🚀 Socket Launch Week Day 5:Introducing Repository Access Permissions and Custom Roles.Learn more
Sign In

pdfnative-cli

Package Overview
Dependencies
Maintainers
1
Versions
6
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

pdfnative-cli

Official CLI for pdfnative — render JSON to PDF, sign, and inspect. Zero extra runtime dependencies.

Source
npmnpm
Version
0.1.0
Version published
Weekly downloads
30
Maintainers
1
Weekly downloads
 
Created
Source

pdfnative-cli

CI CodeQL npm version npm downloads zero extra runtime dependencies TypeScript License: MIT npm provenance pdfnative website

Official CLI for the pdfnative library — render JSON to PDF, apply digital signatures, and inspect PDF conformance, directly from the terminal. Zero extra runtime dependencies.

Highlights

  • render — pipe a JSON document definition into a production-ready PDF (streaming supported)
  • sign — apply RSA or ECDSA digital signatures (CMS/PKCS#7) using key files or environment variables
  • inspect — analyse any PDF: version, page count, encryption, PDF/A conformance, signature count, metadata
  • Zero extra dependenciespdfnative is the only runtime dependency; all PDF logic lives there
  • Streaming output--stream on render emits PDF chunks progressively for large documents
  • Stdin / stdout — every command reads from stdin and writes to stdout by default, composable in shell pipelines
  • Secret-safe — signing keys are loaded from env vars (PDFNATIVE_SIGN_KEY/PDFNATIVE_SIGN_CERT) and never logged
  • ESM-first, TypeScript strict — built with tsup, typed declarations included
  • NPM provenance — signed builds via GitHub Actions OIDC

Supported Features

FeatureStatusNotes
Commands
render JSON → PDFStreaming, PDF/A conformance, stdin/stdout
sign digital signaturesRSA + ECDSA, CMS/PKCS#7, env var secrets
inspect PDF metadataVersion, pages, encryption, signatures, PDFA
Document Blocks
Headings, paragraphs, listsFull text styling support
TablesHeaders, rows, multi-page
BarcodesQR, Code 128, EAN-13, Data Matrix, PDF417
HyperlinksURL validation, blue underlined text
Form fieldsText, checkbox, radio, dropdown, listbox
Page breaks, spacersExplicit pagination control
Table of contentsAuto-generated with /GoTo links
Advanced Layouts
PDF/A archival (1b, 2b, 3b)--conformance flag
Streaming output--stream for large documents
CompressionVia pdfnative API (50–90% reduction)
Encryption (AES-128/256)⚠️Not exposed via CLI; use Node.js API
Watermarks⚠️Not exposed via CLI; use Node.js API
Custom headers/footers⚠️Not exposed via CLI; use footerText property
Custom page sizes⚠️Not exposed via CLI; use Node.js API

Note: Features marked ⚠️ are supported by pdfnative but not yet exposed through the CLI JSON interface. Use the pdfnative Node.js library directly for these features.

Installation

npm install --global pdfnative-cli

Or run without installing:

npx pdfnative-cli render --input doc.json --output report.pdf

Requirements: Node.js ≥ 20 | Bun | Deno (node dist/cli.cjs)

Documentation

Quick Start

Render a PDF from JSON

# From a file
pdfnative render --input document.json --output report.pdf

# From stdin
cat document.json | pdfnative render --output report.pdf

# Streaming (large documents)
pdfnative render --input big-doc.json --output report.pdf --stream

# PDF/A conformance
pdfnative render --input document.json --output archived.pdf --conformance 2b

document.json is a DocumentParams object:

{
  "title": "Monthly Report",
  "blocks": [
    { "type": "heading", "text": "Monthly Report", "level": 1 },
    { "type": "paragraph", "text": "Summary for April 2026." },
    { "type": "list", "style": "bullet", "items": ["Revenue: +18%", "NPS: 72"] }
  ],
  "footerText": "Confidential",
  "metadata": { "author": "Finance Team", "subject": "April 2026 Report" }
}

