Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The mime-db package is a comprehensive database of MIME types based on the mime-types npm package. It provides an API to access MIME type definitions, which are compiled from various sources. It is often used to look up MIME types based on file extensions or vice versa.
Lookup MIME type for a given file extension
This feature allows you to get the MIME type for a specific file extension. In the code sample, we are looking up the MIME type for JSON files.
const mimeDb = require('mime-db');
const mimeType = mimeDb['json'].type;
Get extensions for a given MIME type
This feature enables you to retrieve the file extensions associated with a particular MIME type. In the code sample, we are getting the extensions for 'application/json'.
const mimeDb = require('mime-db');
const extensions = mimeDb['application/json'].extensions;
Access MIME type data
This feature provides access to the data associated with a specific MIME type, including the source of the information, charset, and whether it's compressible. The code sample demonstrates how to access the data for 'application/json'.
const mimeDb = require('mime-db');
const mimeData = mimeDb['application/json'];
The mime-types package is a lightweight version of mime-db that provides utility functions to work with MIME types, such as looking up MIME types and extensions. It is built on top of mime-db and offers a simpler API for common use cases.
The mime package is another popular alternative that allows users to look up MIME types based on file extensions and vice versa. It offers a more limited dataset compared to mime-db but includes a simple API for the most common MIME type operations.
This is a large database of mime types and information about them. It consists of a single, public JSON file and does not include any logic, allowing it to remain as un-opinionated as possible with an API. It aggregates data from the following sources:
npm install mime-db
If you intend to use this in a web browser, you can conveniently access the JSON file via jsDelivr, a popular CDN (Content Delivery Network). To ensure stability and compatibility, it is advisable to specify a release tag instead of using the 'master' branch. This is because the JSON file's format might change in future updates, and relying on a specific release tag will prevent potential issues arising from these changes.
https://cdn.jsdelivr.net/gh/jshttp/mime-db@master/db.json
var db = require('mime-db')
// grab data on .js files
var data = db['application/javascript']
The JSON file is a map lookup for lowercased mime types. Each mime type has the following properties:
.source
- where the mime type is defined.
If not set, it's probably a custom media type.
apache
- Apache common media typesiana
- IANA-defined media typesnginx
- nginx media types.extensions[]
- known extensions associated with this mime type..compressible
- whether a file of this type can be gzipped..charset
- the default charset associated with this type, if any.If unknown, every property could be undefined
.
The primary way to contribute to this database is by updating the data in one of the upstream sources. The database is updated from the upstreams periodically and will pull in any changes.
The best way to get new media types included in this library is to register them with the IANA. The community registration procedure is outlined in RFC 6838 section 5. Types registered with the IANA are automatically pulled into this library.
If that is not possible / feasible, they can be added directly here as a "custom" type. To do this, it is required to have a primary source that definitively lists the media type. If an extension is going to be listed as associateed with this media type, the source must definitively link the media type and extension as well.
To edit the database, only make PRs against src/custom-types.json
or
src/custom-suffix.json
.
The src/custom-types.json
file is a JSON object with the MIME type as the
keys and the values being an object with the following keys:
compressible
- leave out if you don't know, otherwise true
/false
to
indicate whether the data represented by the type is typically compressible.extensions
- include an array of file extensions that are associated with
the type.notes
- human-readable notes about the type, typically what the type is.sources
- include an array of URLs of where the MIME type and the associated
extensions are sourced from. This needs to be a primary source;
links to type aggregating sites and Wikipedia are not acceptable.To update the build, run npm run build
.
FAQs
Media Type Database
We found that mime-db demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.