Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
detect-file-type
Advanced tools
Detect file type by signatures. file-type inspired
jpg, png, gif, bmp, webp, tif, cr2, jxr, psd, zip, epub, xpi, tar, rar, gz, bz2, 7z, dmg, mp4, m4v, midi, mkv, webm, wmv, mpg, mov, avi, mp3, m4a, opus, ogg, flac, wav, amr, pdf, exe, swf, rtf, woff, woff2, eot, ttf, otf, ico, ps, flv, xz, sqlite, nes, crx, cab, deb, rpm, Z, lz, msi, svg
npm i --save detect-file-type
var detect = require('detect-file-type');
detect.fromFile('./image.jpg', function(err, result) {
if (err) {
return console.log(err);
}
console.log(result); // { ext: 'jpg', mime: 'image/jpeg' }
});
Detect file type from hard disk
filePath
- path to filebufferLength
- (optional) Buffer size (in bytes) starting from the start of file. By default 500. If size of file less than 500 bytes then param the same as size of the filecallback
Detect file type from buffer
buffer
- uint8arraycallback
Add new signature for file type detecting
signature
- a signature. See section about it belowDetecting of file type work via signatures. The simplest signature in JSON format looks like:
{
"type": "jpg",
"ext": "jpg",
"mime": "image/jpeg",
"rules": [
{ "type": "equal", "start": 0, "end": 2, "bytes": "ffd8" }
]
}
params:
type
- signature type, mostly it's the same as param 'ext'ext
- file extensionmime
- mime type of filerules
- list of rules for detectingMore details about param rules
:
This param have to be array of objects
type
- a rule type. There are available a few types: equal
, notEqual
, contains
, notContains
, or
, and
equal
- here is required field bytes
. We get a dump of buffer from start
(equals 0 by default) to end
(equals buffer.length by default). After that we compare the dump with value in param bytes
. If values are equal then this rule is correct.notEqual
- here is required field bytes
. We get a dump of buffer from start
(equals 0 by default) to end
(equals buffer.length by default). After that we compare the dump with value in param bytes
. If values aren't equal then this rule is correct.contains
- here is required field bytes
. We get a dump of buffer from start
(equals 0 by default) to end
(equals buffer.length by default). After that we try to find the sequence from bytes
in this dump. If the dump contains bytes
then rules is correct.notContains
- here is required field bytes
. We get a dump of buffer from start
(equals 0 by default) to end
(equals buffer.length by default). After that we try to find the sequence from bytes
in this dump. If the dump contains bytes
then rules is correct.or
and and
Actually, these types are necessary when you work with complicated signatures. For example, when file contains few sequences of bytes in different parts of file. Here is required field 'rules', where you should define set of another rules. See example:
{
"type": "tif",
"ext": "tif",
"mime": "image/tiff",
"rules": [
{ "type": "and", "rules":
[
{ "type": "notEqual", "start": 8, "end": 10, "bytes": "4352" },
{ "type": "or", "rules":
[
{ "type": "equal", "start": 0, "end": 4, "bytes": "49492a00" },
{ "type": "equal", "start": 0, "end": 4, "bytes": "4d4d002a" }
]
}
]
}
]
}
Explanation: If dump starts from 8th byte and ends to 10th byte isn't equal "4352", and dump starts from 0 and ends to 4th byte is equal "49492a00" or is equal "4d4d002a" then data looks like file with 'tif' format.
or
- means that any rules from rules
should be correct. If at least 1 rule is correct then list are correct too.and
- means that each rule from rules
should be correct. If all rules are correct then list is correct. When at least 1 rule fail then all list is incorrect.The rules or
and and
can be nested without restrictions.
WTFPL © Dmitry Pavlovsky
FAQs
Detect file type by signature
The npm package detect-file-type receives a total of 4,865 weekly downloads. As such, detect-file-type popularity was classified as popular.
We found that detect-file-type demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.