{"id":36214837,"url":"https://github.com/flutterdude/file_signature","last_synced_at":"2026-01-13T22:54:00.385Z","repository":{"id":331770275,"uuid":"1126123315","full_name":"flutterdude/file_signature","owner":"flutterdude","description":"A pure Dart security utility that validates files by checking Magic Byte signatures. Prevents rename attacks (e.g. .exe as .png).","archived":false,"fork":false,"pushed_at":"2026-01-01T09:13:42.000Z","size":372,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-01-11T10:37:03.907Z","etag":null,"topics":["dart","file-validation","flutter","magic-numbers","security"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/flutterdude.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-01-01T06:54:45.000Z","updated_at":"2026-01-01T09:41:48.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/flutterdude/file_signature","commit_stats":null,"previous_names":["flutterdude/file_signature"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/flutterdude/file_signature","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flutterdude%2Ffile_signature","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flutterdude%2Ffile_signature/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flutterdude%2Ffile_signature/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flutterdude%2Ffile_signature/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/flutterdude","download_url":"https://codeload.github.com/flutterdude/file_signature/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flutterdude%2Ffile_signature/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28400412,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-13T14:36:09.778Z","status":"ssl_error","status_checked_at":"2026-01-13T14:35:19.697Z","response_time":56,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dart","file-validation","flutter","magic-numbers","security"],"created_at":"2026-01-11T04:43:05.718Z","updated_at":"2026-01-13T22:54:00.364Z","avatar_url":"https://github.com/flutterdude.png","language":"C++","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://raw.githubusercontent.com/flutterdude/file_signature/main/doc/file_signature_banner.png\" alt=\"File Signature Pub Banner\"\u003e\n\u003c/p\u003e\n\n# File Signature 🛡️\n[![pub package](https://img.shields.io/pub/v/file_signature.svg)](https://pub.dev/packages/file_signature)\n[![likes](https://img.shields.io/pub/likes/file_signature?logo=dart)](https://pub.dev/packages/file_signature/score)\n[![style: lint](https://img.shields.io/badge/style-lint-4BC0F5.svg)](https://pub.dev/packages/flutter_lints)\n[![license](https://img.shields.io/badge/License-MIT-007AFF)](https://github.com/flutterdude/file_signature/blob/main/LICENSE)\n\n**Don't trust the file extension. Trust the bits.**\n\n`file_signature` is a pure Dart security utility that validates files by checking their **Magic Bytes** (Hex Signatures). It prevents \"Rename Attacks\" (e.g., renaming `malware.exe` to `image.png`) and works universally on **Mobile, Web, and Desktop**.\n\n### Supported Formats\n\n**Images** \u003cbr\u003e\n\u003cimg src=\"https://img.shields.io/badge/PNG-007AFF?style=for-the-badge\" alt=\"PNG\"\u003e \u003cimg src=\"https://img.shields.io/badge/JPEG-007AFF?style=for-the-badge\" alt=\"JPEG\"\u003e \u003cimg src=\"https://img.shields.io/badge/GIF-007AFF?style=for-the-badge\" alt=\"GIF\"\u003e \u003cimg src=\"https://img.shields.io/badge/WEBP-007AFF?style=for-the-badge\" alt=\"WEBP\"\u003e \u003cimg src=\"https://img.shields.io/badge/BMP-007AFF?style=for-the-badge\" alt=\"BMP\"\u003e \u003cimg src=\"https://img.shields.io/badge/HEIC-007AFF?style=for-the-badge\" alt=\"HEIC\"\u003e\n\n**Documents \u0026 Archives** \u003cbr\u003e\n\u003cimg src=\"https://img.shields.io/badge/PDF-7209B7?style=for-the-badge\" alt=\"PDF\"\u003e \u003cimg src=\"https://img.shields.io/badge/ZIP-7209B7?style=for-the-badge\" alt=\"ZIP\"\u003e\n\n**Video** \u003cbr\u003e\n\u003cimg