Installations
npm install @edge-js/content-dispositionDeveloper Guide
Typescript
No
Module System
N/A
Min. Node Version
>= 0.6
Node Version
18.18.0
NPM Version
9.8.1
Score
71.4
Supply Chain
98.3
Quality
75
Maintenance
100
Vulnerability
100
License
Releases
Contributors
Languages
JavaScript (100%)
Developer
jshttp
Download Statistics
Total Downloads
229
Last Day
1
Last Week
2
Last Month
8
Last Year
125
GitHub Statistics
225 Stars
144 Commits
44 Forks
16 Watching
5 Branches
33 Contributors
Bundle Size
3.04 kB
Minified
1.36 kB
Minified + Gzipped
Maintainers
Package Meta Information
Latest Version
0.5.4
Package Id
@edge-js/content-disposition@0.5.4
Unpacked Size
18.68 kB
Size
6.59 kB
File Count
5
NPM Version
9.8.1
Node Version
18.18.0
Publised On
24 Sept 2023
Total Downloads
Cumulative downloads
Total Downloads
229
Last day
0%
1
Compared to previous day
Last week
0%
2
Compared to previous week
Last month
0%
8
Compared to previous month
Last year
20.2%
125
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
content-disposition
Create and parse HTTP Content-Disposition header
Installation
1$ npm install content-disposition
API
1var contentDisposition = require('content-disposition')
contentDisposition(filename, options)
Create an attachment Content-Disposition header value using the given file name,
if supplied. The filename is optional and if no file name is desired, but you
want to specify options, set filename to undefined.
1res.setHeader('Content-Disposition', contentDisposition('∫ maths.pdf'))
note HTTP headers are of the ISO-8859-1 character set. If you are writing this
header through a means different from setHeader in Node.js, you'll want to specify
the 'binary' encoding in Node.js.
Options
contentDisposition accepts these properties in the options object.
fallback
If the filename option is outside ISO-8859-1, then the file name is actually
stored in a supplemental field for clients that support Unicode file names and
a ISO-8859-1 version of the file name is automatically generated.
This specifies the ISO-8859-1 file name to override the automatic generation or
disables the generation all together, defaults to true.
- A string will specify the ISO-8859-1 file name to use in place of automatic generation.
falsewill disable including a ISO-8859-1 file name and only include the Unicode version (unless the file name is already ISO-8859-1).truewill enable automatic generation if the file name is outside ISO-8859-1.
If the filename option is ISO-8859-1 and this option is specified and has a
different value, then the filename option is encoded in the extended field
and this set as the fallback field, even though they are both ISO-8859-1.
type
Specifies the disposition type, defaults to "attachment". This can also be
"inline", or any other value (all values except inline are treated like
attachment, but can convey additional information if both parties agree to
it). The type is normalized to lower-case.
contentDisposition.parse(string)
1var disposition = contentDisposition.parse('attachment; filename="EURO rates.txt"; filename*=UTF-8\'\'%e2%82%ac%20rates.txt')
Parse a Content-Disposition header string. This automatically handles extended
("Unicode") parameters by decoding them and providing them under the standard
parameter name. This will return an object with the following properties (examples
are shown for the string 'attachment; filename="EURO rates.txt"; filename*=UTF-8\'\'%e2%82%ac%20rates.txt'):
-
type: The disposition type (always lower case). Example:'attachment' -
parameters: An object of the parameters in the disposition (name of parameter always lower case and extended versions replace non-extended versions). Example:{filename: "€ rates.txt"}
Examples
Send a file for download
1var contentDisposition = require('content-disposition') 2var destroy = require('destroy') 3var fs = require('fs') 4var http = require('http') 5var onFinished = require('on-finished') 6 7var filePath = '/path/to/public/plans.pdf' 8 9http.createServer(function onRequest (req, res) { 10 // set headers 11 res.setHeader('Content-Type', 'application/pdf') 12 res.setHeader('Content-Disposition', contentDisposition(filePath)) 13 14 // send file 15 var stream = fs.createReadStream(filePath) 16 stream.pipe(res) 17 onFinished(res, function () { 18 destroy(stream) 19 }) 20})
Testing
1$ npm test
References
- RFC 2616: Hypertext Transfer Protocol -- HTTP/1.1
- RFC 5987: Character Set and Language Encoding for Hypertext Transfer Protocol (HTTP) Header Field Parameters
- RFC 6266: Use of the Content-Disposition Header Field in the Hypertext Transfer Protocol (HTTP)
- Test Cases for HTTP Content-Disposition header field (RFC 6266) and the Encodings defined in RFCs 2047, 2231 and 5987
License
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
project has 6 contributing companies or organizations
Details
- Info: stream-utils contributor org/company found, repo-utils contributor org/company found, crypto-utils contributor org/company found, nodejs contributor org/company found, mysqljs contributor org/company found, ExpressGateway contributor org/company found,
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
0 existing vulnerabilities detected
Reason
9 out of 10 merged PRs checked by a CI test -- score normalized to 9
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/jshttp/.github/SECURITY.md:1
- Warn: no linked content found
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/jshttp/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/jshttp/.github/SECURITY.md:1
Reason
4 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/jshttp/content-disposition/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/jshttp/content-disposition/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/jshttp/content-disposition/ci.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:61
- Info: 3 out of 4 GitHub-owned GitHubAction dependencies pinned
- Info: 1 out of 3 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
Found 8/29 approved changesets -- score normalized to 2
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
no update tool detected
Details
- Warn: no dependency update tool configurations found
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 11 are checked with a SAST tool
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:18
- Info: no jobLevel write permissions found
Score
4.3
/10
Last Scanned on 2025-01-13T21:25:44Z
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More