Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
By Kush Pandya - Jun 06, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
- Maintainers
- 1
django-pikpdf - propper html to pdf generator
django-pikpdf is a Django app to generate pdfs from html templates. This app will capture the html from a template and convert it to a pdf file with all styles in tact - just like you see it in the browser
Produced by ISO/SEC27001 certified software development company - MB Pikutis
Generator method returns htp responce which you can directly return to screen and file bytes, if you want to attach file to email, or return different response
This generator does not rely on xhtml2pdf
Generator uses api on www.pikutis.lt site. No information sent to api is stored longer than required for processing.
To obtain API key, use contact form in the site.
Quick start
-
Add "django-pikpdf" to your INSTALLED_APPS setting like this::
INSTALLED_APPS = [ ..., "django_pikpdf", ] -
Add the following settings to your settings.py:
PIKUTIS_API_KEY=os.environ.get("PIKUTIS_API_KEY", None) # can be obtained from https://www.pikutis.lt for free SITE_URL = os.environ.get("SITE_URL", "https://www.pikutis.lt") # your website url PIKPDF_SHORT_URLS = ["/uploaded_images/"] # urls that you use to serve content from your site. Static and Media urls are parsed from STATIC_URL and MEDIA_URL settings. -
Include conversion method get_document_pdf_response and django render to string as so:
from django_pikpdf.converter import get_document_pdf_response from django.template.loader import render_to_string -
Include class to set params for your pdf printing
from django_pikpdf.controllers.api import PdfApiParams -
Use the parameters and method to convert your html to pdf and return a response:
pdf_api_params:PdfApiParams = PdfApiParams() pdf_api_params.display_header_footer = True pdf_api_params.print_background = False pdf_api_params.auth_token_name="TokenName" <-- Used to authenticate all requests for protected resources pdf_api_params.auth_token_value="TokenValue" <-- Used to authenticate all requests for protected resources http_response, file_bytes = get_document_pdf_response(html, "test.pdf", pdf_api_params) # HTTP response is a response object which will display pdf in browser screen # file_bytes is the pdf file buffer, which you can i.e. attach to email return http_response
Possible parameters for PdfApiParams class:
```
display_header_footer:bool = False
format:str = FORMAT_CHOICES["A4"]
landscape:bool = False
print_background:bool = False
prefer_css_page_size:bool = True
scale:float = 1.0
margin_top:float = 0
margin_bottom:float = 0
margin_left:float = 0
margin_right:float = 0
auth_token_name:str = None
auth_token_value:str = None
wait_timeout:int = 10
file_name:str = "generated.pdf"
That's it! You can now convert your html to pdf and return it as a response.
FAQs
A Django app to convert html to pdf
We found that django-pikpdf demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Supports pylock.toml Files
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
By Trevor Norris - Jun 05, 2025
Security News
Research
Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.
By Kush Pandya - Jun 05, 2025