Security News
CVE Volume Surges Past 48,000 in 2025 as WordPress Plugin Ecosystem Drives Growth
CVE disclosures hit a record 48,185 in 2025, driven largely by vulnerabilities in third-party WordPress plugins.
By Sarah Gooding - Jan 09, 2026
@attachmentav/virus-scan-sdk-js
Advanced tools
@attachmentav/virus-scan-sdk-js
An SDK to integrate virus and malware scan capabilities into JavaScript applications. Scan files for viruses, trojans, and other kinds of malware with attachmentAV powered by Sophos.
attachmentav-sdk-js
Project is deprecated. Instead, use https://github.com/widdix/attachmentav-sdk-ts!
An SDK to integrate virus and malware scan capabilities into JavaScript applications. Scan files for viruses, trojans, and other kinds of malware with attachmentAV powered by Sophos.
Getting started
First, install the module.
npm i @attachmentav/virus-scan-sdk-js
Second, get an API key by subscribing to the attachmentAV API (SaaS).
Third, send a scan request. Make sure to replace the API_KEY_PLACEHOLDER placeholder.
const { ApiClient, AttachmentAVApi } = require('@attachmentav/virus-scan-sdk-js');
const fs = require('fs');
const ATTACHMENTAV_API_KEY = '<API_KEY_PLACEHOLDER>';
const defaultClient = ApiClient.instance;
const apiKeyAuth = defaultClient.authentications['apiKeyAuth'];
apiKeyAuth.apiKey = ATTACHMENTAV_API_KEY;
const api = new AttachmentAVApi()
api.scanSyncBinaryPost(fs.readFileSync('/path/to/file'), function(err, data, response) {
if (err) {
console.log(err);
} else {
console.log(JSON.stringify(data));
}
});
The request returns a scan result similar to the following example.
{"status":"clean","size":"1024","realfiletype":"..."}
What is attachmentAV?
attachmentAV offers antivirus for SaaS and cloud platforms. Scan your files and attachments stored in the cloud for viruses, worms, and trojans. attachmentAV detects malware in real-time. Supports Amazon S3, Atlassian, Cloudflare R2, Salesforce, WordPress, and more.
The attachmentAV Virus and Malware Scan API provides a REST API that allows you to integrate malware scans into your application. The solution comes in two variants:
- attachmentAV Virus Scan API (SaaS): Get started quickly with a fully managed service.
- attachmentAV Virus Scan API (self-hosted on AWS): Deploy the production-ready API on AWS.
attachmentAV raises the bar for information security. Our solution is ISO 27001 certified and GDPR compliant. We are establishing, implementing, maintaining, and continually improving an information security management system (ISMS). Sensitive data is encrypted in transit as well as at rest and deleted immediately after processing. More than 1,000 customers trust our malware protection technology.
Install SDK
npm i @attachmentav/virus-scan-sdk-js
Configure SDK
Configure SDK (SaaS)
An active subscription and API key are required. Replace <API_KEY_PLACEHOLDER> with the API key.
const { ApiClient, AttachmentAVApi } = require('@attachmentav/virus-scan-sdk-js');
const fs = require('fs');
const ATTACHMENTAV_API_KEY = '<API_KEY_PLACEHOLDER>';
const defaultClient = ApiClient.instance;
const apiKeyAuth = defaultClient.authentications['apiKeyAuth'];
apiKeyAuth.apiKey = ATTACHMENTAV_API_KEY;
const api = new AttachmentAVApi()
Configure SDK (self-hosted on AWS)
When following the setup guide, you specified the ApiKeys parameter for the CloudFormation stack. Replace <API_KEY_PLACEHOLDER> with one of those keys.
const { ApiClient, AttachmentAVApi } = require('@attachmentav/virus-scan-sdk-js');
const fs = require('fs');
const ATTACHMENTAV_API_KEY = '<API_KEY_PLACEHOLDER>';
const defaultClient = ApiClient.instance;
const bearerAuth = defaultClient.authentications['bearerAuth'];
bearerAuth.accessToken = ATTACHMENTAV_API_KEY;
defaultClient.basePath = 'https://example.com/api/v1';
const api = new AttachmentAVApi()
Examples
Sync Scan: File
Send a file to the attachmentAV Virus Scan API and process the scan result.
