Security News
Maven Central Adds Sigstore Signature Validation
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.
By Sarah Gooding - Feb 06, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
decompress-zip
Advanced tools
decompress-zip 
Extract files from a ZIP archive
Usage
.extract(options)
Extracts the contents of the ZIP archive file.
Returns an EventEmitter with two possible events - error on an error, and extract when the extraction has completed. The value passed to the extract event is a basic log of each file and how it was compressed.
Options
- path String - Path to extract into (default
.) - follow Boolean - If true, rather than create stored symlinks as symlinks make a shallow copy of the target instead (default
false) - filter Function - A function that will be called once for each file in the archive. It takes one argument which is an object containing details of the file. Return true for any file that you want to extract, and false otherwise. (default
null) - strip Number - Remove leading folders in the path structure. Equivalent to
--strip-componentsfor tar. - restrict Boolean - If true, will restrict files from being created outside
options.path. Setting tofalsehas significant security implications if you are extracting untrusted data. (defaulttrue)
var DecompressZip = require('decompress-zip');
var unzipper = new DecompressZip(filename)
unzipper.on('error', function (err) {
console.log('Caught an error');
});
unzipper.on('extract', function (log) {
console.log('Finished extracting');
});
unzipper.on('progress', function (fileIndex, fileCount) {
console.log('Extracted file ' + (fileIndex + 1) + ' of ' + fileCount);
});
unzipper.extract({
path: 'some/path',
filter: function (file) {
return file.type !== "SymbolicLink";
}
});
If path does not exist, decompress-zip will attempt to create it first.
.list()
Much like extract, except:
- the success event is
list - the data for the event is an array of paths
- no files are actually extracted
- there are no options
var DecompressZip = require('decompress-zip');
var unzipper = new DecompressZip(filename)
unzipper.on('error', function (err) {
console.log('Caught an error');
});
unzipper.on('list', function (files) {
console.log('The archive contains:');
console.log(files);
});
unzipper.list();
License
MIT © Bower team
FAQs
Extract files from a ZIP archive
The npm package decompress-zip receives a total of 48,567 weekly downloads. As such, decompress-zip popularity was classified as popular.
We found that decompress-zip demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Package last updated on 11 Jan 2021
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
38% of CISOs Fear They’re Not Moving Fast Enough on AI
CISOs are racing to adopt AI for cybersecurity, but hurdles in budgets and governance may leave some falling behind in the fight against cyber threats.
By Sarah Gooding - Feb 04, 2025
Research
Security News
Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching for Persistence
Socket researchers uncovered a backdoored typosquat of BoltDB in the Go ecosystem, exploiting Go Module Proxy caching to persist undetected for years.
By Kirill Boychenko - Feb 04, 2025