JSZipp — Main Demo

Demo route

Write, inspect, stream, then harden an untrusted ZIP.

This mirrors the browser trust-boundary workflow described in the docs.

Start Compressor Benchmark

Current run

Queue

entries queued

Output

0 B

archive bytes

Savings

—

after compression

CRC sample

pending

first file check

Forge an archive

ZipWriter.add → close

Sample entries

Drop your own files — they become Blob entries.
Folders preserve their paths.

Comments · writer.comment + meta.comment

Compression

original vs. stored bytes

Forge an archive to watch each entry compress.

Archive map

openZip().entries

Drop a .zip to inspect — or forge one first.

Path safety

Reader source

No archive open.

Entry reader

text() · bytes() · arrayBuffer()

Select an entry to read it three ways and verify its CRC‑32.

Streaming writer

ZipTransformStream

Entries written into .writable become ZIP bytes on .readable as you go — watch bytes leave before the last entry is even added. Nothing buffers the whole archive.

1 writing into .writable

Press run to feed entries in.

2 emitted from .readable

0 B

Byte chunks appear here in real time.

Read it back, one entry at a time

readZipStream()

for await (const entry of readZipStream(…)) pulls each entry forward-only: read text, skip binaries & directories, never seek back.

Run the streaming build (or forge / open an archive), then scan.

Each card crafts a real malicious archive, then opens it twice: once unguarded and once through a JSZipp guard option. Watch the guard slam shut while the naïve path lets the payload through. 0 / 4 blocked

jszipp · live api trace

JSZipp - ZIPs in the modern browserFast, compact, and defensive.

Forge an archive

Compression

Archive map

Entry reader

Streaming writer

Read it back, one entry at a time

JSZipp - ZIPs in the modern browser
Fast, compact, and defensive.