Gathering detailed insights and metrics for content-type-parser
Gathering detailed insights and metrics for content-type-parser
Parses, serializes, and manipulates MIME types, according to the WHATWG MIME Sniffing Standard
Installations
npm install content-type-parserDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Node Version
8.6.0
NPM Version
5.4.2
Score
99.8
Supply Chain
84.4
Quality
74.8
Maintenance
100
Vulnerability
100
License
Releases
10
Languages
1
JavaScript
JavaScript (100%)
Developer
jsdom
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
88 Stars
35 Commits
19 Forks
7 Watchers
1 Branches
9 Contributors
Updated on Jul 04, 2025
Maintainers
1
Package Meta Information
Latest Version
1.0.2
Package Id
content-type-parser@1.0.2
Size
3.07 kB
NPM Version
5.4.2
Node Version
8.6.0
Published on
Oct 23, 2017
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Parse Content-Type Header Strings
This package will parse the Content-Type header field into an introspectable data structure, whose parameters can be manipulated:
1const contentTypeParser = require("content-type-parser"); 2 3const contentType = contentTypeParser(`Text/HTML;Charset="utf-8"`); 4 5console.assert(contentType.toString() === "text/html;charset=utf-8"); 6 7console.assert(contentType.type === "text"); 8console.assert(contentType.subtype === "html"); 9console.assert(contentType.get("charset") === "utf-8"); 10 11contentType.set("charset", "windows-1252"); 12console.assert(contentType.get("charset") === "windows-1252"); 13console.assert(contentType.toString() === "text/html;charset=windows-1252"); 14 15console.assert(contentType.isHTML() === true); 16console.assert(contentType.isXML() === false); 17console.assert(contentType.isText() === true);
Note how parsing will lowercase the type, subtype, and parameter name tokens (but not parameter values).
If the passed string cannot be parsed as a content-type, contentTypeParser will return null.
ContentType instance API
This package's main module's default export will return an instance of the ContentType class, which has the following public APIs:
Properties
type: the top-level media type, e.g."text"subtype: the subtype, e.g."html"parameterList: an array of{ separator, key, value }pairs representing the parameters. Theseparatorfield contains any whitespace, not just the;character.
Parameter manipulation
In general you should not directly manipulate parameterList. Instead, use the following APIs:
get("key"): returns the value of the parameter with the given key, orundefinedif no such parameter is presentset("key", "value"): adds the given key/value pair to the parameter list, or overwrites the existing value if an entry already existed
Both of these will lowercase the keys.
MIME type tests
isHTML(): returns true if this instance's MIME type is the HTML MIME type,"text/html"isXML(): returns true if this instance's MIME type is an XML MIME typeisText(): returns true if this instance's top-level media type is"text"
Serialization
toString()will return a canonicalized representation of the content-type, re-built from the parsed components
Credits
This package was originally based on the excellent work of @nicolashenry, in jsdom. It has since been pulled out into this separate package.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE.txt:0
- Info: FSF or OSI recognized license: MIT License: LICENSE.txt:0
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/jsdom/.github/SECURITY.md:1
- Info: Found linked content: github.com/jsdom/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/jsdom/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/jsdom/.github/SECURITY.md:1
Reason
2 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/jsdom/whatwg-mimetype/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/jsdom/whatwg-mimetype/build.yml/main?enable=pin
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 1 out of 1 npmCommand dependencies pinned
Reason
Found 2/27 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/build.yml:1
- Info: no jobLevel write permissions found
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 12 are checked with a SAST tool
Score
4.1
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More