New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

node-signpdf

Package Overview
Dependencies
Maintainers
1
Versions
30
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

node-signpdf

[![npm package](https://nodei.co/npm/node-signpdf.png?downloads=true&downloadRank=true&stars=true)](https://nodei.co/npm/node-signpdf/)

0.0.3
Source
npm
Version published
Weekly downloads
8.5K
23.47%
Maintainers
1
Weekly downloads
 
Created
Source

node-signpdf

npm package

Build Status

Simple signing of PDFs in node.

Usage

See Signing PDF in simple steps

Notes

  • The process of signing a document is described in the Digital Signatures in PDF document.

  • This lib:

    • requires the signature placeholder to already be in the document. Takes Buffers of the PDF and a P12 certificate to use when signing
    • does not cover multiple signatures, incremental updates, etc. Only the basic scenario of signing a freshly created PDF.

Signing PDF in simple steps

Generate a PDF

In the test PDFKit is used for generating the PDF. This also allows easy addition of the signature placeholder.

Append a signature placeholder

What's needed is a Sig element and a Widget that is also linked in a Form. The form needs to be referenced in the root descriptor of the PDF as well. A readable sample is available in the test.

Generate and apply signature

That's where node-signpdf kicks in. Given a PDF and a P12 certificate a signature is generated in detached mode and is replaced in the placeholder. This is best demonstrated in the tests.

Dependencies

node-forge is used for working with signatures. Curerntly a fork is used until a needed PR is accepted.

PDFKit is used in the tests for generating a PDF with a signature placeholder.

Credits

The whole signing flow is a rework of what's already in pdfsign.js so thanks go to @tbocek

FAQs

Package last updated on 10 Aug 2018

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Tick Tock, Your Credentials Are Gone: The Maven Package With a Monthly Theft Schedule

Research

Security News

Tick Tock, Your Credentials Are Gone: The Maven Package With a Monthly Theft Schedule

A malicious Maven package typosquatting a popular library is secretly stealing OAuth credentials on the 15th of each month, putting Java developers at risk.

By Kush Pandya  -  Mar 14, 2025