Skip to content

Pompelmi

v1.15.0 Feature

This release adds 2 notable features for engineering teams evaluating rollout.

Published 28d Vulnerability Scanning
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

antivirus clamav clamscan docker express file-scanner
+8 more
malware nodejs npm security typescript upload-file virus virus-scan

Summary

AI summary

Hono plugin @pompelmi/hono is now available on npm.

Full changelog

What's New

Hono Plugin

@pompelmi/hono is now available on npm. Works on Node.js, Bun,
and Cloudflare Workers.

npm install @pompelmi/hono pompelmi

import { pompelmiMiddleware } from '@pompelmi/hono'
import { Hono } from 'hono'

const app = new Hono()

app.use('/upload/*', pompelmiMiddleware({
  host: 'localhost',
  port: 3310,
  field: 'file',
  onInfected: (c) => c.json({ error: 'Malware detected' }, 422)
}))

Bun Support

pompelmi now officially supports the Bun runtime. The core library
detects Bun at runtime and uses native Bun APIs where available for
faster file reads. Bun is now included in the CI test matrix.

bun install pompelmi
bun run your-app.js

Interactive Demo

A browser-based demo is now available at
pompelmi.app/demo — try the pompelmi
terminal UI and see all three verdicts without installing anything.

Testing Utilities

@pompelmi/testing provides mock utilities for unit testing
applications that use pompelmi.

npm install --save-dev @pompelmi/testing

const { mockClean, mockInfected, mockScanError } = require('@pompelmi/testing')

// In your tests
it('rejects infected files', async () => {
  const scanner = mockInfected('Win.Malware.Test')
  const result = await scanner.scanBuffer(buffer)
  expect(result).toBe(Verdict.Malicious)
})

Works with Jest, Vitest, and the Node.js built-in test runner.

Comparison Page

Side-by-side comparison of pompelmi against other Node.js ClamAV
integrations at docs/comparison.html.

Framework Integrations

| Package | Framework |
|---------|-----------|
| @pompelmi/nestjs | NestJS |
| @pompelmi/fastify | Fastify |
| @pompelmi/nextjs | Next.js |
| @pompelmi/hono | Hono |
| @pompelmi/testing | Jest / Vitest / Node |

Changes

  • packages/hono/ — Hono middleware plugin
  • packages/testing/ — mock utilities for unit testing
  • src/ClamdScanner.js, BufferScanner.js, StreamScanner.js — Bun runtime detection
  • .github/workflows/ci.yml — Bun added to test matrix
  • docs/demo.html — interactive browser demo
  • docs/comparison.html — comparison with alternatives
  • docs/*.html — navbar updated across all pages
  • README.md — Bun support, demo link, updated integrations table

Full Changelog

https://github.com/pompelmi/pompelmi/compare/v1.14.0...v1.15.0

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Pompelmi

Get notified when new releases ship.

Sign up free

About Pompelmi

Open-source file upload security for Node.js. Scan files before storage to detect malware, MIME spoofing, and risky archives.

All releases →

Related context

Beta — feedback welcome: [email protected]