Sign a PDF

# Keys from environment variables (recommended for CI/CD)
export PDFNATIVE_SIGN_KEY="$(cat private.pem)"
export PDFNATIVE_SIGN_CERT="$(cat cert.pem)"
pdfnative sign --input document.pdf --output signed.pdf

# Keys from files
pdfnative sign --input document.pdf --output signed.pdf \
  --key private.pem --cert cert.pem

Inspect a PDF

# JSON output (default)
pdfnative inspect --input report.pdf

# Human-readable
pdfnative inspect --input report.pdf --format text

# From stdin
cat report.pdf | pdfnative inspect

Example output:

{
  "version": "1.7",
  "pageCount": 3,
  "encrypted": false,
  "pdfaConformance": "2b",
  "signatures": 1,
  "metadata": {
    "title": "Monthly Report",
    "author": "Nizoka",
    "creationDate": "2026-04-27T12:00:00+00:00"
  }
}

Examples

Ready-to-run examples are in samples/, organized by feature category:

CategoryExamplesDescription
render/document/5 filesMinimal, report, all-blocks reference, invoice, technical spec
render/table/2 filesProject status, financial summary
render/barcode/3 filesQR code, Code 128 shipping label, EAN-13 product
render/form/2 filesContact form, survey
render/toc/1 fileDocument with auto-generated table of contents
render/link/1 fileResource directory with hyperlinks
render/watermark/2 filesDraft watermark, confidential watermark
render/layout/3 filesUS Letter, A5 portrait, A4 landscape
render/pdfa/3 filesPDF/A-1b, PDF/A-2b, PDF/A-3b archival conformance
sign/2 scriptsDigital signature (Bash + PowerShell)
inspect/4 scriptsJSON & text inspection (Bash + PowerShell)
streaming/1 script200-section document via streaming render

Render all samples at once:

node samples/run-all.js

See samples/README.md for full descriptions, block type reference, and integration patterns (GitHub Actions, Docker, TypeScript).

Command Reference

pdfnative render

FlagDefaultDescription
--input <file>stdinPath to a JSON file containing DocumentParams
--output <file>stdoutOutput PDF path
--streamfalseUse streaming output (AsyncGenerator)
--conformance <level>PDF/A conformance level: 1b, 2b, or 3b

pdfnative sign

FlagDefaultDescription
--input <file>(required)Path to the input PDF
--output <file>stdoutOutput signed PDF path
--key <file>PDFNATIVE_SIGN_KEY envPath to PEM private key (env var takes precedence)
--cert <file>PDFNATIVE_SIGN_CERT envPath to PEM certificate (env var takes precedence)

pdfnative inspect

FlagDefaultDescription
--input <file>stdinPath to the PDF to inspect
--format <fmt>jsonOutput format: json or text

Security

  • Signing keys are never logged — not in error messages, not in debug output.
  • Path traversal protection — all file path arguments are validated against ../ sequences.
  • JSON size cap — input is capped at 50 MB before parsing to prevent memory exhaustion.
  • Signed builds with NPM provenance — verify at npmjs.com or with npm audit signatures.

See SECURITY.md for the full security policy and vulnerability disclosure procedure.

Getting Help

Have a question?

Found a bug?

Want to contribute?

  • 🤝 See CONTRIBUTING.md
  • 📝 All PRs add value — tests, docs, translations, samples

Citation

If you use pdfnative-cli in research or academic pipelines, please cite it:

@software{pdfnative_cli_2026,
  title  = {pdfnative-cli: Official CLI for the pdfnative PDF generation library},
  author = {Nizoka},
  year   = {2026},
  url    = {https://github.com/Nizoka/pdfnative-cli},
  license = {MIT}
}

See CITATION.cff for the full metadata (auto-detected by GitHub and Zenodo).

License

MIT — see LICENSE.

Keywords

pdf

FAQs

Package last updated on 27 Apr 2026

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts