Gathering detailed insights and metrics for mime-db
Gathering detailed insights and metrics for mime-db
Installations
npm install mime-dbDeveloper Guide
BETA
Typescript
No
Module System
N/A
Min. Node Version
>= 0.6
Node Version
23.5.0
NPM Version
10.9.2
Score
99.7
Supply Chain
99.6
Quality
82.4
Maintenance
100
Vulnerability
100
License
Releases
63
Languages
1
JavaScript
JavaScript (100%)
Developer
jshttp
Download Statistics
Total Downloads
14,453,916,483
Last Day
5,436,968
Last Week
84,036,301
Last Month
363,611,828
Last Year
3,326,606,907
GitHub Statistics
MIT License
1,166 Stars
858 Commits
271 Forks
43 Watchers
23 Branches
103 Contributors
Updated on Jul 01, 2025
Bundle Size
156.82 kB
Minified
22.60 kB
Minified + Gzipped
Maintainers
3
Package Meta Information
Latest Version
1.54.0
Package Id
mime-db@1.54.0
Unpacked Size
220.28 kB
Size
28.84 kB
File Count
6
NPM Version
10.9.2
Node Version
23.5.0
Published on
Mar 18, 2025
Total Downloads
Cumulative downloads
Total Downloads
14,453,916,483
Last Day
-4.3%
5,436,968
Compared to previous day
Last Week
-5.8%
84,036,301
Compared to previous week
Last Month
10.1%
363,611,828
Compared to previous month
Last Year
32.4%
3,326,606,907
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
mime-db
This is a large database of mime types and information about them. It consists of a single, public JSON file and does not include any logic, allowing it to remain as un-opinionated as possible with an API. It aggregates data from the following sources:
- https://www.iana.org/assignments/media-types/media-types.xhtml
- https://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types
- https://hg.nginx.org/nginx/raw-file/default/conf/mime.types
Installation
1npm install mime-db
Database Download
If you intend to use this in a web browser, you can conveniently access the JSON file via jsDelivr, a popular CDN (Content Delivery Network). To ensure stability and compatibility, it is advisable to specify a release tag instead of using the 'master' branch. This is because the JSON file's format might change in future updates, and relying on a specific release tag will prevent potential issues arising from these changes.
https://cdn.jsdelivr.net/gh/jshttp/mime-db@master/db.json
Usage
1var db = require('mime-db') 2 3// grab data on .js files 4var data = db['application/javascript']
Data Structure
The JSON file is a map lookup for lowercased mime types. Each mime type has the following properties:
.source- where the mime type is defined. If not set, it's probably a custom media type.apache- Apache common media typesiana- IANA-defined media typesnginx- nginx media types
.extensions[]- known extensions associated with this mime type..compressible- whether a file of this type can be gzipped..charset- the default charset associated with this type, if any.
If unknown, every property could be undefined.
Note on MIME Type Data and Semver
This package considers the programmatic api as the semver compatibility. This means the MIME type resolution is not considered
in the semver bumps. This means that if you want to pin your mime-db data you will need to do it in your application. While
this expectation was not set in docs until now, it is how the pacakge operated, so we do not feel this is a breaking change.
Contributing
The primary way to contribute to this database is by updating the data in one of the upstream sources. The database is updated from the upstreams periodically and will pull in any changes.
Registering Media Types
The best way to get new media types included in this library is to register them with the IANA. The community registration procedure is outlined in RFC 6838 section 5. Types registered with the IANA are automatically pulled into this library.
Direct Inclusion
If that is not possible / feasible, they can be added directly here as a "custom" type. To do this, it is required to have a primary source that definitively lists the media type. If an extension is going to be listed as associated with this media type, the source must definitively link the media type and extension as well.
To edit the database, only make PRs against src/custom-types.json or
src/custom-suffix.json.
The src/custom-types.json file is a JSON object with the MIME type as the
keys and the values being an object with the following keys:
compressible- leave out if you don't know, otherwisetrue/falseto indicate whether the data represented by the type is typically compressible.extensions- include an array of file extensions that are associated with the type.notes- human-readable notes about the type, typically what the type is.sources- include an array of URLs of where the MIME type and the associated extensions are sourced from. This needs to be a primary source; links to type aggregating sites and Wikipedia are not acceptable.
To update the build, run npm run build.
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
project has 18 contributing companies or organizations
Details
- Info: jshttp contributor org/company found, pillarjs contributor org/company found, houzz contributor org/company found, citation-style-language contributor org/company found, mysqljs contributor org/company found, use-init contributor org/company found, pau-ci contributor org/company found, stream-utils contributor org/company found, repo-utils contributor org/company found, nodejs contributor org/company found, ExpressGateway contributor org/company found, fripfrap contributor org/company found, whatwg contributor org/company found, crypto-utils contributor org/company found, koajs contributor org/company found, expressjs contributor org/company found, diveintomark contributor org/company found, h5bp contributor org/company found,
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
0 existing vulnerabilities detected
Reason
5 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 7
Reason
6 out of 12 merged PRs checked by a CI test -- score normalized to 5
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/jshttp/.github/SECURITY.md:1
- Warn: no linked content found
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/jshttp/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/jshttp/.github/SECURITY.md:1
Reason
Found 11/29 approved changesets -- score normalized to 3
Reason
dependency not pinned by hash detected -- score normalized to 1
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:127
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:223
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:234
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:241
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:251
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/generate.yml:18
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/generate.yml:21
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/generate.yml:32
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:173
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:189
- Warn: npmCommand not pinned by hash: .github/workflows/generate.yml:27
- Warn: npmCommand not pinned by hash: .github/workflows/generate.yml:30
- Info: 3 out of 9 GitHub-owned GitHubAction dependencies pinned
- Info: 1 out of 3 third-party GitHubAction dependencies pinned
- Info: 0 out of 4 npmCommand dependencies pinned
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
no update tool detected
Details
- Warn: no dependency update tool configurations found
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 12 are checked with a SAST tool
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/generate.yml:9
- Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:18
- Info: no jobLevel write permissions found
Score
4.5
/10
Last Scanned on 2025-01-27T21:27:05Z
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More