npm - @nestjs/common - Versions diffs - 11.0.19 → 11.0.21 - Mend

@nestjs/common 11.0.19 → 11.0.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/package.json +2 -1
package/pipes/file/file-type.validator.d.ts +5 -0
package/pipes/file/file-type.validator.js +31 -6

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@nestjs/common",
-  "version": "11.0.19",
+  "version": "11.0.21",
   "description": "Nest - modern, fast, powerful node.js web framework (@common)",
   "author": "Kamil Mysliwiec",
   "homepage": "https://nestjs.com",
@@ -20,6 +20,7 @@
   "dependencies": {
     "file-type": "20.4.1",
     "iterare": "1.2.1",
+    "load-esm": "1.0.2",
     "tslib": "2.8.1",
     "uid": "2.0.2"
   },

package/pipes/file/file-type.validator.d.ts CHANGED Viewed

@@ -8,6 +8,11 @@ export type FileTypeValidatorOptions = {
      * @default false
      */
     skipMagicNumbersValidation?: boolean;
+    /**
+     * If `true`, and magic number check fails, fallback to mimetype comparison.
+     * @default false
+     */
+    fallbackToMimetype?: boolean;
 };
 /**
  * Defines the built-in FileTypeValidator. It validates incoming files by examining

package/pipes/file/file-type.validator.js CHANGED Viewed

@@ -2,6 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.FileTypeValidator = void 0;
 const file_validator_interface_1 = require("./file-validator.interface");
+const load_esm_1 = require("load-esm");
 /**
  * Defines the built-in FileTypeValidator. It validates incoming files by examining
  * their magic numbers using the file-type package, providing more reliable file type validation
@@ -13,26 +14,50 @@ const file_validator_interface_1 = require("./file-validator.interface");
  */
 class FileTypeValidator extends file_validator_interface_1.FileValidator {
     buildErrorMessage(file) {
+        const expected = this.validationOptions.fileType;
         if (file?.mimetype) {
-            return `Validation failed (current file type is ${file.mimetype}, expected type is ${this.validationOptions.fileType})`;
+            const baseMessage = `Validation failed (current file type is ${file.mimetype}, expected type is ${expected})`;
+            /**
+             * If fallbackToMimetype is enabled, this means the validator failed to detect the file type
+             * via magic number inspection (e.g. due to an unknown or too short buffer),
+             * and instead used the mimetype string provided by the client as a fallback.
+             *
+             * This message clarifies that fallback logic was used, in case users rely on file signatures.
+             */
+            if (this.validationOptions.fallbackToMimetype) {
+                return `${baseMessage} - magic number detection failed, used mimetype fallback`;
+            }
+            return baseMessage;
         }
-        return `Validation failed (expected type is ${this.validationOptions.fileType})`;
+        return `Validation failed (expected type is ${expected})`;
     }
     async isValid(file) {
         if (!this.validationOptions) {
             return true;
         }
         const isFileValid = !!file && 'mimetype' in file;
+        // Skip magic number validation if set
         if (this.validationOptions.skipMagicNumbersValidation) {
             return (isFileValid && !!file.mimetype.match(this.validationOptions.fileType));
         }
-        if (!isFileValid || !file.buffer) {
+        if (!isFileValid || !file.buffer)
             return false;
-        }
         try {
-            const { fileTypeFromBuffer } = (await eval('import ("file-type")'));
+            const { fileTypeFromBuffer } = await (0, load_esm_1.loadEsm)('file-type');
             const fileType = await fileTypeFromBuffer(file.buffer);
-            return (!!fileType && !!fileType.mime.match(this.validationOptions.fileType));
+            if (fileType) {
+                // Match detected mime type against allowed type
+                return !!fileType.mime.match(this.validationOptions.fileType);
+            }
+            /**
+             * Fallback logic: If file-type cannot detect magic number (e.g. file too small),
+             * Optionally fall back to mimetype string for compatibility.
+             * This is useful for plain text, CSVs, or files without recognizable signatures.
+             */
+            if (this.validationOptions.fallbackToMimetype) {
+                return !!file.mimetype.match(this.validationOptions.fileType);
+            }
+            return false;
         }
         catch {
             return false;