npmpackage.info

pdfjs-dist

PDF Reader in JavaScript

4.8.69

48,771

Apache-2.0

JavaScript

90.89 kB

393,581,286 8.4

Installations

npm install pdfjs-dist

Pull Requests

Open

35

Total

8,802

Closed

1,183

Merged

7,584

Issues

Open

384

Total

9,954

Closed

9,570

Releases

v4.8.69

Published on 02 Nov 2024

v4.7.76

Published on 06 Oct 2024

v4.6.82

Published on 01 Sept 2024

v4.5.136

Published on 27 Jul 2024

v4.4.168

Published on 01 Jul 2024

v4.3.136

Published on 28 May 2024

View all 67 releases

Developer

mozilla

Developer Guide

BETA

Module System

CommonJS, UMD

Min. Node Version

>=18

Typescript Support

Yes

Node Version

20.18.0

NPM Version

10.8.2 Statistics

48,771 Stars

19,961 Commits

10,028 Forks

1,118 Watching

1 Branches

391 Contributors

Updated on 28 Nov 2024

Bundle Size

314.48 kB

Minified

90.89 kB

Minified + Gzipped

Bundlephobia

Languages

JavaScript (73.1%)

Fluent (24.15%)

CSS (1.81%)

HTML (0.92%)

TypeScript (0.02%)

Total Downloads

Cumulative downloads

Total Downloads

393,581,286

Last day

-6.8%

553,422

Compared to previous day

Last week

0.2%

3,030,350

Compared to previous week

Last month

11%

12,820,642

Compared to previous month

Last year

39%

136,328,388

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Optional Dependencies

canvas path2d

Versions

PDF.js

PDF.js is a Portable Document Format (PDF) viewer that is built with HTML5.

PDF.js is community-driven and supported by Mozilla. Our goal is to create a general-purpose, web standards-based platform for parsing and rendering PDFs.

Contributing

PDF.js is an open source project and always looking for more contributors. To get involved, visit:

Feel free to stop by our Matrix room for questions or guidance.

Getting Started

Online demo

Please note that the "Modern browsers" version assumes native support for the latest JavaScript features; please also see this wiki page.

Modern browsers: https://mozilla.github.io/pdf.js/web/viewer.html
Older browsers: https://mozilla.github.io/pdf.js/legacy/web/viewer.html

Browser Extensions

Firefox

PDF.js is built into version 19+ of Firefox.

Chrome

The official extension for Chrome can be installed from the Chrome Web Store. This extension is maintained by @Rob--W.
Build Your Own - Get the code as explained below and issue npx gulp chromium. Then open Chrome, go to Tools > Extension and load the (unpackaged) extension from the directory build/chromium.

Getting the Code

To get a local copy of the current code, clone it using git:

$ git clone https://github.com/mozilla/pdf.js.git
$ cd pdf.js

Next, install Node.js via the official package or via nvm. If everything worked out, install all dependencies for PDF.js:

$ npm install

Finally, you need to start a local web server as some browsers do not allow opening PDF files using a file:// URL. Run:

$ npx gulp server

and then you can open:

http://localhost:8888/web/viewer.html

Please keep in mind that this assumes the latest version of Mozilla Firefox; refer to Building PDF.js for non-development usage of the PDF.js library.

It is also possible to view all test PDF files on the right side by opening:

http://localhost:8888/test/pdfs/?frame

Building PDF.js

In order to bundle all src/ files into two production scripts and build the generic viewer, run:

$ npx gulp generic

If you need to support older browsers, run:

$ npx gulp generic-legacy

This will generate pdf.js and pdf.worker.js in the build/generic/build/ directory (respectively build/generic-legacy/build/). Both scripts are needed but only pdf.js needs to be included since pdf.worker.js will be loaded by pdf.js. The PDF.js files are large and should be minified for production.