src=\"https://img.shields.io/badge/MP4-009688?style=for-the-badge\" alt=\"MP4\"\u003e \u003cimg src=\"https://img.shields.io/badge/MOV-009688?style=for-the-badge\" alt=\"MOV\"\u003e\n\n**Blocked Threats** \u003cbr\u003e\n\u003cimg src=\"https://img.shields.io/badge/EXE-D00000?style=for-the-badge\" alt=\"EXE\"\u003e \u003cimg src=\"https://img.shields.io/badge/ELF-D00000?style=for-the-badge\" alt=\"ELF\"\u003e \u003cimg src=\"https://img.shields.io/badge/MACH--O-D00000?style=for-the-badge\" alt=\"MACH-O\"\u003e\n\n---\n## 🚀 Features\n\n* **🔒 Security First:** Validates the actual binary header, not the text extension.\n* **⚡ Zero-Allocation Streams:** Intercepts and guards large file uploads (GBs) without loading them into RAM.\n* **🌐 Universal:** Works on **Android, iOS, Web, macOS, Windows, and Linux**.\n* **📦 Lightweight:** Zero dependencies on native code.\n\n## 📦 Installation\n\n```yaml\ndependencies:\n  file_signature: ^1.0.0\n```\n---\n\n## 🛠️ Usage\n\n### 1. The Standard Check (`XFile`)\nIdeal for `image_picker` or `file_selector`. It reads only the first 32 bytes.\n\n```dart\nimport 'package:file_signature/file_signature.dart';\n\nFuture\u003cvoid\u003e uploadAvatar(XFile file) async {\n  try {\n    // Validates that the file is genuinely a PNG or JPEG\n    await FileSignature.guard(\n      file,\n      allowed: [FileFormat.png, FileFormat.jpeg],\n    );\n    \n    // If code reaches here, the file is safe!\n    print(\"File verified.\");\n  } on SecurityException catch (e) {\n    print(\"Blocked: ${e.message}\");\n  }\n}\n```\n\n### 2. The Stream Interceptor (\"Middleware\")\nIdeal for large uploads (Video/PDF) or network piping. It peeks at the header and kills the stream if it's malicious.\n\n```dart\nFuture\u003cvoid\u003e secureUpload(Stream\u003cList\u003cint\u003e\u003e dangerousStream) async {\n  try {\n    // This returns a safe stream. \n    // If the header is bad, the stream emits an error immediately.\n    final safeStream = FileSignature.guardStream(\n      dangerousStream,\n      allowed: [FileFormat.pdf],\n    );\n\n    // Pass 'safeStream' to Dio, HTTP, or AWS S3\n    await Dio().post('[https://api.com/upload](https://api.com/upload)', data: safeStream);\n    \n  } on SecurityException catch (e) {\n    print(\"Malware upload attempt blocked!\");\n  }\n}\n```\n\n### 3. Memory Check (`Uint8List`)\nIdeal for clipboard data or Base64 strings.\n```dart\nvoid checkClipboard(Uint8List data) {\n  if (FileSignature.isValid(data, allowed: [FileFormat.png])) {\n    print(\"Valid Image\");\n  }\n}\n```\n### 🛡️ Supported Formats\nWe support the most critical formats for upload security:\n\n| Category   | Formats                               |\n|------------|----------------------------------------|\n| Images     | PNG, JPEG, GIF, WebP, BMP              |\n| Documents  | PDF                                    |\n| Archives   | ZIP (covers DOCX, APK, JAR, etc.)       |\n| Blocklist  | EXE, ELF, Mach-O (Executables)          |\n\n\n### ❓FAQ\nQ: Why not just check file.path.endsWith('.png')? A: Because anyone can rename virus.exe to virus.png. The OS will hide the extension, but the file is still an executable. file_signature reads the actual binary header (e.g., 89 50 4E 47) to confirm the type.\n\nQ: Does this download the whole file? A: No. It uses Dart's openRead(0, 32) to fetch only the first 32 bytes. Validating a 10GB video takes milliseconds.\n\nQ: Does it work on Web? A: Yes. It fully supports Blob slicing on the web.\n\n### 🤝 Contributing\nFound a new magic byte signature? PRs are welcome! ensuring the package remains lightweight is our priority.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fflutterdude%2Ffile_signature","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fflutterdude%2Ffile_signature","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fflutterdude%2Ffile_signature/lists"}