PompelmiFast file-upload malware scanning for Node.js

Optional YARA, ZIP deep-inspection, MIME/size guards. Express · Koa · Next.js.

ZIP deep-inspection

Bomb/ratio limits, traversal-safe extraction, inner MIME sniff.

Enforce extension allowlist, size caps, and server-side MIME checks.

Express, Koa, Fastify, Next.js — TypeScript first.