Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
PyMuPDF
A high performance Python library for data extraction, analysis, conversion & manipulation of PDF (and other) documents.
- Version
- 1.26.4
- Maintainers
- 1
PyMuPDF
PyMuPDF is a high performance Python library for data extraction, analysis, conversion & manipulation of PDF (and other) documents.
Community
Join us on Discord here: #pymupdf
Installation
PyMuPDF requires Python 3.9 or later, install using pip with:
pip install PyMuPDF
There are no mandatory external dependencies. However, some optional features become available only if additional packages are installed.
You can also try without installing by visiting PyMuPDF.io.
Usage
Basic usage is as follows:
import pymupdf # imports the pymupdf library
doc = pymupdf.open("example.pdf") # open a document
for page in doc: # iterate the document pages
text = page.get_text() # get plain text encoded as UTF-8
Documentation
Full documentation can be found on pymupdf.readthedocs.io.
Optional Features
- fontTools for creating font subsets.
- pymupdf-fonts contains some nice fonts for your text output.
- Tesseract-OCR for optical character recognition in images and document pages.
About
PyMuPDF adds Python bindings and abstractions to MuPDF, a lightweight PDF, XPS, and eBook viewer, renderer, and toolkit. Both PyMuPDF and MuPDF are maintained and developed by Artifex Software, Inc.
PyMuPDF was originally written by Jorj X. McKie.
License and Copyright
PyMuPDF is available under open-source AGPL and commercial license agreements. If you determine you cannot meet the requirements of the AGPL, please contact Artifex for more information regarding a commercial license.
FAQs
A high performance Python library for data extraction, analysis, conversion & manipulation of PDF (and other) documents.
We found that PyMuPDF demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025
Application Security
/Research
/Security News
Updated and Ongoing Supply Chain Attack Targets CrowdStrike npm Packages
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.
By Kush Pandya, Peter van der Zee, Olivia Brown, Socket Research Team - Sep 16, 2025