Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
detect-file-type
Advanced tools
Detect file type by signatures. file-type inspired
npm i detect-file-type
var detect = require('detect-file-type');
detect.fromFile('./image.jpg', function(err, result) {
if (err) {
return console.log(err);
}
console.log(result); // { ext: 'jpg', mime: 'image/jpeg' }
});
Detect file type from hard disk
filePath
- path to filebufferLength
- (optional) Buffer size (in bytes) starting from the start of file. By default 500. If size of file less than 500Kb then param the same as size of the filecallback
Detect file type from buffer
buffer
- uint8arraycallback
Add new signature for file type detecting
signature
- a signature. See section about it belowDetecting of file type work via signatures. The simplest signature in JSON format looks like:
{
"type": "jpg",
"ext": "jpg",
"mime": "image/jpeg",
"rules": [
{ "type": "equal", "start": 0, "end": 2, "bytes": "ffd8" }
]
}
params:
type
- signature type, mostly it's the same as param 'ext'ext
- file extensionmime
- mime type of filerules
- list of rules for detectingMore details about param rules
:
This param have to be array of objects
type
- a rule type. There are available a few types: equal
, notEqual
, contains
, notContains
, or
, and
equal
- here is required field bytes
. We get a dump of buffer from start
(equals 0 by default) to end
(equals buffer.length by default). After that we compare the dump with value in param bytes
. If values are equal then this rule is correct.notEqual
- обязательно содержит поле bytes
. We get a dump of buffer from start
(equals 0 by default) to end
(equals buffer.length by default). After that we compare the dump with value in param bytes
. If values aren't equal then this rule is correct.contains
- here is required field bytes
. We get a dump of buffer from start
(equals 0 by default) to end
(equals buffer.length by default). After that we try to find the sequence from bytes
in this dump. If the dump contains bytes
then rules is correct.notContains
- here is required field bytes
. We get a dump of buffer from start
(equals 0 by default) to end
(equals buffer.length by default). After that we try to find the sequence from bytes
in this dump. If the dump contains bytes
then rules is correct.or
and and
Actually, these types are necessary when you work with complicated signatures. For example, when file contains few sequences of bytes in different parts of file. Here is required field 'rules', where you should define set of another rules. See example:
{
"type": "tif",
"ext": "tif",
"mime": "image/tiff",
"rules": [
{ "type": "and", "rules":
[
{ "type": "notEqual", "start": 8, "end": 10, "bytes": "4352" },
{ "type": "or", "rules":
[
{ "type": "equal", "start": 0, "end": 4, "bytes": "49492a00" },
{ "type": "equal", "start": 0, "end": 4, "bytes": "4d4d002a" }
]
}
]
}
]
}
Explanation: If dump starts from 8th byte and ends to 10th byte isn't equal "4352", and dump starts from 0 and ends to 4th byte is equal "49492a00" or is equal "4d4d002a" then data looks like file with 'tif' format.
or
- means that any rules from rules
should be correct. If at least 1 rule is correct then list are correct too.and
- means that each rule from rules
should be correct. If all rules are correct then list is correct. When at least 1 rule fail then all list is incorrect.The rules or
and and
can be nested without restrictions.
WTFPL © Dmitry Pavlovsky
FAQs
Detect file type by signature
The npm package detect-file-type receives a total of 4,778 weekly downloads. As such, detect-file-type popularity was classified as popular.
We found that detect-file-type demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.