nest icon indicating copy to clipboard operation
nest copied to clipboard

Published 20 hours ago • verified publisher icon nestjs

FileTypeValidator can use the wrong version of file-type

Open stevenhair opened this issue 5 months ago • 1 comments
trafficstars

Is there an existing issue for this?

  • [x] I have searched the existing issues

Current behavior

Because the file-type package is ESM-only, FileTypeValidator loads it dynamically:

https://github.com/nestjs/nest/blob/01f762c3361442d620bdea2275ab98f841ac06ec/packages/common/pipes/file/file-type.validator.ts#L75-L76

However, this will load the version of file-type in the root node_modules directory which may be different from the version required by @nestjs/common. Not only can this fail, but it will fail with a cryptic error message. For example:

Validation failed (current file type is application/octet-stream, expected type is application/octet-stream)

In my case, I am using jimp, which uses and older version of file-type. npm decides to hoist the older version to the root node_modules directory.

This should be able to be fixed by setting file-type as a peer dependency. This would cause npm to install the desired version of file-type in the root node_modules directory. Since modern versions of npm install peer dependencies automatically, it shouldn't cause any issues unless a project is directly using an older version of file-type.

Minimum reproduction code

https://github.com/stevenhair/super-duper-pancake

Steps to reproduce

  1. npm ci
  2. npm start
  3. Upload a file with a command like curl http://localhost:3000 -F "file=@<filename here>"
  4. Receive the following error: Validation failed (current file type is application/octet-stream, expected type is /.*/)

Expected behavior

The file validation should succeed and the route should return the success response. You can see the validation pass successfully if you uninstall the older version of file-type.

Package

  • [ ] I don't know. Or some 3rd-party package
  • [x] @nestjs/common
  • [ ] @nestjs/core
  • [ ] @nestjs/microservices
  • [ ] @nestjs/platform-express
  • [ ] @nestjs/platform-fastify
  • [ ] @nestjs/platform-socket.io
  • [ ] @nestjs/platform-ws
  • [ ] @nestjs/testing
  • [ ] @nestjs/websockets
  • [ ] Other (see below)

Other package

No response

NestJS version

11.x.x

Packages versions

[Nest CLI]
Nest CLI Version : 11.0.7

[Nest Platform Information
platform-express version : 11.1.3
schematics version       : 11.0.5
testing version          : 11.1.3
common version           : 11.1.3
core version             : 11.1.3
cli version              : 11.0.7

Node.js version

22.13.1

In which operating systems have you tested?

  • [x] macOS
  • [ ] Windows
  • [ ] Linux

Other

npm version 10.9.2

stevenhair avatar Jun 10 '25 22:06 stevenhair