Security News
Crates.io Users Targeted by Phishing Emails
The Rust Security Response WG is warning of phishing emails from rustfoundation.dev targeting crates.io users.
By Sarah Gooding - Sep 12, 2025
decompress-zip
Advanced tools
decompress-zip 
Extract files from a ZIP archive
Usage
.extract(options)
Extracts the contents of the ZIP archive file.
Returns an EventEmitter with two possible events - error on an error, and extract when the extraction has completed. The value passed to the extract event is a basic log of each file and how it was compressed.
Options
- path String - Path to extract into (default
.) - follow Boolean - If true, rather than create stored symlinks as symlinks make a shallow copy of the target instead (default
false) - filter Function - A function that will be called once for each file in the archive. It takes one argument which is an object containing details of the file. Return true for any file that you want to extract, and false otherwise. (default
null) - strip Number - Remove leading folders in the path structure. Equivalent to
--strip-componentsfor tar. - restrict Boolean - If true, will restrict files from being created outside
options.path. Setting tofalsehas significant security implications if you are extracting untrusted data. (defaulttrue)
var DecompressZip = require('decompress-zip');
var unzipper = new DecompressZip(filename)
unzipper.on('error', function (err) {
console.log('Caught an error');
});
unzipper.on('extract', function (log) {
console.log('Finished extracting');
});
unzipper.on('progress', function (fileIndex, fileCount) {
console.log('Extracted file ' + (fileIndex + 1) + ' of ' + fileCount);
});
unzipper.extract({
path: 'some/path',
filter: function (file) {
return file.type !== "SymbolicLink";
}
});
If path does not exist, decompress-zip will attempt to create it first.
.list()
Much like extract, except:
- the success event is
list - the data for the event is an array of paths
- no files are actually extracted
- there are no options
var DecompressZip = require('decompress-zip');
var unzipper = new DecompressZip(filename)
unzipper.on('error', function (err) {
console.log('Caught an error');
});
unzipper.on('list', function (files) {
console.log('The archive contains:');
console.log(files);
});
unzipper.list();
License
MIT © Bower team
FAQs
Extract files from a ZIP archive
The npm package decompress-zip receives a total of 80,069 weekly downloads. As such, decompress-zip popularity was classified as popular.
We found that decompress-zip demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Package last updated on 11 Jan 2021
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Introducing Custom Pull Request Alert Comment Headers
Socket now lets you customize pull request alert headers, helping security teams share clear guidance right in PRs to speed reviews and reduce back-and-forth.
By André Staltz - Sep 12, 2025
Product
Rust Support Now in Beta
Socket's Rust support is moving to Beta: all users can scan Cargo projects and generate SBOMs, including Cargo.toml-only crates, with Rust-aware supply chain checks.
By Mikola Lysenko, Trevor Norris - Sep 11, 2025