Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
ngx-extended-pdf-silicon-valley-viewer
Advanced tools
Embedding PDF files in your Angular application. Highly configurable viewer including the toolbar, sidebar, and all the features you're used to.
This library provides an embeddable PDF viewer component. It's different from other approaches like ng2-pdf-viewer in that it shows the full suite of UI widgets. In other words, it strongly resembles the PDF viewer of your browser:
npm add ngx-extended-pdf-viewer
and accept all the defaults<ngx-extended-pdf-viewer [src]="'assets/example.pdf'"></ngx-extended-pdf-viewer>
Version 20.0.2 is a security fix. It solves CVE-2024-4367. I strongly recommend updating to the latest version of ngx-extended-pdf-viewer as soon as possible, or to version 20.0.2 as a minimum. Older versions contain a bug allowing malicious PDF files to run arbitrary code. Kudos go to GitHub users ScratchPDX and Deepak Shakya to tell me about it, so I could provide a hotfix during my vacations.
Version 21 is a major refactoring. The new version reduces the memory footprint and start-up times. I consider it a major progress: now the architecture is significantly cleaner. It's still work in progress, but you should notice the difference.
If you're using Content Security Policy (CSP), you might want to follow issue 2362. Earlier versions of the viewer offered a makeshift support of CSP. I hope to come up with a much cleaner solution soon.
Let's have a look at the changes in more detail. Version 21
Version 21 contains several breaking changes. The good news is that I assume the vast majority of developers won't even notice. These breaking changes are:
window.PDFViewerApplication
is now undefined. Earlier versions of the viewer stored many attributes, objects, and functions in the global namespace (i.e. globalThis
or window
). Many of these attributes have already migrated to PDFScriptLoaderService.PDFViewerApplication
. If you need the PDFViewerApplication
, you can get it from the PdfNoticationService
.window
object.recalculateSize$
and onPDFJSInit
are gone. You can use ``onPDFJSInitSignalto replace
onPDFJSInit. I suspect nobody uses
recalculateSize$`, so I didn't implement a replacement yet.[showXXX]
attributes.Basically, version 20.5.0 updates to pdf.js 4.3 and solves some memory leak issues. However, that turned out to be a major task, involving a major rewrite of the initialization of the library.
Breaking changes:
pdfDefaultOptions.assetsFolder
are temporarily broken. I've fixed this in version 21.0.0-alpha.2, but more likely than not I won't be able to publish the bugfix in a 20.5.x version.window.PDFViewerApplication
to be available early, you might see errors. Starting with version 20.5.0, the recommended approach is to listen to the signal PDFNotificationService.onPDFJSInitSignal()
. When the viewer is initialized, the signal fires and sends the references to PDFViewerApplication
and a few other resources. After receiving this signal, you can safely use the PDFViewerApplication
sent by the signal. When the viewer is destroy, the signal fires again, this time sending undefined
to indicate you must stop using PDFViewerApplication
. The next time the viewer initializes, the signal fires again, this time passing the reference to the new instance of PDFViewerApplication
.ngxConsoleFilter
, now you have to register it later. You can safely register the method when PDFNotificationService.onPDFJSInit
is fired. However, this event is subject to change, too - if everything goes according to plan, version 21 is going to replace this Observable
by a Signal
.There's also a detailed changelog.
There's a showcase at https://pdfviewer.net. Check this page for live demos, source code examples, and a handbook.
Would you like to participate in a popular open source-project? It's easy: just open a ticket so we can discuss the change, create a fork, and send me a pull request. Contributions to the showcase are as welcome as contributions to the core library.
Not to mention the ability to display PDF files, running on a customized version of Mozilla's pdf.js 4.5, released in late July 2024.
Even I have to admit my pet project doesn't match every requirement. There are several alternatives out there. Feel free to expand the description to learn what other developers have in store for you:
There's also a direct counterpart to my library: ng2-pdfjs-viewer. As far as I can see, it's also a good library. As of Augst 2024, it's running on PDF.js 2.2.171. It wraps the PDF viewer in an iFrame. That's a more reliable approach, but it also offers fewer options. The list of attributes is shorter, and the PDF viewer can't emit events to your application. If you're not happy with my library, check out ng2-pdfjs-viewer. It's a good library, too. Its unique selling point is displaying multiple PDF files simultaneously on the same page.
You might also try to use the native PDF viewer of your browser. That's a valid approach. It's even the preferred approach. However, ngx-extended-pdf-viewer
gives you a wide range of options that aren't available using the native API.
As a rule of thumb, I recommend cloning the showcase project from GitHub to get familiar with the library. It's a standard Angular CLI application, so you'll get it up and running in less than ten minutes. It's a good starting point to do your experiments. Maybe even more important: you'll learn whether the library works on your machine. (Of course, it does, but it's always good to double-check!)
Currently, the minimum required version is Angular 16. The idea is to support the four most current versions of Angular, which gives you roughly two years to update. However, supporting so many versions isn't always possible.
If you're running a non-standard configuration, have a look at the getting-started page" of the showcase.
See the attribute list on the showcase and the list of default options page. The lists have become too long to put them here: 87 @Input()
attributes, 25 event emitters, and 50 default options, give or take a few.
Missing a configuration option? File an issue on the project bug tracker. If your request makes sense to me and if I can implement it in my (limited) leisure time, I'll add it. BTW, you can speed up the process by providing a code snippet telling me how to implement the feature or by submitting a pull request.
The service NgxExtendedPdfViewerService
offers a programmatic API for searching, printing, dealing with layers, and scrolling within the page.
Pull requests and bug reports are welcome. Please send them to the bug tracker of the project page: https://github.com/stephanrauh/ngx-extended-pdf-viewer/issues
Have a look at this walkthrough.
The license of the ngx-extended-pdf-viewer
is the Apache V2 license.
The library is based on https://github.com/mozilla/pdf.js, which has been published under an Apache V2 license.
Some of the default icons have been published under a SIL Open Font License 1.1 license at Material Design Icons. The other icons have either been published under an Apache V2 license by Google or by the pdf.js team at Mozilla.
Thanks to the awesome pdf.js team and all the users who've reported bugs and even sent me pull requests!
Reluctantly, I have to drop support for Internet Explorer 11. The base library, Mozilla's pdf.js, now generates binaries no longer compatible with Internet Explorer 11, and it seems there's no easy fix. That's a pity because IE11 support was the original use-case of the library and because I frequently get messages from developers who need IE11 support. The last version known to be compatible is 5.3. Version 7.3.2 should be compatible, too, but a user reported crashes.
FAQs
Embedding PDF files in your Angular application. Highly configurable viewer including the toolbar, sidebar, and all the features you're used to.
The npm package ngx-extended-pdf-silicon-valley-viewer receives a total of 122 weekly downloads. As such, ngx-extended-pdf-silicon-valley-viewer popularity was classified as not popular.
We found that ngx-extended-pdf-silicon-valley-viewer demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.