Download Latest Version v1.18.0 -- Docker Image, Security Scorecard, VS Code Extension, Quarantine Mode source code.tar.gz (5.2 MB)
Email in envelope

Get an email when there's a new version of pompelmi

Home / v1.18.0
Name Modified Size InfoDownloads / Week
Parent folder
README.md 2026-05-08 2.7 kB
0
v1.18.0 -- Docker Image, Security Scorecard, VS Code Extension, Quarantine Mode source code.tar.gz 2026-05-08 5.2 MB
0
v1.18.0 -- Docker Image, Security Scorecard, VS Code Extension, Quarantine Mode source code.zip 2026-05-08 5.4 MB
0
Totals: 3 Items   10.6 MB 0

What's New

Official Docker Image

pompelmi/scanner is now available on Docker Hub. A self-contained image with ClamAV, clamd, and an HTTP scan API built in — no configuration required.

:::bash
docker pull pompelmi/scanner
docker run -p 8080:8080 pompelmi/scanner

:::bash
# Scan a file via HTTP
curl -F "file=@./document.pdf" http://localhost:8080/scan
# {"verdict":"clean","file":"document.pdf","viruses":[]}

# Health check
curl http://localhost:8080/health
# {"status":"ok","clamd":"running"}

Security Scorecard

Grade your upload security configuration from A to F:

:::js
const { generateScorecard } = require('pompelmi')

const scorecard = await generateScorecard({
  scanEnabled: true,
  mimeTypeAllowlist: ['image/jpeg', 'image/png', 'application/pdf'],
  fileSizeLimit: 10 * 1024 * 1024,
  diskWriteBeforeScan: false,
  scanErrorBehavior: 'reject',
  clamdUnavailableBehavior: 'reject'
})

console.log(scorecard.grade)    // 'A'
console.log(scorecard.score)    // 95
console.log(scorecard.findings) // array of passed/failed checks

From the CLI:

:::bash
npx pompelmi scorecard --config ./pompelmi.config.js

VS Code Extension

A VS Code extension scaffold is now available at packages/vscode/. Right-click any file in the IDE and select "Scan with pompelmi". Marketplace publishing coming in a future release.

Quarantine Mode

Automatically move infected files to a quarantine directory:

:::js
watch('/uploads', {
  host: 'localhost',
  port: 3310,
  quarantine: '/quarantine'
}, {
  onMalicious: 'quarantine'
})

:::bash
npx pompelmi watch ./uploads --quarantine ./quarantine

Each quarantined file gets a sidecar JSON with original path, virus name, timestamp, and SHA256 hash.

Changes

  • docker/ — Dockerfile, entrypoint.sh, HTTP scan API server
  • .github/workflows/docker.yml — automated Docker Hub publishing
  • src/Scorecard.js — A-F grading for upload security config
  • src/Watcher.js — quarantine mode support
  • packages/vscode/ — VS Code extension scaffold
  • bin/pompelmi.js — scorecard command and --quarantine flag
  • docs/docker-image.html — Docker Hub image guide
  • docs/scorecard.html — scorecard API and CLI reference
  • docs/vscode.html — VS Code extension guide
  • docs/*.html — navbar updated across all pages
  • README.md — Docker Hub badge, new features

Full Changelog

https://github.com/pompelmi/pompelmi/compare/v1.17.0...v1.18.0

Source: README.md, updated 2026-05-08