You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

pdf-signature-reader

Package Overview
Dependencies
Maintainers
1
Versions
8
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

pdf-signature-reader

Verify the digital signature of the pdf

1.4.3
latest
Source
npmnpm
Version published
Weekly downloads
812
15.83%
Maintainers
1
Weekly downloads
 
Created
Source

Verifying PDF signature

The signed PDF file has the public certificate embedded in it, so all we need to verify a PDF file is the file itself. This package is a clone from ninja-labs-tech/verify-pdf with update on dependencies, cause we got issue when installing the package with node >= 16 & npm >= 8

Installation

npm i pdf-signature-reader

Importing

// CommonJS require
const verifyPDF = require('pdf-signature-reader');

// ES6 imports
import verifyPDF from 'pdf-signature-reader';

Verifying

Verify the digital signature of the pdf and extract the certificates details

Node.js

const verifyPDF = require('pdf-signature-reader');
const signedPdfBuffer = fs.readFileSync('yourPdf');

const {
    verified,
    authenticity,
    integrity,
    expired,
    signatures
} = verifyPDF(signedPdfBuffer);

Browser

import verifyPDF from 'pdf-signature-reader';

const readFile = (e) => {
    const file = e.target.files[0]
    let reader = new FileReader();
    reader.onload = function(e) {
        const { verified } = verifyPDF(reader.result);
    }
    reader.readAsArrayBuffer(file);
};
  • signedPdfBuffer: signed PDF as buffer.
  • verified: The overall status of verification process.
  • authenticity: Indicates if the validity of the certificate chain and the root CA (overall in case of multiple signatures).
  • integrity: Indicates if the pdf has been tampered with or not (overall in case of multiple signatures).
  • expired: Indicates if any of the certificates has expired.
  • signatures: Array that contains the certificate details and signatureMeta (Reason, ContactInfo, Location and Name) for each signature.

Certificates

You can get the details of the certificate chain by using the following api.

const { getCertificatesInfoFromPDF } = require('pdf-signature-reader');  // require

import { getCertificatesInfoFromPDF } from 'pdf-signature-reader';  // ES6


const certs = getCertificatesInfoFromPDF(signedPdfBuffer);

  • signedPdfBuffer: signed PDF as buffer.

  • certs:

    • issuedBy: The issuer of the certificate.
    • issuedTo: The owner of the certificate.
    • validityPeriod: The start and end date of the certificate.
    • pemCertificate: Certificate in pem format.
    • clientCertificate: true for the client certificate.

Credits

Keywords

pdf
signature
digital signature
node
nodejs
verify

FAQs

Package last updated on 05 Apr 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Active Supply Chain Attack: npm Phishing Campaign Leads to Prettier Tooling Packages Compromise

Security News

Active Supply Chain Attack: npm Phishing Campaign Leads to Prettier Tooling Packages Compromise

Popular npm packages like eslint-config-prettier were compromised after a phishing attack stole a maintainer’s token, spreading malicious updates.

By Sarah Gooding  -  Jul 19, 2025
npm Phishing Email Targets Developers with Typosquatted Domain

Security News

/

Research

npm Phishing Email Targets Developers with Typosquatted Domain

A phishing attack targeted developers using a typosquatted npm domain (npnjs.com) to steal credentials via fake login pages - watch out for similar scams.

By Sarah Gooding  -  Jul 18, 2025