Skip to content

Pompelmi

v1.17.0 Feature

This release adds 3 notable features for engineering teams evaluating rollout.

Published 26d Vulnerability Scanning
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

antivirus clamav clamscan docker express file-scanner
+8 more
malware nodejs npm security typescript upload-file virus virus-scan

Summary

AI summary

Native ESM support adds dual CommonJS/ESM usage without workarounds.

Full changelog

What's New

Native ESM Support

pompelmi now supports both CommonJS and ES Modules natively.
No more createRequire workarounds.

// ESM (new)
import { scan, scanBuffer, Verdict } from 'pompelmi'

// CommonJS (unchanged)
const { scan, scanBuffer, Verdict } = require('pompelmi')

Deno Support

pompelmi now works natively in Deno:

import { scan, Verdict } from 'npm:pompelmi'

const result = await scan('./file.pdf', {
  host: 'localhost',
  port: 3310
})

Cloudflare Workers Package

@pompelmi/cloudflare is now available on npm.
Scan file uploads at the edge via a remote clamd instance.

npm install @pompelmi/cloudflare

import { scanBuffer } from '@pompelmi/cloudflare'

export default {
  async fetch(request, env) {
    const formData = await request.formData()
    const file = formData.get('file')
    const buffer = await file.arrayBuffer()

    const result = await scanBuffer(buffer, {
      host: env.CLAMAV_HOST,
      port: parseInt(env.CLAMAV_PORT)
    })

    if (result !== 'clean') {
      return new Response('File rejected', { status: 422 })
    }

    return new Response('OK')
  }
}

Landing Page Improvements

pompelmi.app now shows:

  • Runtime compatibility logos: Node.js • Bun • Deno • Cloudflare Workers
  • Framework logos grid: Express • Fastify • NestJS • Next.js • Hono • Remix • SvelteKit
  • Live GitHub stars and npm downloads badges

GitHub Sponsors

A Sponsor button is now visible on the GitHub repo via .github/FUNDING.yml.

Runtime Support

| Runtime | Status |
|---------|--------|
| Node.js | ✅ |
| Bun | ✅ |
| Deno | ✅ |
| Cloudflare Workers | ✅ via @pompelmi/cloudflare |

Framework Integrations

| Package | Framework |
|---------|-----------|
| @pompelmi/nestjs | NestJS |
| @pompelmi/fastify | Fastify |
| @pompelmi/nextjs | Next.js |
| @pompelmi/hono | Hono |
| @pompelmi/remix | Remix |
| @pompelmi/sveltekit | SvelteKit |
| @pompelmi/cloudflare | Cloudflare Workers |
| @pompelmi/testing | Jest / Vitest / Node |

Changes

  • src/index.mjs — native ESM entry point
  • package.json — dual CJS/ESM exports field
  • deno.json — Deno configuration
  • packages/cloudflare/ — Cloudflare Workers package
  • .github/FUNDING.yml — GitHub Sponsors button
  • docs/deno.html — Deno usage guide
  • docs/cloudflare.html — Cloudflare Workers guide
  • docs/*.html — navbar updated
  • index.html — landing page runtime and framework logos

Full Changelog

https://github.com/pompelmi/pompelmi/compare/v1.16.0...v1.17.0

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Pompelmi

Get notified when new releases ship.

Sign up free

About Pompelmi

Open-source file upload security for Node.js. Scan files before storage to detect malware, MIME spoofing, and risky archives.

All releases →

Related context

Beta — feedback welcome: [email protected]