extractify.zip: Extract and Explore compressed files online and securely (github.com)

submitted 2 days ago by sag@lemm.ee to c/opensource@lemmy.ml

12 comments fedilink hide all child comments

Extractify.zip is open source progressive web app (PWA) website to view and extract zip files online without downloading them (client side). It is a free and open source project.

Website: https://extractify.zip/

top 12 comments

sorted by: hot top controversial new old

[-] scrubbles@poptalk.scrubbles.tech 25 points 1 day ago

"7z-wasm": "^1.0.2",

Ah, knew we were looking at a wrapper of my faithful companion here

[-] fmstrat@lemmy.nowsci.com 1 points 1 day ago

Integrate with ClamAV or VirusTotal and this would be a masterpiece.

[-] pastermil@sh.itjust.works 4 points 1 day ago

Don't we already have this all of our file browsers and archive browsers?

[-] undefined@lemmy.hogru.ch 3 points 1 day ago

Don’t get me wrong, this is cool, but is there some reason not to extract a .zip file locally?

I’ve been using Linux, UNIX for a long time so I don’t know if it’s a Windows thing or what.

[-] ShortN0te@lemmy.ml 4 points 1 day ago

A compacted archive could be used as an attack vector.

Zip Bombs
Code execution through a vulnerability in the extracting algorithm

Both of them are valid for any OS.

[-] fmstrat@lemmy.nowsci.com 3 points 1 day ago

I had thought for virus scanning, but it doesnt seem to do that yet.

[-] sag@lemm.ee 1 points 1 day ago

My android file explorer don't support .RAR or 7z archive. It's only FOSS File Explorer

[-] undefined@lemmy.hogru.ch 1 points 1 day ago

Oh yeah, that makes sense.

[-] aebletrae@hexbear.net 7 points 1 day ago

I'm confused. How are you defining "download" and "online" here?

The website suggests that the server holds the files and does the extraction:

Extract and Explore compressed files online [emphasis mine]

which fits with the github claim of:

to view and extract zip files online without downloading them

but the website also states that:

nothing leave your browser

which suggests that the server has nothing to do with it, and you do actually download the zip files first.

What am I missing?

[-] Markaos@lemmy.one 5 points 1 day ago

I have no clue what's meant by "without download", but this app just uses web assembly to inspect the archive in the browser. The sandbox they talk about most likely refers to the browser sandboxing.

So it pretty much boils down to "risking running malicious code is fine, because this app as a whole is treated as malicious by the browser".

[-] aebletrae@hexbear.net 2 points 1 day ago

Yeah, that's what I was suspecting.

I ended up leaning towards "download" being used in the boomer way of meaning any data transfer, whatever the direction, which in this case would more specifically be called an "upload". And that "online" was being used to mean "using a website", even though the local processing is offline.

The alternative fit to the description I had considered was a website you could give an URL, so it retrieves the zip file and allows you to inspect it remotely, and maybe just download some of the contained files, so it deals with the risk and bandwidth issues for you. That would be a different kind of useful, though it'd only be a few days before someone uses it for malign purposes and gets the site operator a no-knock visit from the fuzz, so that seemed much less likely.

I can see a use for an app that can be used where they can't be installed, though.