Maximum file size is 10 MB. The request timeout is 60 seconds.
api.scanSyncBinaryPost(fs.readFileSync('README.md'), function(err, data, response) {
if (err) {
console.log(err);
} else {
console.log(JSON.stringify(data));
}
});
Sync Scan: Download
Send a URL to the attachmentAV Virus Scan API. attachmentAV will download the file and return the scan result immediately.
Maximum file size is 10 MB. The request timeout is 60 seconds.
api.scanSyncDownloadPost(new SyncDownloadScanRequest('https://example.com/download.txt'), function(err, data, response) {
if (err) {
console.log(err);
} else {
console.log(JSON.stringify(data));
}
});
Sync Scan: S3
Send an S3 bucket name and object key to the attachmentAV Virus Scan API. attachmentAV will download the file and return the scan result immediately.
Maximum file size is 10 MB. The request timeout is 60 seconds.
A bucket policy is required to grant attachmentAV access to private S3 objects.
api.scanSyncS3Post(new SyncS3ScanRequest('example-bucket', 'demo.txt'), function(err, data, response) {
if (err) {
console.log(err);
} else {
console.log(JSON.stringify(data));
}
});
Async Scan: Download
Send a URL to the attachmentAV Virus Scan API. attachmentAV will send the scan result to the callback URL. See callback URL for details.
The maximum file size is 5 GB. The request timeout is 29 seconds; the asynchronous scan job is not affected by this limit.
Not supported by attachmentAV Virus Scan API (Self-hosted on AWS) yet. Contact hello@attachmentav.com to let us know, in case you need this feature.
api.scanAsyncDownloadPost(new AsyncDownloadScanRequest('https://example.com/download.txt', 'https://example.com/callback'), function(err, data, response) {
if (err) {
console.log(err);
} else {
console.log('Successfully submitted scan job. Scan result will be sent to callback URL.');
}
});
Async Scan: S3
Send an S3 bucket name and object key to the attachmentAV Virus Scan API. attachmentAV will send the scan result to the callback URL. See callback URL for details.
The maximum file size is 5 GB. The request timeout is 29 seconds; the asynchronous scan job is not affected by this limit.
A bucket policy is required to grant attachmentAV access to private S3 objects.
Not supported by attachmentAV Virus Scan API (Self-hosted on AWS) yet. Contact hello@attachmentav.com to let us know, in case you need this feature.
api.scanAsyncS3Post(new AsyncS3ScanRequest('example-bucket', 'demo.txt', 'https://example.com/callback'), function(err, data, response) {
if (err) {
console.log(err);
} else {
console.log('Successfully submitted scan job. Scan result will be sent to callback URL.');
}
});
Need help?
Do you need any help to get started with attachmentAV? hello@attachmentav.com.
FAQs
An SDK to integrate virus and malware scan capabilities into JavaScript applications. Scan files for viruses, trojans, and other kinds of malware with attachmentAV powered by Sophos.
The npm package @attachmentav/virus-scan-sdk-js receives a total of 38 weekly downloads. As such, @attachmentav/virus-scan-sdk-js popularity was classified as not popular.
We found that @attachmentav/virus-scan-sdk-js demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Package last updated on 26 Sep 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Insecure Agents Podcast: Certified Patches, Supply Chain Security, and AI Agents
Socket CEO Feross Aboukhadijeh joins Insecure Agents to discuss CVE remediation and why supply chain attacks require a different security approach.
By Sarah Gooding - Jan 08, 2026
Security News
Tailwind CSS Announces 75% Layoffs as LLMs Reshape OSS Business Models
Tailwind Labs laid off 75% of its engineering team after revenue dropped 80%, as LLMs redirect traffic away from documentation where developers discover paid products.
By Sarah Gooding - Jan 08, 2026