Gathering detailed insights and metrics for mime-types
Gathering detailed insights and metrics for mime-types
The ultimate javascript content-type utility.
Installations
npm install mime-typesScore
99.2
Supply Chain
99.5
Quality
82.5
Maintenance
100
Vulnerability
100
License
Developer
jshttp
Developer Guide
BETA
Module System
Unable to determine the module system for this package.
Min. Node Version
>= 0.6
Typescript Support
No
Node Version
16.14.0
NPM Version
8.3.1
Statistics
1,336 Stars
486 Commits
129 Forks
23 Watching
3 Branches
29 Contributors
Updated on 27 Nov 2024
Bundle Size
144.15 kB
Minified
21.36 kB
Minified + Gzipped
Languages
JavaScript (100%)
Total Downloads
Cumulative downloads
Total Downloads
12,080,368,688
Last day
-0.9%
12,287,038
Compared to previous day
Last week
4.8%
68,124,340
Compared to previous week
Last month
18.2%
268,029,066
Compared to previous month
Last year
7.3%
2,632,336,945
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
mime-types
The ultimate javascript content-type utility.
Similar to the mime@1.x module, except:
- No fallbacks. Instead of naively returning the first available type,
mime-typessimply returnsfalse, so dovar type = mime.lookup('unrecognized') || 'application/octet-stream'. - No
new Mime()business, so you could dovar lookup = require('mime-types').lookup. - No
.define()functionality - Bug fixes for
.lookup(path)
Otherwise, the API is compatible with mime 1.x.
Install
This is a Node.js module available through the
npm registry. Installation is done using the
npm install command:
1$ npm install mime-types
Note on MIME Type Data and Semver
This package considers the programmatic api as the semver compatibility. Additionally, the package which provides the MIME data
for this package (mime-db) also considers it's programmatic api as the semver contract. This means the MIME type resolution is not considered
in the semver bumps.
In the past the version of mime-db was pinned to give two decision points when adopting MIME data changes. This is no longer true. We still update the
mime-db package here as a minor release when necessary, but will use a ^ range going forward. This means that if you want to pin your mime-db data
you will need to do it in your application. While this expectation was not set in docs until now, it is how the pacakge operated, so we do not feel this is
a breaking change.
If you wish to pin your mime-db version you can do that with overrides via your package manager of choice. See their documentation for how to correctly configure that.
Adding Types
All mime types are based on mime-db, so open a PR there if you'd like to add mime types.
API
1var mime = require('mime-types')
All functions return false if input is invalid or not found.
mime.lookup(path)
Lookup the content-type associated with a file.
1mime.lookup('json') // 'application/json' 2mime.lookup('.md') // 'text/markdown' 3mime.lookup('file.html') // 'text/html' 4mime.lookup('folder/file.js') // 'application/javascript' 5mime.lookup('folder/.htaccess') // false 6 7mime.lookup('cats') // false
mime.contentType(type)
Create a full content-type header given a content-type or extension.
When given an extension, mime.lookup is used to get the matching
content-type, otherwise the given content-type is used. Then if the
content-type does not already have a charset parameter, mime.charset
is used to get the default charset and add to the returned content-type.
1mime.contentType('markdown') // 'text/x-markdown; charset=utf-8'
2mime.contentType('file.json') // 'application/json; charset=utf-8'
3mime.contentType('text/html') // 'text/html; charset=utf-8'
4mime.contentType('text/html; charset=iso-8859-1') // 'text/html; charset=iso-8859-1'
5
6// from a full path
7mime.contentType(path.extname('/path/to/file.json')) // 'application/json; charset=utf-8'mime.extension(type)
Get the default extension for a content-type.
1mime.extension('application/octet-stream') // 'bin'
mime.charset(type)
Lookup the implied default charset of a content-type.
1mime.charset('text/markdown') // 'UTF-8'
var type = mime.types[extension]
A map of content-types by extension.
[extensions...] = mime.extensions[type]
A map of extensions by content-type.
License
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
0 existing vulnerabilities detected
Reason
8 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 6
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/jshttp/.github/SECURITY.md:1
- Warn: no linked content found
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/jshttp/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/jshttp/.github/SECURITY.md:1
Reason
Found 6/26 approved changesets -- score normalized to 2
Reason
dependency not pinned by hash detected -- score normalized to 2
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/jshttp/mime-types/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/jshttp/mime-types/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/jshttp/mime-types/ci.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:65
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:69
- Info: 3 out of 4 GitHub-owned GitHubAction dependencies pinned
- Info: 1 out of 3 third-party GitHubAction dependencies pinned
- Info: 0 out of 2 npmCommand dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:18
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 11 are checked with a SAST tool
Score
4.6
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More