PHPackages                             arz-cle/mime-guard - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Mail &amp; Notifications](/categories/mail)
4. /
5. arz-cle/mime-guard

ActiveStatamic-addon[Mail &amp; Notifications](/categories/mail)

arz-cle/mime-guard
==================

Statamic addon for granular MIME type management with hierarchical rules

v1.0.0(1mo ago)03MITPHPPHP ^8.2CI passing

Since May 29Pushed 1mo agoCompare

[ Source](https://github.com/arz-cle/mime-guard)[ Packagist](https://packagist.org/packages/arz-cle/mime-guard)[ Docs](https://github.com/arz-cle/mime-guard)[ RSS](/packages/arz-cle-mime-guard/feed)WikiDiscussions main Synced today

READMEChangelogDependencies (4)Versions (2)Used By (0)

MIME Guard
==========

[](#mime-guard)

**Stop trusting file extensions. Validate what's actually inside.**

[![Statamic 6.x](https://camo.githubusercontent.com/a2abfa666de99657d77e706062e589d20feab56fa66306e64a90482496cb54af/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f53746174616d69632d362e782d4646323639453f7374796c653d666c61742d737175617265)](https://statamic.com)[![PHP 8.2+](https://camo.githubusercontent.com/79a45153562afa427f7c043d96579c26c8f02bf3dc9f8c5f2c2ea48904084c57/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048502d382e322b2d3737374242343f7374796c653d666c61742d737175617265)](https://php.net)[![License MIT](https://camo.githubusercontent.com/152aa2a37725b9fd554b28ff24d270f6071c67927a63e6d635a55c8e188e20c7/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c6963656e73652d4d49542d677265656e3f7374796c653d666c61742d737175617265)](LICENSE)[![Tests](https://camo.githubusercontent.com/7e14b3d6cbd006e4103160dde48783ff63a44573c06f322c1ec490cd2bed03d1/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f61727a2d636c652f6d696d652d67756172642f74657374732e796d6c3f6272616e63683d6d61696e266c6162656c3d7465737473267374796c653d666c61742d737175617265)](https://github.com/arz-cle/mime-guard/actions)

---

The problem
-----------

[](#the-problem)

A `.jpg` file can contain PHP code. A `.png` can be a ZIP archive. File extensions are trivial to fake, and Statamic doesn't inspect file contents by default. One malicious upload is all it takes.

MIME Guard reads the actual file bytes to determine what a file really is, then enforces your rules.

Features
--------

[](#features)

- **Real MIME detection** -- uses magic bytes (`finfo`), not file extensions
- **Hierarchical rules** -- Global &gt; Container &gt; Blueprint, most specific wins
- **Wildcards** -- `image/*`, `video/*`, `document/*`, `archive/*`
- **Native CP interface** -- tabs, toggle switches, built with Statamic 6 components
- **Blocked upload logging** -- MIME type, filename, user, and container
- **Secure defaults** -- SVG, PDF, archives, and binaries blocked out of the box

Installation
------------

[](#installation)

```
composer require arz-cle/mime-guard
```

Optionally publish the config file:

```
php artisan vendor:publish --tag=mime-guard-config
```

Quick start
-----------

[](#quick-start)

### Via the Control Panel

[](#via-the-control-panel)

Navigate to **Tools &gt; MIME Guard**. Four tabs let you configure everything visually:

TabPurpose**Global**Block MIME types across all uploads**Containers**Override rules per asset container**Blueprints**Override rules per collection blueprint**Help**Rule hierarchy and wildcard reference### Via config file

[](#via-config-file)

```
// config/mime-guard.php

return [
    'restricted_by_default' => [
        'application/octet-stream',
        'application/zip',
        'image/svg+xml',
        'application/pdf',
    ],

    'containers' => [
        'documents' => [
            'allow' => ['application/pdf'],
        ],
        'gallery' => [
            'allow' => ['image/*'],
            'deny'  => ['image/svg+xml'],
        ],
    ],

    'blueprints' => [
        'products::3d_viewer' => [
            'allow' => ['model/stl', 'model/gltf-binary'],
        ],
    ],

    'logging' => [
        'enabled' => true,
        'channel' => 'stack',
    ],
];
```

How rules work
--------------

[](#how-rules-work)

Rules cascade from general to specific. Each level can `allow`, `deny`, or `inherit: false` to start fresh.

```
Global          Blocks SVG, PDF, ZIP everywhere
  Container     Allows PDF in "documents" container
    Blueprint   Allows STL in "products::3d_viewer" blueprint

```

A type allowed at a more specific level overrides a global block. A type denied at a more specific level overrides a parent allow.

### Wildcards

[](#wildcards)

PatternMatches`image/*`JPEG, PNG, GIF, WebP, SVG, etc.`video/*`MP4, WebM, QuickTime, etc.`document/*`PDF, Word, Excel, PowerPoint, TXT, RTF`archive/*`ZIP, RAR, 7Z, TAR, GZIPRequirements
------------

[](#requirements)

DependencyVersionStatamic6.xPHP8.2+Laravel11.x / 12.xLicense
-------

[](#license)

MIT -- see [LICENSE](LICENSE) for details.

Built by [Clement Arzoumanian](https://arzoumanian.fr) for [Statamic](https://statamic.com).

###  Health Score

39

—

LowBetter than 84% of packages

Maintenance93

Actively maintained with recent releases

Popularity3

Limited adoption so far

Community6

Small or concentrated contributor base

Maturity46

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Unknown

Total

1

Last Release

36d ago

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/41111840?v=4)[Arzou](/maintainers/arz-cle)[@arz-cle](https://github.com/arz-cle)

---

Top Contributors

[![arz-cle](https://avatars.githubusercontent.com/u/41111840?v=4)](https://github.com/arz-cle "arz-cle (19 commits)")

---

Tags

validationsecuritymimemime-typeuploadassetsstatamicfile-uploadStatamic addon

###  Code Quality

TestsPest

Code StyleLaravel Pint

### Embed Badge

![Health badge](/badges/arz-cle-mime-guard/health.svg)

```
[![Health](https://phpackages.com/badges/arz-cle-mime-guard/health.svg)](https://phpackages.com/packages/arz-cle-mime-guard)
```

###  Alternatives

[symfony/mime

Allows manipulating MIME messages

2.8k716.9M1.4k](/packages/symfony-mime)[siriusphp/upload

Framework agnostic upload library

228591.9k8](/packages/siriusphp-upload)[fileeye/mimemap

A PHP library to handle MIME Content-Type fields and their related file extensions.

269.9M19](/packages/fileeye-mimemap)[rosell-dk/image-mime-type-guesser

Guess mime type of images

108.9M6](/packages/rosell-dk-image-mime-type-guesser)[silverstripe/mimevalidator

Checks uploaded file content roughly matches a known MIME type for the file extension.

102.2M12](/packages/silverstripe-mimevalidator)[martian/spammailchecker

A laravel package that protect users from entering non-existing/spam email addresses.

412.1k](/packages/martian-spammailchecker)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
