Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The mime npm package is a utility for handling and transforming file MIME types. It provides functionality to lookup the MIME type for a file based on its extension, determine the default extension for a MIME type, and define custom MIME type mappings.
Lookup MIME type by extension
This feature allows you to get the MIME type for a given file extension. In the code sample, we are looking up the MIME type for a '.json' file, which returns 'application/json'.
const mime = require('mime');
const mimeType = mime.getType('json'); // 'application/json'
Lookup extension by MIME type
This feature enables you to find the default file extension for a given MIME type. In the code sample, we are finding the extension for the MIME type 'application/json', which returns 'json'.
const mime = require('mime');
const extension = mime.getExtension('application/json'); // 'json'
Define custom MIME type mappings
This feature allows you to define custom MIME type mappings. In the code sample, we are adding a custom MIME type 'text/x-some-format' with multiple extensions. The second argument 'true' indicates that the custom types should take precedence over the built-in types.
const mime = require('mime');
mime.define({ 'text/x-some-format': ['x-sf', 'x-sft', 'x-sfml'] }, true);
The 'mime-types' package is similar to 'mime' in that it provides MIME type lookup based on file extension and vice versa. It is based on the mime-db dataset, which is a comprehensive dataset of MIME types compiled from various sources. Compared to 'mime', it might offer a more extensive and updated list of MIME types.
The 'file-type' package goes beyond simple MIME type lookup by extension; it can detect the actual MIME type of a file or a Buffer by checking the file's magic numbers (file signatures). This can be more reliable than 'mime' when dealing with files that have incorrect or missing extensions.
An API for MIME type information.
[!Note]
mime@4
is nowlatest
. If you're upgrading frommime@3
, note the following:
mime@4
is API-compatible withmime@3
, withonetwo exceptions:
- Direct imports of
mime
properties no longer supportedmime.define()
cannot be called on the defaultmime
object- ESM module support is required. ESM Module FAQ.
- Requires an ES2020 or newer runtime
- Built-in Typescript types (
@types/mime
no longer needed)
npm install mime
For the full version (800+ MIME types, 1,000+ extensions):
import mime from 'mime';
mime.getType('txt'); // ⇨ 'text/plain'
mime.getExtension('text/plain'); // ⇨ 'txt'
mime/lite
is a drop-in mime
replacement, stripped of unofficial ("prs.*
", "x-*
", "vnd.*
") types:
import mime from 'mime/lite';
mime.getType(pathOrExtension)
Get mime type for the given file path or extension. E.g.
mime.getType('js'); // ⇨ 'text/javascript'
mime.getType('json'); // ⇨ 'application/json'
mime.getType('txt'); // ⇨ 'text/plain'
mime.getType('dir/text.txt'); // ⇨ 'text/plain'
mime.getType('dir\\text.txt'); // ⇨ 'text/plain'
mime.getType('.text.txt'); // ⇨ 'text/plain'
mime.getType('.txt'); // ⇨ 'text/plain'
null
is returned in cases where an extension is not detected or recognized
mime.getType('foo/txt'); // ⇨ null
mime.getType('bogus_type'); // ⇨ null
mime.getExtension(type)
Get file extension for the given mime type. Charset options (often included in Content-Type headers) are ignored.
mime.getExtension('text/plain'); // ⇨ 'txt'
mime.getExtension('application/json'); // ⇨ 'json'
mime.getExtension('text/html; charset=utf8'); // ⇨ 'html'
mime.getAllExtensions(type)
[!Note] New in
mime@4
Get all file extensions for the given mime type.
mime.getAllExtensions('image/jpeg'); // ⇨ Set(3) { 'jpeg', 'jpg', 'jpe' }
Mime
instancesThe default mime
objects are immutable. Custom, mutable versions can be created as follows...
Create a new, custom mime instance. For example, to create a mutable version of the default mime
instance:
import { Mime } from 'mime/lite';
import standardTypes from 'mime/types/standard.js';
import otherTypes from 'mime/types/other.js';
const mime = new Mime(standardTypes, otherTypes);
Each argument is passed to the define()
method, below. For example new Mime(standardTypes, otherTypes)
is synonomous with new Mime().define(standardTypes).define(otherTypes)
mime.define(type map [, force = false])
[!Note] Only available on custom
Mime
instances
Define MIME type -> extensions.
Attempting to map a type to an already-defined extension will throw
unless the force
argument is set to true
.
mime.define({'text/x-abc': ['abc', 'abcd']});
mime.getType('abcd'); // ⇨ 'text/x-abc'
mime.getExtension('text/x-abc') // ⇨ 'abc'
$ mime scripts/jquery.js
text/javascript
$ mime -r image/jpeg
jpeg
FAQs
A comprehensive library for mime-type mapping
We found that mime demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.