Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
The type-is npm package is used to determine the MIME type of the content represented by a request or response object. It can check if the content type matches any of the given MIME types, which can be useful for handling requests in web applications, especially when dealing with REST APIs or any other HTTP-based interfaces.
Check content type
This feature allows you to check if a given content type matches one of the specified MIME types. In the code sample, it checks if 'image/png' is an image MIME type.
const typeis = require('type-is');
const contentType = 'image/png';
const result = typeis.is(contentType, ['image/*']); // returns 'image/png'
Determine if request has body
This feature checks if the request object has a body by inspecting the 'Content-Type' header.
const typeis = require('type-is');
const req = { headers: { 'content-type': 'text/html' } };
const hasBody = typeis.hasBody(req); // returns true
Determine the type of request
This feature determines the type of the request by checking if the 'Content-Type' header matches any of the provided MIME types.
const typeis = require('type-is');
const req = { headers: { 'content-type': 'application/json' } };
const result = typeis(req, ['json', 'urlencoded', 'multipart']); // returns 'json'
The mime-types package is similar to type-is in that it provides functionality for looking up MIME types based on file extensions and vice versa. However, it does not directly deal with request objects and is more focused on the mapping between MIME types and file extensions.
The content-type package is used to parse and format 'Content-Type' headers. Unlike type-is, it does not provide methods to check if a request or response matches a specific content type, but it can be used to construct and deconstruct 'Content-Type' headers.
The accepts package is designed to deal with the HTTP Accept header, allowing servers to negotiate content type with clients. It is similar to type-is in that it helps determine the type of content, but it focuses on what the client can accept, rather than what the server is receiving or sending.
Infer the content-type of a request.
$ npm install type-is
var http = require('http')
var is = require('type-is')
http.createServer(function (req, res) {
var istext = is(req, ['text/*'])
res.end('you ' + (istext ? 'sent' : 'did not send') + ' me text')
})
request
is the node HTTP request. types
is an array of types.
// req.headers.content-type = 'application/json'
is(req, ['json']) // 'json'
is(req, ['html', 'json']) // 'json'
is(req, ['application/*']) // 'application/json'
is(req, ['application/json']) // 'application/json'
is(req, ['html']) // false
json
. This name will be returned if matched.application/json
.*/json
or application/*
. The full mime type will be returned if matched+json
. This can be combined with a wildcard such as */vnd+json
or application/*+json
. The full mime type will be returned if matched.false
will be returned if no type matches.
var is = require('type-is');
function bodyParser(req, res, next) {
if (!is.hasBody(req)) {
return next()
}
switch (is(req, ['urlencoded', 'json', 'multipart'])) {
case 'urlencoded':
// parse urlencoded body
throw new Error('implement urlencoded body parsing')
break
case 'json':
// parse json body
throw new Error('implement json body parsing')
break
case 'multipart':
// parse multipart body
throw new Error('implement multipart body parsing')
break
default:
// 415 error code
res.statusCode = 415
res.end()
return
}
}
FAQs
Infer the content-type of a request.
The npm package type-is receives a total of 19,853,855 weekly downloads. As such, type-is popularity was classified as popular.
We found that type-is demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.