Pompelmi: The minimalist ClamAV wrapper for Node.js (Zero Dependencies)

Checking file uploads for malware shouldn't be a headache. Most Node.js wrappers for ClamAV rely on unstable stdout parsing or heavy native bindings.

I built Pompelmi to be different: it's a "ClamAV for humans" wrapper that focuses on stability and simplicity.

🚀 Key Features

• Zero Runtime Dependencies: Built 100% on Node.js built-ins.
• Exit-Code Reliability: It uses ClamAV's documented exit codes (0, 1, 2) instead of brittle regex parsing.
• No Native Bindings: No node-gyp or compilation required.
• Hybrid Support: Works with local clamscan or remote clamd via TCP.
• Cross-Platform: macOS, Linux, and Windows.

📦 Quickstart

npm install pompelmi

const { scan, Verdict } = require('pompelmi');

const result = await scan('./untrusted-file.zip');

if (result === Verdict.Malicious) {
  console.error('Threat detected!');
}

Check it out on GitHub and let me know what you think!

GitHub: https://github.com
Website: https://pompelmi.app