Using PDF.js in a web application

To use PDF.js in a web application you can choose to use a pre-built version of the library or to build it from source. We supply pre-built versions for usage with NPM and Bower under the pdfjs-dist name. For more information and examples please refer to the wiki page on this subject.

Including via a CDN

PDF.js is hosted on several free CDNs:

Learning

You can play with the PDF.js API directly from your browser using the live demos below:

Interactive examples

More examples can be found in the examples folder. Some of them are using the pdfjs-dist package, which can be built and installed in this repo directory via npx gulp dist-install command.

For an introduction to the PDF.js code, check out the presentation by our contributor Julian Viereck:

https://www.youtube.com/watch?v=Iv15UY-4Fg8

More learning resources can be found at:

https://github.com/mozilla/pdf.js/wiki/Additional-Learning-Resources

The API documentation can be found at:

https://mozilla.github.io/pdf.js/api/

Questions

Check out our FAQs and get answers to common questions:

https://github.com/mozilla/pdf.js/wiki/Frequently-Asked-Questions

Talk to us on Matrix:

https://chat.mozilla.org/#/room/#pdfjs:mozilla.org

File an issue:

https://github.com/mozilla/pdf.js/issues/new/choose

Stable Version

The latest stable version of the package.

Stable Version

4.8.69

HIGH

8.8/10

Summary

Malicious PDF can inject JavaScript into PDF Viewer

Affected Versions

< 1.10.100

Patched Versions

1.10.100

HIGH

8.8/10

Summary

Malicious PDF can inject JavaScript into PDF Viewer

Affected Versions

>= 2.0.0, < 2.0.550

Patched Versions

2.0.550

HIGH

0/10

Summary

PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF

Affected Versions

<= 4.1.392

Patched Versions

4.2.67

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Maintained

Determines if the project is "actively maintained".

10

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

10

Security-Policy

Determines if the project has published a security policy.

10

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

10

License

Determines if the project has defined a license.

10

Packaging

Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Fuzzing

Determines if the project uses fuzzing.

10

SAST

Determines if the project uses static code analysis.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

2

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 2

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla/pdf.js/ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla/pdf.js/ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla/pdf.js/codeql.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla/pdf.js/codeql.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla/pdf.js/codeql.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla/pdf.js/codeql.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fluent_linter.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla/pdf.js/fluent_linter.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fluent_linter.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla/pdf.js/fluent_linter.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/font_tests.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla/pdf.js/font_tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/font_tests.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla/pdf.js/font_tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/font_tests.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla/pdf.js/font_tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla/pdf.js/lint.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla/pdf.js/lint.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish_release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla/pdf.js/publish_release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish_release.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla/pdf.js/publish_release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish_website.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla/pdf.js/publish_website.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish_website.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla/pdf.js/publish_website.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish_website.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla/pdf.js/publish_website.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish_website.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla/pdf.js/publish_website.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/types_tests.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla/pdf.js/types_tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/types_tests.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla/pdf.js/types_tests.yml/master?enable=pin
Warn: pipCommand not pinned by hash: .github/workflows/fluent_linter.yml:38
Warn: pipCommand not pinned by hash: .github/workflows/font_tests.yml:59
Info: 0 out of 21 GitHub-owned GitHubAction dependencies pinned
Info: 6 out of 6 npmCommand dependencies pinned
Info: 0 out of 2 pipCommand dependencies pinned

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Signed-Releases

Determines if the project cryptographically signs release artifacts.

Score

8.4

/10

Last Scanned on 2024-11-18

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

Other packages similar to pdfjs-dist

@bundled-es-modules/pdfjs-dist

3.6.172-alpha.1

mirror of pdfjs-dist, bundled and exposed as ES module

simple-react-pdf

1.0.9

Simple PDF React component with vertical scroll bar (pdfjs-dist, ES6 syntax, Babel, Browserify).

pdfjs-dist-legacy

1.0.1

a legacy implementation of pdfjs-dist

pdfjs-dist-viewer-angular

1.0.3

pdfjs-dist non-agnostic language viewer