How this started: a client sent over a handover zip — contracts, spreadsheets, the sensitive stuff — to a laptop that, thanks to a fresh corporate reimage, had no unzip tool on it at all. Every "unzip online" result wanted the archive uploaded first. Upload the confidential file. To a page with a cartoon animal and no surname behind it. I did it the ugly way that night (mailed it to an older machine), then spent a week reading how a zip is actually built: an index at the tail, a checksum on every file, and one openly published compression method from 1996. So this page exists. The decompressor is written straight from that document, checked byte-for-byte against the reference tool, and there is nowhere to upload anything because there is no server behind the page.
— just me, the one who got tired of the upload button
Why hand-write DEFLATE when the browser ships DecompressionStream?
Because that API inflates a raw stream, but a zip is a container of many entries with headers, offsets and checksums that something still has to parse — and once you're parsing the container honestly, owning the decompressor means every byte's path is code I can stand behind. (Making a zip does lean on the browser's CompressionStream — the right tool right where it fits.)
A row shows ✗ and a failed checksum — now what?
That entry is damaged — a truncated download, a disk blip, or a bad copy made years ago. Re-fetch the zip if you can; if not, the other files' ✓ marks still hold (each entry is independent), and the broken one is honestly past any opener's help.
Do Mac-made zips open cleanly?
Yes — including the __MACOSX folders macOS tucks inside (shown plainly; take them or ignore them) and UTF-8 filenames. Windows zips with legacy encodings get the old-codepage reading, which clears the usual garbled characters.
Which archive formats does it actually speak?
ZIP, TAR, GZ, TGZ and TAR.GZ — all through the one hand-written DEFLATE engine, because gzip and zip share the same compression underneath and tar is just an uncompressed box of headers. RAR and 7z are a different answer: proprietary or separate compressors that would each be their own engine, so pretending would only earn distrust. This does the family it can vouch for, byte by byte.
Why does a tar row show a header check, not a checksum?
Because that is all tar carries. A ZIP stamps a CRC-32 per file and gzip stamps one over the whole stream — both get recomputed and shown. Tar's header holds a sum over the header itself, no per-file data digest, so it verifies what exists and labels it honestly rather than inventing a green tick the format never promised.