Extractify.zip is open source progressive web app (PWA) website to view and extract zip files online without downloading them (client side). It is a free and open source project.
Website: https://extractify.zip/
Don’t we already have this all of our file browsers and archive browsers?
Don’t get me wrong, this is cool, but is there some reason not to extract a .zip file locally?
I’ve been using Linux, UNIX for a long time so I don’t know if it’s a Windows thing or what.
A compacted archive could be used as an attack vector.
- Zip Bombs
- Code execution through a vulnerability in the extracting algorithm
Both of them are valid for any OS.
My android file explorer don’t support .RAR or 7z archive. It’s only FOSS File Explorer
Oh yeah, that makes sense.
"7z-wasm": "^1.0.2",Ah, knew we were looking at a wrapper of my faithful companion here
extractify when i want to extract a 16 gb source code:
I’m confused. How are you defining “download” and “online” here?
The website suggests that the server holds the files and does the extraction:
Extract and Explore compressed files online [emphasis mine]
which fits with the github claim of:
to view and extract zip files online without downloading them
but the website also states that:
nothing leave your browser
which suggests that the server has nothing to do with it, and you do actually download the zip files first.
What am I missing?
I have no clue what’s meant by “without download”, but this app just uses web assembly to inspect the archive in the browser. The sandbox they talk about most likely refers to the browser sandboxing.
So it pretty much boils down to “risking running malicious code is fine, because this app as a whole is treated as malicious by the browser”.
Yeah, that’s what I was suspecting.
I ended up leaning towards “download” being used in the boomer way of meaning any data transfer, whatever the direction, which in this case would more specifically be called an “upload”. And that “online” was being used to mean “using a website”, even though the local processing is offline.
The alternative fit to the description I had considered was a website you could give an URL, so it retrieves the zip file and allows you to inspect it remotely, and maybe just download some of the contained files, so it deals with the risk and bandwidth issues for you. That would be a different kind of useful, though it’d only be a few days before someone uses it for malign purposes and gets the site operator a no-knock visit from the fuzz, so that seemed much less likely.
I can see a use for an app that can be used where they can’t be installed, though.
