all pages
    • โšก๏ธ README.md โ€” Bun support, demo link, updated integrations table

    Full Changelog

    v1.14.0...v1.15.0

  • v1.14.0 Changes

    May 06, 2026

    What's New

    ๐Ÿ”’ HTML Security Dashboard

    Generate a beautiful, self-contained scan report in one command:

    npx pompelmi scan ./uploads --report
npx pompelmi scan ./uploads --report --output report.html

    Or from code:

    const{scanDirectory,generateDashboard}=require('pompelmi')constresults=awaitscanDirectory('./uploads')consthtml=awaitgenerateDashboard(results)fs.writeFileSync('report.html',html)

    ๐Ÿ”‹ Features:

    • Summary stats: scanned, infected, clean, errors, time
    • Color-coded status banner (green / red)
    • Full file table with verdict badges
    • Infected files highlighted with virus names
    • ๐Ÿ‘ Dark mode support
    • ๐Ÿ–จ Print-friendly CSS
    • Zero external dependencies โ€” single self-contained HTML file

    SVG Share Card

    Generate a shareable scan result card for README badges or social media:

    npx pompelmi scan ./uploads --share-card# saves pompelmi-scan-card.svg

const{generateShareCard}=require('pompelmi')constsvg=awaitgenerateShareCard(results)

    ๐Ÿ“ฆ Next.js Package

    @pompelmi/nextjs is now available on npm:

    npm install @pompelmi/nextjs pompelmi

// App Router (Next.js 13+)import{withPompelmi}from'@pompelmi/nextjs'exportconstPOST=withPompelmi(async(req)=\>{returnResponse.json({ok:true})},{host:'localhost',port:3310})// Pages RouterexportdefaultwithPompelmiHandler(handler,options)

    GitHub App

    ๐Ÿ”ง Configuration for a one-click pompelmi GitHub App for organizations โ€”
    no workflow file needed, scans changed files on every PR with inline
    annotations on the diff.

    ๐Ÿ‘€ See docs/github-app.html for setup instructions.

    Framework Integrations

    ๐Ÿ“ฆ | Package | Framework | | --- | --- | ๐Ÿ“ฆ | @pompelmi/nestjs | NestJS | ๐Ÿ“ฆ | @pompelmi/fastify | Fastify | ๐Ÿ“ฆ | @pompelmi/nextjs | Next.js |

    ๐Ÿ”„ Changes

    • src/Dashboard.js โ€” HTML report generator
    • src/ShareCard.js โ€” SVG share card generator
    • bin/pompelmi.js โ€” --report and --share-card flags added
    • ๐Ÿ“ฆ packages/nextjs/ โ€” Next.js App Router and Pages Router support
    • ๐Ÿ”ง .github/app.yml โ€” GitHub App configuration
    • ๐Ÿ“š docs/dashboard.html โ€” dashboard documentation
    • ๐Ÿ“š docs/github-app.html โ€” GitHub App documentation
    • โšก๏ธ docs/*.html โ€” navbar updated with new pages
    • โšก๏ธ README.md โ€” Features list updated

    Full Changelog

    v1.13.0...v1.14.0

  • v1.13.0 Changes

    May 05, 2026

    โž• Added

    • @pompelmi/nestjs โ€” NestJS module with PompelmiModule.forRoot() / .forRootAsync(), injectable PompelmiService (scan / scanBuffer / isMalware), PompelmiGuard (blocks malicious uploads via CanActivate), and PompelmiInterceptor (throws BadRequestException on infection). Full TypeScript declarations included.
    • @pompelmi/fastify โ€” Fastify plugin that decorates the instance with fastify.pompelmi (scan / scanBuffer / scanStream / preHandler). The preHandler() helper returns a route-level hook that scans uploaded files before the route handler runs. Supports custom onMalicious callbacks and full TypeScript declarations.
    • Framework Integrations section in README.md โ€” table of official packages with usage snippets for NestJS and Fastify.

  • v1.12.0 Changes

    May 05, 2026

    What's New

    Standalone CLI

    Scan files directly from the terminal โ€” no code required:

    # Scan a filenpx pompelmi scan ./uploads/file.pdf# Scan a directory recursivelynpx pompelmi scan ./uploads --recursive# Output as JSON for scriptingnpx pompelmi scan ./uploads --json# Watch a folder in real timenpx pompelmi watch ./uploads

    ๐Ÿ”‹ Features:

    • Renders the pompelmi grapefruit logo in the terminal via terminal-image
    • Live progress bar for directory scans
    • ๐Ÿ’ป Box-drawing UI with color-coded results (green/red/yellow)
    • --json mode for shell script integration
    • ๐Ÿšš --delete flag to auto-remove infected files
    • ๐Ÿ‘ท --quiet mode for CI pipelines
    • Works with TCP, UNIX socket, and local clamscan

    Exit codes: 0 clean ยท 1 infected ยท 2 scan error ยท 3 clamd unreachable

    Install globally:

    npm install -g pompelmi
pompelmi scan ./uploads

    Or use without installing:

    npx pompelmi scan ./uploads

    ๐Ÿ“š CLI Documentation

    ๐Ÿ†• New dedicated page: docs/cli.html

    • Full commands and options reference
    • JSON output format
    • Exit codes table
    • 8 real-world examples
    • Shell script integration

    โšก๏ธ Navbar updated across all docs

    ๐Ÿ“„ All docs/ pages now have a consistent navbar including the new CLI link.

    ๐Ÿ”„ Changes

    • bin/pompelmi.js โ€” full CLI implementation
    • ๐Ÿ“ฆ package.json โ€” bin field added, terminal-image dependency
    • ๐Ÿ“š docs/cli.html โ€” new CLI documentation page
    • โšก๏ธ docs/*.html โ€” navbar updated across all pages
    • ๐Ÿ“„ README.md โ€” Quick Start section, CLI in Features and docs table
    • CHANGELOG.md โ€” v1.12.0 entry

    Full Changelog

    v1.11.0...v1.12.0

  • v1.11.0 Changes

    May 04, 2026

    โž• Added

    • Webhook notifications โ€” notify(webhookUrl, scanResult, options) sends a POST request when a virus is detected. Payload includes file, verdict, viruses, timestamp, and hostname. Supports HMAC-SHA256 request signing via X-Pompelmi-Signature header when a secret is provided. Ships with onlyOnMalicious: true default so noise-free by default. Uses Node.js built-in https/http โ€” zero extra dependencies.
    • EventEmitter scanner โ€” createScanner(options) returns an EventEmitter-based scanner with scan(filePath) and scanDirectory(dirPath) methods. Emits 'clean', 'malicious', 'scanError', and 'error' events per file โ€” ideal for streaming pipelines and upload processing loops.
    • ๐Ÿš€ Automated GitHub Release notes โ€” release workflow now extracts the matching changelog section from CHANGELOG.md and uses it as the release body, with a one-line summary in the release title (vX.Y.Z โ€” <summary>). No more static template.
    • .mailmap โ€” maps any historical claude/Claude authorship entries to the project author so they are excluded from GitHub's contributor list.

    ๐Ÿ”„ Changed

    • src/index.js โ€” exports notify and createScanner alongside existing API.
    • ๐Ÿ›ฐ types/index.d.ts โ€” full TypeScript declarations for notify, NotifyOptions, WebhookPayload, ScanResultInput, createScanner, and ScanEmitter (including typed event overloads).