Gathering detailed insights and metrics for pdfjs-dist
Gathering detailed insights and metrics for pdfjs-dist
Installations
npm install pdfjs-distDeveloper
Developer Guide
BETA
Module System
CommonJS, UMD
Min. Node Version
>=18
Typescript Support
Yes
Node Version
20.18.0
NPM Version
10.8.2
Statistics
48,771 Stars
19,961 Commits
10,028 Forks
1,118 Watching
1 Branches
391 Contributors
Updated on 28 Nov 2024
Bundle Size
314.48 kB
Minified
90.89 kB
Minified + Gzipped
Languages
JavaScript (73.1%)
Fluent (24.15%)
CSS (1.81%)
HTML (0.92%)
TypeScript (0.02%)
Total Downloads
Cumulative downloads
Total Downloads
393,581,286
Last day
-6.8%
553,422
Compared to previous day
Last week
0.2%
3,030,350
Compared to previous week
Last month
11%
12,820,642
Compared to previous month
Last year
39%
136,328,388
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
PDF.js 
PDF.js is a Portable Document Format (PDF) viewer that is built with HTML5.
PDF.js is community-driven and supported by Mozilla. Our goal is to create a general-purpose, web standards-based platform for parsing and rendering PDFs.
Contributing
PDF.js is an open source project and always looking for more contributors. To get involved, visit:
- Issue Reporting Guide
- Code Contribution Guide
- Frequently Asked Questions
- Good Beginner Bugs
- Projects
Feel free to stop by our Matrix room for questions or guidance.
Getting Started
Online demo
Please note that the "Modern browsers" version assumes native support for the latest JavaScript features; please also see this wiki page.
-
Modern browsers: https://mozilla.github.io/pdf.js/web/viewer.html
-
Older browsers: https://mozilla.github.io/pdf.js/legacy/web/viewer.html
Browser Extensions
Firefox
PDF.js is built into version 19+ of Firefox.
Chrome
- The official extension for Chrome can be installed from the Chrome Web Store. This extension is maintained by @Rob--W.
- Build Your Own - Get the code as explained below and issue
npx gulp chromium. Then open Chrome, go toTools > Extensionand load the (unpackaged) extension from the directorybuild/chromium.
Getting the Code
To get a local copy of the current code, clone it using git:
$ git clone https://github.com/mozilla/pdf.js.git
$ cd pdf.js
Next, install Node.js via the official package or via nvm. If everything worked out, install all dependencies for PDF.js:
$ npm install
Finally, you need to start a local web server as some browsers do not allow opening
PDF files using a file:// URL. Run:
$ npx gulp server
and then you can open:
Please keep in mind that this assumes the latest version of Mozilla Firefox; refer to Building PDF.js for non-development usage of the PDF.js library.
It is also possible to view all test PDF files on the right side by opening:
Building PDF.js
In order to bundle all src/ files into two production scripts and build the generic
viewer, run:
$ npx gulp generic
If you need to support older browsers, run:
$ npx gulp generic-legacy
This will generate pdf.js and pdf.worker.js in the build/generic/build/ directory (respectively build/generic-legacy/build/).
Both scripts are needed but only pdf.js needs to be included since pdf.worker.js will
be loaded by pdf.js. The PDF.js files are large and should be minified for production.
Using PDF.js in a web application
To use PDF.js in a web application you can choose to use a pre-built version of the library
or to build it from source. We supply pre-built versions for usage with NPM and Bower under
the pdfjs-dist name. For more information and examples please refer to the
wiki page on this subject.
Including via a CDN
PDF.js is hosted on several free CDNs:
- https://www.jsdelivr.com/package/npm/pdfjs-dist
- https://cdnjs.com/libraries/pdf.js
- https://unpkg.com/pdfjs-dist/
Learning
You can play with the PDF.js API directly from your browser using the live demos below:
More examples can be found in the examples folder. Some of them are using the pdfjs-dist package, which can be built and installed in this repo directory via npx gulp dist-install command.
For an introduction to the PDF.js code, check out the presentation by our contributor Julian Viereck:
More learning resources can be found at:
The API documentation can be found at:
Questions
Check out our FAQs and get answers to common questions:
Talk to us on Matrix:
File an issue:
Stable Version
The latest stable version of the package.
