npmpackage.info

@labelbox/magic-bytes.js

A library for detecting file types.

1.0.15

136

MIT

TypeScript

3.17 kB

31,603 3.6

Installations

npm install @labelbox/magic-bytes.js

Developer Guide

BETA

Typescript

Yes

Module System

CommonJS

Node Version

16.14.2

NPM Version

8.5.0 Score

75.7

Supply Chain

97.1

Quality

82.8

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

7

Total

39

Closed

6

Merged

26

Issues

Open

3

Total

21

Closed

18

Releases

v1.10.0

Published on 29 Feb 2024

v1.9.0

Published on 29 Feb 2024

v1.8.0

Published on 11 Jan 2024

v1.7.0

Published on 11 Dec 2023

v1.6.0

Published on 03 Dec 2023

v1.5.0

Published on 02 Oct 2023

View all 11 releases

Contributors

Unable to fetch Contributors

View all 14 contributors

Languages

TypeScript

HTML

CSS

JavaScript

TypeScript (87.25%)

HTML (6.97%)

CSS (3.48%)

JavaScript (2.3%)

Developer

LarsKoelpin

Download Statistics

Total Downloads

31,603

Last Day

Last Week

Last Month

Last Year

5,187

GitHub Statistics

136 Stars

213 Commits

26 Forks

1 Watching

7 Branches

14 Contributors

Bundle Size

14.70 kB

Minified

3.17 kB

Minified + Gzipped

Bundlephobia

Maintainers

Package Meta Information

Latest Version

1.0.15

Package Id

@labelbox/magic-bytes.js@1.0.15

Unpacked Size

209.03 kB

Size

16.91 kB

File Count

NPM Version

8.5.0

Node Version

16.14.2

Total Downloads

Cumulative downloads

Total Downloads

31,603

Last day

Compared to previous day

Last week

100%

Compared to previous week

Last month

78.3%

Compared to previous month

Last year

-70.7%

5,187

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dev Dependencies

@babel/preset-typescript @changesets/cli @types/jest @types/node jest prettier regenerator-runtime ts-jest ts-node typescript prettier-plugin-organize-imports

Versions

Magic bytes

Magic Bytes is a javascript library analyzing the first bytes of a file to tell you its type. The procedure is based on https://en.wikipedia.org/wiki/List_of_file_signatures.

Installation

Run npm install magic-bytes.js

Usage

On server:

1import filetype from 'magic-bytes.js'
2
3filetype(fs.readFileSync("myimage.png")) // ["png"]

Using HTML:

1<input type="file" id="file" />
2
3 <script src="node_modules/magic-bytes.js/dist/browser.js" type="application/javascript"></script>
4<script>
5    document.getElementById("file").addEventListener('change', (event, x) => {
6      const fileReader = new FileReader();
7      fileReader.onloadend = (f) => {
8        const bytes = new Uint8Array(f.target.result);
9        console.log("Possible filetypes: " + filetypeinfo(bytes))
10      }
11      fileReader.readAsArrayBuffer(event.target.files[0])
12    })
13</script>

API

The following functions are availble:

filetypeinfo(bytes: number[]) Contains typeinformation like name, extension and mime type: [{typename: "zip"}, {typename: "jar"}]
filetypenames(bytes: number[]) : Contains type names only: ["zip", "jar"]
filetypemime(bytes: number[]) : Contains type mime types only: ["application/zip", "application/jar"]
filetypeextensions(bytes: number[]) : Contains type extensions only: ["zip", "jar"]

Both function return an empty array [] otherwise, which means it could not detect the file signature. Keep in mind that txt files for example fall in this category.

You don't have to load the whole file in memory. For validating a file uploaded to S3 using Lambda for example, it may be
enough to load the files first 100 bytes and validate against them. This is especially useful for big files.

see examples for practical usage.

Tests

Run npm test

Example

See examples/

How does it work

The create-snapshot.js creates a new tree. The tree has a similar shape to the following

1{
2  "0x47": {
3    "0x49": {
4      "0x46": {
5        "0x38": {
6          "0x37": {
7            "0x61": {
8              "matches": [
9                {
10                  "typename": "gif",
11                  "mime": "image/gif",
12                  "extension": "gif"
13                }
14              ]
15            }
16          },
17        }
18      }
19    }
20  }
21}

It acts as a giant lookup map for the given byte signatures. To check all available entries, have a look at pattern-tree.js and its generated pattern-tree.snapshot, which acts as a static resource.

Supported types

Please refer to src/pattern-tree.js

Roadmap

Specialize type detection(like zip) using offset-subtrees
Add encoding detection

No vulnerabilities found.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

9

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

2

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

1

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Maintained

Determines if the project is "actively maintained".

0

Fuzzing

Determines if the project uses fuzzing.

0

Security-Policy

Determines if the project has published a security policy.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

SAST

Determines if the project uses static code analysis.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Score

3.6

/10

Last Scanned on 2025-01-27

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More