PHPackages                             selective/archive-bomb-scanner - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. selective/archive-bomb-scanner

ActiveLibrary[Security](/categories/security)

selective/archive-bomb-scanner
==============================

ZIP and PNG bomb scanner

2.2.0(9mo ago)2126.4k↓13.8%71MITPHPPHP 8.1.\* || 8.2.\* || 8.3.\* || 8.4.\*CI passing

Since Jul 27Pushed 9mo ago2 watchersCompare

[ Source](https://github.com/selective-php/archive-bomb-scanner)[ Packagist](https://packagist.org/packages/selective/archive-bomb-scanner)[ Docs](https://github.com/selective-php/archive-bomb-scanner)[ RSS](/packages/selective-archive-bomb-scanner/feed)WikiDiscussions master Synced 1mo ago

READMEChangelog (8)Dependencies (5)Versions (9)Used By (1)

selective/archive-bomb-scanner
==============================

[](#selectivearchive-bomb-scanner)

ZIP and PNG bomb scanner for PHP.

[![Latest Version on Packagist](https://camo.githubusercontent.com/f1015f8670847bd700addb90bfc1e164f089bcf914e550b0b71a5913efc4ab79/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f72656c656173652f73656c6563746976652d7068702f617263686976652d626f6d622d7363616e6e65722e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/selective/archive-bomb-scanner)[![Software License](https://camo.githubusercontent.com/55c0218c8f8009f06ad4ddae837ddd05301481fcf0dff8e0ed9dadda8780713e/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d627269676874677265656e2e7376673f7374796c653d666c61742d737175617265)](LICENSE.md)[![Total Downloads](https://camo.githubusercontent.com/6e33a467f3c4dcc246d1c1870b0fec5d2e41fab435483d7f7204966c81cf7ffa/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f73656c6563746976652f617263686976652d626f6d622d7363616e6e65722e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/selective/archive-bomb-scanner/stats)

Features
--------

[](#features)

- Detection of ZIP archive bombs
- Detection of RAR archive bombs
- Detection of PNG bombs
- No dependencies
- Very fast

Requirements
------------

[](#requirements)

- PHP 8.1 - 8.4

Installation
------------

[](#installation)

```
composer require selective/archive-bomb-scanner

```

Usage
-----

[](#usage)

### Scan ZIP file

[](#scan-zip-file)

```
use Selective\ArchiveBomb\Scanner\BombScanner;
use Selective\ArchiveBomb\Engine\ZipBombEngine;
use SplFileObject;

$file = new SplFileObject('42.zip');

$scanner = new BombScanner();
$scanner->addEngine(new ZipBombEngine());

$scannerResult = $scanner->scanFile($file);

if ($scannerResult->isBomb()) {
    echo 'Archive bomb detected!';
} else {
    echo 'File is clean';
}
```

### Scan in-memory ZIP file

[](#scan-in-memory-zip-file)

```
use Selective\ArchiveBomb\BombScanner;
use Selective\ArchiveBomb\Engine\ZipBombEngine;
use SplTempFileObject;

$file = new SplTempFileObject();

$file->fwrite('my file content');

$scanner = new BombScanner();
$scanner->addEngine(new ZipBombEngine());

$isBomb = $detector->scanFile($file)->isBomb(); // true or false
```

### Scan RAR file

[](#scan-rar-file)

```
use Selective\ArchiveBomb\Scanner\BombScanner;
use Selective\ArchiveBomb\Engine\RarBombEngine;
use SplFileObject;

$file = new SplFileObject('10GB.rar');

$scanner = new BombScanner();
$scanner->addEngine(new RarBombEngine());

$scannerResult = $scanner->scanFile($file);

if ($scannerResult->isBomb()) {
    echo 'Archive bomb detected!';
} else {
    echo 'File is clean';
}
```

### Scan PNG file

[](#scan-png-file)

```
use Selective\ArchiveBomb\Scanner\BombScanner;
use Selective\ArchiveBomb\Engine\PngBombEngine;
use SplFileObject;

$file = new SplFileObject('example.png');

$scanner = new BombScanner();
$scanner->addEngine(new PngBombEngine());

$scannerResult = $scanner->scanFile($file);

if ($scannerResult->isBomb()) {
    echo 'PNG bomb detected!';
} else {
    echo 'File is clean';
}
```

License
-------

[](#license)

MIT

###  Health Score

52

—

FairBetter than 96% of packages

Maintenance55

Moderate activity, may be stable

Popularity39

Limited adoption so far

Community15

Small or concentrated contributor base

Maturity81

Battle-tested with a long release history

 Bus Factor1

Top contributor holds 92.5% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~312 days

Recently: every ~538 days

Total

8

Last Release

297d ago

Major Versions

0.3.0 → 1.0.02019-09-03

1.1.0 → 2.0.02022-04-29

PHP version history (4 changes)0.1.0PHP ^7.2

2.0.0PHP ^7.3 || ^8.0

2.1.0PHP ^8.1

2.2.0PHP 8.1.\* || 8.2.\* || 8.3.\* || 8.4.\*

### Community

Maintainers

![](https://www.gravatar.com/avatar/89d408d7f6ed65cdbeba70a2da2d0a8a1135fc37ebc07c44989f509221cc91bd?d=identicon)[odan](/maintainers/odan)

---

Top Contributors

[![odan](https://avatars.githubusercontent.com/u/781074?v=4)](https://github.com/odan "odan (62 commits)")[![peter279k](https://avatars.githubusercontent.com/u/9021747?v=4)](https://github.com/peter279k "peter279k (5 commits)")

---

Tags

archive-bomb-scannerphppngpng-bomb-scannerpng-bombsrar-bombrar-bomb-scannersecurityzip-bombzip-bomb-scannerzippngscannerarchive-bombzip-bombpng-bomb

###  Code Quality

TestsPHPUnit

Static AnalysisPHPStan

Code StylePHP CS Fixer

Type Coverage Yes

### Embed Badge

![Health badge](/badges/selective-archive-bomb-scanner/health.svg)

```
[![Health](https://phpackages.com/badges/selective-archive-bomb-scanner/health.svg)](https://phpackages.com/packages/selective-archive-bomb-scanner)
```

###  Alternatives

[defuse/php-encryption

Secure PHP Encryption Library

3.9k162.4M214](/packages/defuse-php-encryption)[enlightn/security-checker

A PHP dependency vulnerabilities scanner based on the Security Advisories Database.

33732.2M110](/packages/enlightn-security-checker)[mews/purifier

Laravel 5/6/7/8/9/10 HtmlPurifier Package

2.0k16.7M113](/packages/mews-purifier)[robrichards/xmlseclibs

A PHP library for XML Security

41478.1M118](/packages/robrichards-xmlseclibs)[bjeavons/zxcvbn-php

Realistic password strength estimation PHP library based on Zxcvbn JS

87117.5M63](/packages/bjeavons-zxcvbn-php)[psecio/iniscan

A scanner to evaluate php.ini security

1.5k64.0k2](/packages/psecio-iniscan)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)