Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
file-type
Advanced tools
The file-type npm package is used to detect the file type of a Buffer/Uint8Array/ArrayBuffer. It supports many file types including images, audio, video, fonts, and archive formats. It is particularly useful when the file extension is unknown or has been changed, as it checks the file signature against a list of known file types.
Detecting file type from a Buffer
This feature allows you to detect the file type of a file by reading it into a Buffer and using the `fromBuffer` method to determine the file type.
const FileType = require('file-type');
const fs = require('fs');
(async () => {
const buffer = fs.readFileSync('example.png');
const fileType = await FileType.fromBuffer(buffer);
console.log(fileType);
})();
Detecting file type from a stream
This feature allows you to detect the file type of a file by creating a readable stream and using the `fromStream` method to determine the file type.
const FileType = require('file-type');
const fs = require('fs');
(async () => {
const stream = fs.createReadStream('example.png');
const fileType = await FileType.fromStream(stream);
console.log(fileType);
})();
Detecting file type from a file path
This feature allows you to detect the file type directly from a file path using the `fromFile` method.
const FileType = require('file-type');
(async () => {
const fileType = await FileType.fromFile('example.png');
console.log(fileType);
})();
The 'mmmagic' package is an async libmagic binding for node.js for content type detection. It uses magic numbers to detect the file type, similar to file-type, but it requires libmagic to be installed on the system, which can be a downside compared to the pure JavaScript implementation of file-type.
The 'buffer-type' package is another module for detecting the content type of a Buffer. It is less popular and has fewer file signatures compared to file-type, which means it may not recognize as many file types.
The 'file-signature' package allows for identifying file types by checking their magic number signature. It is similar to file-type but has a smaller set of supported file types and a simpler API.
Detect the file type of a Buffer/Uint8Array
The file type is detected by checking the magic number of the buffer.
$ npm install file-type
const readChunk = require('read-chunk');
const fileType = require('file-type');
const buffer = readChunk.sync('unicorn.png', 0, 4100);
fileType(buffer);
//=> {ext: 'png', mime: 'image/png'}
Or from a remote location:
const http = require('http');
const fileType = require('file-type');
const url = 'http://assets-cdn.github.com/images/spinners/octocat-spinner-32.gif';
http.get(url, res => {
res.once('data', chunk => {
res.destroy();
console.log(fileType(chunk));
//=> {ext: 'gif', mime: 'image/gif'}
});
});
const xhr = new XMLHttpRequest();
xhr.open('GET', 'unicorn.png');
xhr.responseType = 'arraybuffer';
xhr.onload = () => {
fileType(new Uint8Array(this.response));
//=> {ext: 'png', mime: 'image/png'}
};
xhr.send();
Returns an Object
with:
ext
- One of the supported file typesmime
- The MIME typeOr null
when no match.
Type: Buffer
Uint8Array
It only needs the first 4100 bytes.
jpg
png
gif
webp
flif
cr2
tif
bmp
jxr
psd
zip
tar
rar
gz
bz2
7z
dmg
mp4
m4v
mid
mkv
webm
mov
avi
wmv
mpg
mp2
mp3
m4a
ogg
opus
flac
wav
qcp
amr
pdf
epub
mobi
- Mobipocketexe
swf
rtf
woff
woff2
eot
ttf
otf
ico
flv
ps
xz
sqlite
nes
crx
xpi
cab
deb
ar
rpm
Z
lz
msi
mxf
mts
wasm
blend
bpg
docx
pptx
xlsx
3gp
jp2
- JPEG 2000jpm
- JPEG 2000jpx
- JPEG 2000mj2
- Motion JPEG 2000aif
odt
- OpenDocument for word processingods
- OpenDocument for spreadsheetsodp
- OpenDocument for presentationsxml
heic
cur
ktx
ape
- Monkey's AudioSVG isn't included as it requires the whole file to be read, but you can get it here.
Pull request welcome for additional commonly used file types.
MIT
FAQs
Detect the file type of a file, stream, or data
We found that file-type demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.