New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

c2pa-node

Package Overview
Dependencies
Maintainers
1
Versions
33
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

c2pa-node

Node.js bindings for C2PA

latest
Source
npmnpm
Version
0.5.26
Version published
Weekly downloads
1.8K
-33.13%
Maintainers
1
Weekly downloads
 
Created
Source

C2PA Node.js library

The c2pa-node repository implements a Node.js API that can:

  • Read and validate C2PA data from media files in supported formats.
  • Add signed manifests to media files in supported formats.

For more information on using the library in an application, see Using the CAI Node library.

WARNING: This is an early prerelease version of this library. There may be bugs and unimplemented features, and the API is subject to change.

For the best experience, read the docs on the CAI Open Source SDK documentation website. Some additional documentation for this repository is also available on GitHub:

Prerequisites

To use the C2PA Node library, you must install:

If you need to manage multiple versions of Node on your machine, use a tool such as nvm.

Installation

Installing for use in a client app

Using npm:

$ npm install c2pa-node

Using Yarn:

$ yarn add c2pa-node

Using pnpm:

$ pnpm add c2pa-node

This command will download precompiled binaries for the following systems:

  • Linux x86_64
  • Linux aarch64 (ARM)
  • macOS aarch64 (Apple Silicon)
  • macOS x86_64 (Intel Mac)
  • Windows x86
  • Windows ARM

All other platforms require building a custom binary as described below, since the postinstall step builds the Rust library into a native Node.js module on your machine.

Building custom binaries

For a platform or architecture that does not have a precompiled binary, you must pre-build a custom binary by following these steps:

cd c2pa-node
pnpm install
pnpm build:rust
  • Copy the binary to a place that is accessible by your application (in this example, it is /path/to/my/application/resources):
cd /path/to/my/application
mkdir resources
cp /path/to/c2pa-node/generated/c2pa.node resources/c2pa.node
  • Set the the C2PA_LIBRARY_PATH environment variable to the path to the c2pa.node module by entering these commands:
export C2PA_LIBRARY_PATH=resources/c2pa.node
npm install c2pa-node
npm start

Important: C2PA_LIBRARY_PATH must be set while both installing or adding c2pa-node to your app to avoid building the Rust code. It must also be set while running your app so that it loads the bindings from the correct location.

Keywords

c2pa

FAQs

Package last updated on 16 Aug 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Security News

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.

By Sarah Gooding  -  Apr 03, 2026