Validate XZ Files: Magic Bytes & Python/Node Examples | FileSignature

Magic Bytes

Offset: 0


            FD 37 7A 58 5A 00

The XZ archive file is a lossless data compression format developed by the Tukaani Project and maintained within the XZ Utils software suite. It is primarily used for distributing software packages, source code, and Linux kernel images due to the high compression ratios provided by the LZMA2 algorithm. While the format is inherently safe, an upstream supply chain compromise was identified in the build tools in 2024, highlighting the need for rigorous software verification.

Extension

.xz

MIME Type

application/x-xz

Byte Offset

0

Risk Level

Safe

Validation Code

How to validate .xz files in Python

Python

def is_xz(file_path: str) -> bool:
    """Check if file is a valid XZ by magic bytes."""
    signature = bytes([0xFD, 0x37, 0x7A, 0x58, 0x5A, 0x00])
    with open(file_path, "rb") as f:
        return f.read(6) == signature

How to validate .xz files in Node.js

Node.js

function isXZ(buffer: Buffer): boolean {
  const signature = Buffer.from([0xFD, 0x37, 0x7A, 0x58, 0x5A, 0x00]);
  return buffer.subarray(0, 6).equals(signature);
}

Go

func IsXZ(data []byte) bool {
    signature := []byte{0xFD, 0x37, 0x7A, 0x58, 0x5A, 0x00}
    if len(data) < 6 {
        return false
    }
    return bytes.Equal(data[:6], signature)
}

API Endpoint

GET /api/v1/xz


              curl https://filesignature.org/api/v1/xz

Magic Bytes

Validation Code

How to validate .xz files in Python

How to validate .xz files in Node.js

API Endpoint

Related Formats