Security News
MCP Community Begins Work on Official MCP Metaregistry
The MCP community is launching an official registry to standardize AI tool discovery and let agents dynamically find and install MCP servers.
By Sarah Gooding - May 09, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
node-qpdf
A very simple wrapper for qpdf which is a content-preserving transformations on PDF files. It includes encrypting and decrypting PDF with AES 256, AES 128, RC4 (128 & 40) encryption algorithms.
Dependencies
Installation
- Install qpdf:
- Download qpdf
- Read qpdf manual for installation instructions.
- Install node-qpdf:
npm install node-qpdf
Encryption
You can encrypt your PDF by following:
var qpdf = require('node-qpdf');
var options = {
keyLength: 128,
password: 'YOUR_PASSWORD_TO_ENCRYPT'
}
qpdf.encrypt(localFilePath, options);
Options for Encryption
The following are required options
keyLength:- a number which defines the encryption algorithm to be used. Values can be 40, 128 and 256 only.password:- a string containing the secret password which will be further used to unlock the PDF.
You might want to set other options for each encryption algorithm inside restrictions: JSON according to the keyLength you choose :-
Key Length: 40
| Option | Value | Description |
|---|---|---|
print: | 'y', 'n' | Determines whether or not to allow printing. |
modify: | 'y', 'n' | Determines whether or not to allow document modification. |
extract: | 'y', 'n' | Determines whether or not to allow text/image extraction. |
annotate: | 'y', 'n' | Determines whether or not to allow comments and form fill-in and signing. |
Key Length: 128
| Option | Value | Description |
|---|---|---|
print: | 'full', 'low', 'none' | full: allow full printing. low: allow low-resolution printing only. none: disallow printing. |
modify: | 'all', 'annotate', 'form', 'assembly', 'none' | all: allow full document modification. annotate: allow comment authoring and form operations. form: allow form field fill-in and signing. assembly: allow document assembly only. none: allow no modifications. |
extract: | 'y', 'n' | Determines whether or not to allow text/image extraction. |
useAes: | 'y', 'n' | AES encryption will be used instead of RC4 encryption. |
accessibility: | 'y', 'n' | Determines whether or not to allow accessibility to visually impaired. |
Key Length: 256
| Option | Value | Description |
|---|---|---|
print: | 'full', 'low', 'none' | full: allow full printing. low: allow low-resolution printing only. none: disallow printing. |
modify: | 'all', 'annotate', 'form', 'assembly', 'none' | all: allow full document modification. annotate: allow comment authoring and form operations. form: allow form field fill-in and signing. assembly: allow document assembly only. none: allow no modifications. |
extract: | 'y', 'n' | Determines whether or not to allow text/image extraction. |
accessibility: | 'y', 'n' | Determines whether or not to allow accessibility to visually impaired. |
Examples
Render and Save:
var qpdf = require('node-qpdf');
var options = {
keyLength: 128,
password: 'YOUR_PASSWORD_TO_ENCRYPT',
restrictions: {
print: 'low',
useAes: 'y'
}
}
qpdf.encrypt(localFilePath, options, outputFilePath);
Render and Stream:
var qpdf = require('node-qpdf');
var options = {
keyLength: 256,
password: 'YOUR_PASSWORD_TO_ENCRYPT',
restrictions: {
modify: 'none',
extract: 'n'
}
}
var doc = qpdf.encrypt(localFilePath, options, outputFilePath);
doc.stdout.pipe(res);
res.writeHead(200, {
'Content-Type': 'application/pdf',
'Access-Control-Allow-Origin': '*',
'Content-Disposition': 'inline; filename=order.pdf'
});
Decryption
You can decrypt your PDF by following:
var qpdf = require('node-qpdf');
qpdf.decrypt(localFilePath, 'YOUR_PASSWORD_TO_DECRYPT_PDF');
Examples
Render and Save:
var qpdf = require('node-qpdf');
qpdf.decrypt(localFilePath, 'YOUR_PASSWORD_TO_DECRYPT_PDF', outputFilePath);
Render and Stream:
var qpdf = require('node-qpdf');
var doc = qpdf.decrypt(localFilePath, 'YOUR_PASSWORD_TO_DECRYPT_PDF', outputFilePath);
doc.stdout.pipe(res);
res.writeHead(200, {
'Content-Type': 'application/pdf',
'Access-Control-Allow-Origin': '*',
'Content-Disposition': 'inline; filename=order.pdf'
});
Meta
Maintained by Nishit Hirani
Contributing
Bug reports and pull requests are welcome on GitHub at https://github.com/nrhirani/node-qpdf.
License
The npm package is available as open source under the terms of the MIT License.
FAQs
A Content Preserving transformations on PDFs wrapped around QPDF
The npm package node-qpdf receives a total of 3,241 weekly downloads. As such, node-qpdf popularity was classified as popular.
We found that node-qpdf demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 23 Jan 2018
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
Malicious npm Packages Use Telegram to Exfiltrate BullX Credentials
Socket uncovers an npm Trojan stealing crypto wallets and BullX credentials via obfuscated code and Telegram exfiltration.
By Kush Pandya - May 08, 2025
Research
Security News
Backdooring the IDE: Malicious npm Packages Hijack Cursor Editor on macOS
Malicious npm packages posing as developer tools target macOS Cursor IDE users, stealing credentials and modifying files to gain persistent backdoor access.
By Kirill Boychenko - May 07, 2025