ClamAV for humans

A minimal Node.js wrapper around ClamAV that scans any file and returns a typed Verdict Symbol: Verdict.Clean, Verdict.Malicious, or Verdict.ScanError. No daemons. No cloud. No native bindings. Zero runtime dependencies.

• Quickstart
• How it works
• API
  • pompelmi.scan()
• Docker / remote scanning
• Examples
• Internal utilities
  • ClamAVInstaller()
  • updateClamAVDatabase()
• Supported platforms
• Installing ClamAV manually
• Testing
• Contributing
• Security
• License

npm install pompelmi

const { scan, Verdict } = require('pompelmi');

const result = await scan('/path/to/file.zip');

if (result === Verdict.Malicious) {
  throw new Error('File rejected: malware detected');
}

1. Validate — pompelmi checks that the argument is a string and that the file exists before spawning anything.
2. Scan — pompelmi spawns clamscan --no-summary <filePath> as a child process and reads the exit code.
3. Map — the exit…