Installations
npm install mimeScore
99.7
Supply Chain
99.5
Quality
79.8
Maintenance
100
Vulnerability
100
License
Releases
Unable to fetch releases
Contributors
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4){kind=avatar}
Developer
broofa
Developer Guide
Module System
ESM
Min. Node Version
>=16
Typescript Support
Yes
Node Version
20.12.2
NPM Version
10.5.0
Statistics
2,187 Stars
390 Commits
319 Forks
21 Watching
3 Branches
49 Contributors
Updated on 28 Nov 2024
Bundle Size
37.54 kB
Minified
10.90 kB
Minified + Gzipped
Languages
TypeScript (68.34%)
JavaScript (30.43%)
Shell (1.23%)
Total Downloads
Cumulative downloads
Total Downloads
14,101,066,691
Last day
-5.9%
12,455,050
Compared to previous day
Last week
2.6%
72,479,874
Compared to previous week
Last month
8.8%
299,826,184
Compared to previous month
Last year
9.1%
3,152,069,036
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Mime
An API for MIME type information.
- All
mime-dbtypes - Compact and dependency-free
- Full TS support
[!Note]
mime@4is nowlatest. If you're upgrading frommime@3, note the following:
mime@4is API-compatible withmime@3, withonetwo exceptions:
- Direct imports of
mimeproperties no longer supportedmime.define()cannot be called on the defaultmimeobject- ESM module support is required. ESM Module FAQ.
- Requires an ES2020 or newer runtime
- Built-in Typescript types (
@types/mimeno longer needed)
Installation
1npm install mime
Quick Start
For the full version (800+ MIME types, 1,000+ extensions):
1import mime from 'mime'; 2 3mime.getType('txt'); // ⇨ 'text/plain' 4mime.getExtension('text/plain'); // ⇨ 'txt'
Lite Version 
mime/lite is a drop-in mime replacement, stripped of unofficial ("prs.*", "x-*", "vnd.*") types:
1import mime from 'mime/lite';
API
mime.getType(pathOrExtension)
Get mime type for the given file path or extension. E.g.
1mime.getType('js'); // ⇨ 'text/javascript' 2mime.getType('json'); // ⇨ 'application/json' 3 4mime.getType('txt'); // ⇨ 'text/plain' 5mime.getType('dir/text.txt'); // ⇨ 'text/plain' 6mime.getType('dir\\text.txt'); // ⇨ 'text/plain' 7mime.getType('.text.txt'); // ⇨ 'text/plain' 8mime.getType('.txt'); // ⇨ 'text/plain'
null is returned in cases where an extension is not detected or recognized
1mime.getType('foo/txt'); // ⇨ null 2mime.getType('bogus_type'); // ⇨ null
mime.getExtension(type)
Get file extension for the given mime type. Charset options (often included in Content-Type headers) are ignored.
1mime.getExtension('text/plain'); // ⇨ 'txt' 2mime.getExtension('application/json'); // ⇨ 'json' 3mime.getExtension('text/html; charset=utf8'); // ⇨ 'html'
mime.getAllExtensions(type)
[!Note] New in
mime@4
Get all file extensions for the given mime type.
1mime.getAllExtensions('image/jpeg'); // ⇨ Set(3) { 'jpeg', 'jpg', 'jpe' }
Custom Mime instances
The default mime objects are immutable. Custom, mutable versions can be created as follows...
new Mime(type map [, type map, ...])
Create a new, custom mime instance. For example, to create a mutable version of the default mime instance:
1import { Mime } from 'mime/lite'; 2 3import standardTypes from 'mime/types/standard.js'; 4import otherTypes from 'mime/types/other.js'; 5 6const mime = new Mime(standardTypes, otherTypes);
Each argument is passed to the define() method, below. For example new Mime(standardTypes, otherTypes) is synonomous with new Mime().define(standardTypes).define(otherTypes)
mime.define(type map [, force = false])
[!Note] Only available on custom
Mimeinstances
Define MIME type -> extensions.
Attempting to map a type to an already-defined extension will throw unless the force argument is set to true.
1mime.define({'text/x-abc': ['abc', 'abcd']}); 2 3mime.getType('abcd'); // ⇨ 'text/x-abc' 4mime.getExtension('text/x-abc') // ⇨ 'abc'
Command Line
Extension -> type
1$ mime scripts/jquery.js 2text/javascript
Type -> extension
1$ mime -r image/jpeg 2jpeg
Stable Version
The latest stable version of the package.
Stable Version
4.0.4
HIGH
2
7.5/10
Summary
mime Regular Expression Denial of Service when MIME lookup performed on untrusted user input
Affected Versions
>= 2.0.0, < 2.0.3
Patched Versions
2.0.3
7.5/10
Summary
mime Regular Expression Denial of Service when MIME lookup performed on untrusted user input
Affected Versions
< 1.4.1
Patched Versions
1.4.1
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
2 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Reason
dependency not pinned by hash detected -- score normalized to 2
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/broofa/mime/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/broofa/mime/ci.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: test/exports_test.sh:17
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 1 out of 2 npmCommand dependencies pinned
Reason
Found 1/29 approved changesets -- score normalized to 0
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 6 are checked with a SAST tool
Score
3.7
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More