From 89f86caf69db0600a207aee075361f8a6801253b Mon Sep 17 00:00:00 2001
From: Lauri Ojansivu <x@xet7.org>
Date: Thu, 12 Mar 2026 04:29:49 +0200
Subject: [PATCH] Replaced incompatible file-type with mime-type.

Thanks to xet7 !
---
 models/fileValidation.js | 19 +++++++++++++++++--
 package.json             |  1 -
 2 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/models/fileValidation.js b/models/fileValidation.js
index bc026a0b2..4f6a5078a 100644
--- a/models/fileValidation.js
+++ b/models/fileValidation.js
@@ -2,7 +2,6 @@ import { Meteor } from 'meteor/meteor';
 import { exec } from 'node:child_process';
 import { promisify } from 'node:util';
 import fs from 'fs';
-import FileType from 'file-type';
 
 let asyncExec;
 
@@ -10,6 +9,22 @@ if (Meteor.isServer) {
   asyncExec = promisify(exec);
 }
 
+async function detectMimeFromFile(filePath) {
+  if (!Meteor.isServer) return undefined;
+
+  try {
+    const escapedPath = String(filePath).replace(/"/g, '\\"');
+    const { stdout } = await asyncExec(`file --mime-type -b "${escapedPath}"`);
+    const mime = (stdout || '').trim().toLowerCase();
+    if (!mime) return undefined;
+    return { mime };
+  } catch (e) {
+    // Fall through to filename/type fallback handled by caller.
+  }
+
+  return undefined;
+}
+
 export async function isFileValid(fileObj, mimeTypesAllowed, sizeAllowed, externalCommandLine) {
   let isValid = true;
   // Always validate uploads. The previous migration flag disabled validation and enabled XSS.
@@ -78,7 +93,7 @@ export async function isFileValid(fileObj, mimeTypesAllowed, sizeAllowed, extern
     };
 
     // Detect MIME type from file content when possible
-    const mimeTypeResult = await FileType.fromFile(fileObj.path).catch(() => undefined);
+    const mimeTypeResult = await detectMimeFromFile(fileObj.path);
     const detectedMime = mimeTypeResult?.mime || (fileObj.type || '').toLowerCase();
     const baseMimeType = detectedMime.split('/', 1)[0] || '';
 
diff --git a/package.json b/package.json
index 7c5833bca..91a4ae595 100644
--- a/package.json
+++ b/package.json
@@ -37,7 +37,6 @@
     "es6-promise": "^4.2.4",
     "escape-string-regexp": "^5.0.0",
     "fibers": "^5.0.3",
-    "file-type": "^21.3.1",
     "filesize": "^8.0.7",
     "hotkeys-js": "^3.13.15",
     "i18next": "^21.10.0",