file-type
Detects the file type of a file, buffer, or stream by inspecting magic bytes (file header signatures) rather than relying on file extensions. Supports 100+ file types including images, video, audio, documents, archives, and executables. Used in file upload validation, security scanning, and any agent workflow that needs reliable file type detection independent of extension.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Content-based detection is more secure than extension-based — prevents extension spoofing attacks. Use as part of defense-in-depth for file upload validation alongside AV scanning.
⚡ Reliability
Best When
You need reliable file type detection from content (not extension) for validation, security, or routing in agent file processing pipelines.
Avoid When
You only need MIME type by extension — use the mime-types package for extension-to-MIME mapping without binary inspection.
Use Cases
- • Validate file uploads in agent systems by detecting actual file type from content, not the user-supplied file extension
- • Route agent file processing pipelines based on detected content type — detect actual format before choosing the right parser/processor
- • Security scanning of uploaded files to detect mismatched extensions (e.g., .jpg file that is actually an executable)
- • Build format-agnostic agent file ingestion pipelines where input file type is determined by content inspection, not metadata
- • Validate that agent-generated binary outputs are the expected format before sending to downstream consumers
Not For
- • Text file format detection (plain text, Markdown, source code) — magic bytes don't distinguish text formats; use language detection for text
- • Document format parsing — file-type only detects the type, not the content; use format-specific parsers for content extraction
- • Network traffic analysis — file-type works on buffers, not live network streams in the traditional sense
Interface
Authentication
No authentication — local file analysis library.
Pricing
file-type is open source and free.
Agent Metadata
Known Gotchas
- ⚠ file-type 19.x is ESM-only — require('file-type') fails in CommonJS; use dynamic import() or stay on file-type 16.x for CJS compatibility
- ⚠ Returns undefined for unknown types (not an error) — always check if (result) before using result.mime or result.ext
- ⚠ file-type only reads the first portion of the file for magic bytes — very large files are not fully read; streaming API reads the minimum needed for detection
- ⚠ Some file types share magic bytes or have multiple valid signatures — DOCX/XLSX/PPTX are all ZIP files and may be detected as 'application/zip' not the specific Office format
- ⚠ Truncated or corrupted files may return undefined or wrong type — add content validation beyond type detection for production agent upload handling
- ⚠ Text-based formats (CSV, JSON, XML, HTML) are not detectable via magic bytes — file-type returns undefined for plain text formats; use other detection methods
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for file-type.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-06.