Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
- Version
- 0.1.3
- Maintainers
- 1
Overview
This is a simple module to execute pdflatex in an easy and clean way. The pdflatex command line utility by default generates a lot of output and can create many files.
Instantiation
The PDFLaTeX class can be instantiated directly or through helpers:
- from_texfile(filename)
- from_binarystring(binstr, jobname)
- from_jinja2_template(jinja2_template, jobname = None, **render_kwargs)
jobname is any string that can be used to create a valid filename;
Examples:
In all the following examples, no files are left on the filesystem, unless requested with the keep_pdf_file and keep_log_file parameters to the create_pdf method.
Create PDF from .tex file
from pdflatex import PDFLaTeX
pdfl = PDFLaTeX.from_texfile('my_file.tex')
pdf, log, completed_process = pdfl.create_pdf(keep_pdf_file=True, keep_log_file=True)
The function create_pdf returns 3 results:
- The pdf file in a binary string;
- The log file generated by pdflatex as text;
- An instance of subprocess.CompleteProcess with the results of the pdflatex execution.
Also, create_pdf takes a few parameters:
- keep_pdf_file: an optional boolean. Default to False. If True a pdf file is maintained. Its location and name depends on the value of the -output-directory and -jobname parameters. It is also derived from the tex filename or the jinja2 template filename if no parameter is given;
- keep_log_file: same thing, for the log file.
- env: a default ENV mapping for the execution of pdflatex. You probably want to skip this.
Create PDF from Jinja2 Template
import os
import pdflatex
import jinja2
env = pdflatex.JINJA2_ENV
env['loader'] = jinja2.FileSystemLoader(os.path.abspath('.'))
env = jinja2.Environment(**env)
template = env.get_template('jinja.tex')
pdfl = pdflatex.PDFLaTeX.from_jinja2_template(template, data='Hello world!')
pdf, log, cp = pdfl.create_pdf()
Quite self explanatory, just note that pdflatex includes a dictionary JINJA2_ENV with a suggestion of environment parameters for you to use with jinja2 and LaTeX. It os defined as:
JINJA2_ENV = {'block_start_string': '\BLOCK{',
'block_end_string': '}',
'variable_start_string': '\VAR{',
'variable_end_string': '}',
'comment_start_string': '\#{',
'comment_end_string': '}',
'line_statement_prefix': '%%',
'line_comment_prefix': '%#',
'trim_blocks': True,
'autoescape': False }
Create PDF file from binary string:
import pdflatex
with open('my_file.tex', 'rb') as f:
pdfl = pdflatex.PDFLaTeX.from_binarystring(f.read(), 'my_file')
pdf, log, cp = pdfl.create_pdf()
FAQs
Simple wrapper to calling pdflatex
We found that pdflatex demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025
Application Security
/Research
/Security News
Updated and Ongoing Supply Chain Attack Targets CrowdStrike npm Packages
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.
By Kush Pandya, Peter van der Zee, Olivia Brown, Socket Research Team - Sep 16, 2025