docs(recipes): add upload scanning recipe with pompelmi

[SonoTommy]

Summary

This PR adds a new recipe showing how to inspect uploaded files in NestJS before storage using Pompelmi.

Motivation

The current file upload documentation already covers multipart handling and basic validation such as file size and MIME type. This recipe adds a practical example for applications that also want deeper inspection of untrusted uploads before storing or processing them.

What changed

• added a new pompelmi.md recipe
• included a minimal NestJS example using FileInterceptor() and @UploadedFile()
• showed how to scan uploaded file contents before storage
• kept the recipe focused on practical integration without changing the existing upload documentation

Why this is useful

Basic upload validation is important, but applications that accept untrusted files may also want an extra layer before persisting uploads or passing them to downstream systems.

This recipe demonstrates one possible approach in a simple and self-contained way.

Notes

• this PR does not replace the existing file upload guidance
• it adds an optional recipe for projects that need content inspection of uploaded files
• the example is intentionally minimal and focused on real-world usage

[Copilot]

Pull request overview

Adds a new NestJS recipe demonstrating how to scan/inspect uploaded files with Pompelmi before storage, complementing existing upload validation guidance.

Changes:

• Added a new pompelmi.md recipe documenting upload scanning with NestJS FileInterceptor() + @UploadedFile().
• Included install instructions and a minimal controller example using scanBytes() with a strict policy.
• Added rationale/notes for scanning prior to persistence.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The instructions tell readers to install @pompelmi/nestjs-integration, but the provided example doesn’t use it. Either remove it from the install command or update the example to actually demonstrate the NestJS integration package; otherwise readers may add an unnecessary dependency.

Suggested change

	npm install pompelmi @pompelmi/nestjs-integration multer
	npm install pompelmi multer

[Copilot]

Express is typically used as a TypeScript namespace for Express.Multer.File and generally shouldn’t be imported as a named export from express (it may not exist as a runtime/named export depending on TS/module settings). Prefer removing this import and using the global Express namespace, or make it a type-only import that is valid for the project’s TS configuration.

Suggested change

import { Express } from 'express';

[Copilot]

Using memoryStorage() without demonstrating/mentioning Multer limits (especially fileSize) can enable memory exhaustion (DoS) if a large upload reaches this endpoint. Consider adding a limits: { fileSize: ... } example here (or an explicit note near this snippet) to ensure scanning-in-memory is paired with a strict size cap.

[Copilot]

This recipe starts with an H3 heading (###). If recipes are expected to have a single top-level title for correct page structure/ToC (commonly #), consider promoting this to the appropriate top-level heading to keep rendering consistent across recipes.

Suggested change

	### Scan uploaded files with Pompelmi
	# Scan uploaded files with Pompelmi

[SonoTommy]

Hi! Friendly follow-up on this PR.

This recipe is meant to be an optional, practical example for teams that want to inspect untrusted uploads before storage, in addition to the existing upload validation guidance.

I’m very happy to adjust the wording, structure, or package usage to better match the NestJS docs style if needed. Thanks for reviewing it.