Stable Version
4.8.69
HIGH
3
HIGH
8.8/10
Summary
Malicious PDF can inject JavaScript into PDF Viewer
Affected Versions
< 1.10.100
Patched Versions
1.10.100
HIGH
8.8/10
Summary
Malicious PDF can inject JavaScript into PDF Viewer
Affected Versions
>= 2.0.0, < 2.0.550
Patched Versions
2.0.550
HIGH
0/10
Summary
PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF
Affected Versions
<= 4.1.392
Patched Versions
4.2.67
Reason
no dangerous workflow patterns detected
Reason
30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Reason
all changesets reviewed
Reason
security policy file detected
Details
- Info: security policy file detected: .github/SECURITY.md:1
- Info: Found linked content: .github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: .github/SECURITY.md:1
- Info: Found text in security policy: .github/SECURITY.md:1
Reason
GitHub workflow tokens follow principle of least privilege
Details
- Info: topLevel 'contents' permission set to 'read': .github/workflows/ci.yml:4
- Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:4
- Info: topLevel 'contents' permission set to 'read': .github/workflows/fluent_linter.yml:19
- Info: topLevel 'contents' permission set to 'read': .github/workflows/font_tests.yml:23
- Info: topLevel 'contents' permission set to 'read': .github/workflows/lint.yml:4
- Info: topLevel 'contents' permission set to 'read': .github/workflows/publish_release.yml:6
- Info: topLevel 'contents' permission set to 'read': .github/workflows/publish_website.yml:7
- Info: topLevel 'contents' permission set to 'read': .github/workflows/types_tests.yml:4
- Info: no jobLevel write permissions found
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/publish_release.yml:10
Reason
no binaries found in the repo
Reason
project is fuzzed
Details
- Info: OSSFuzz integration found
Reason
SAST tool is run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Info: all commits (30) are checked with a SAST tool
Reason
0 existing vulnerabilities detected
Reason
dependency not pinned by hash detected -- score normalized to 2
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla/pdf.js/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla/pdf.js/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla/pdf.js/codeql.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla/pdf.js/codeql.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla/pdf.js/codeql.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla/pdf.js/codeql.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fluent_linter.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla/pdf.js/fluent_linter.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fluent_linter.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla/pdf.js/fluent_linter.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/font_tests.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla/pdf.js/font_tests.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/font_tests.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla/pdf.js/font_tests.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/font_tests.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla/pdf.js/font_tests.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla/pdf.js/lint.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla/pdf.js/lint.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish_release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla/pdf.js/publish_release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish_release.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla/pdf.js/publish_release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish_website.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla/pdf.js/publish_website.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish_website.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla/pdf.js/publish_website.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish_website.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla/pdf.js/publish_website.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish_website.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla/pdf.js/publish_website.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/types_tests.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla/pdf.js/types_tests.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/types_tests.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/mozilla/pdf.js/types_tests.yml/master?enable=pin
- Warn: pipCommand not pinned by hash: .github/workflows/fluent_linter.yml:38
- Warn: pipCommand not pinned by hash: .github/workflows/font_tests.yml:59
- Info: 0 out of 21 GitHub-owned GitHubAction dependencies pinned
- Info: 6 out of 6 npmCommand dependencies pinned
- Info: 0 out of 2 pipCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
Project has not signed or included provenance with any releases.
Details
- Warn: release artifact v4.8.69 not signed: https://api.github.com/repos/mozilla/pdf.js/releases/183222224
- Warn: release artifact v4.7.76 not signed: https://api.github.com/repos/mozilla/pdf.js/releases/178562973
- Warn: release artifact v4.6.82 not signed: https://api.github.com/repos/mozilla/pdf.js/releases/172948034
- Warn: release artifact v4.5.136 not signed: https://api.github.com/repos/mozilla/pdf.js/releases/167474243
- Warn: release artifact v4.4.168 not signed: https://api.github.com/repos/mozilla/pdf.js/releases/163403167
- Warn: release artifact v4.8.69 does not have provenance: https://api.github.com/repos/mozilla/pdf.js/releases/183222224
- Warn: release artifact v4.7.76 does not have provenance: https://api.github.com/repos/mozilla/pdf.js/releases/178562973
- Warn: release artifact v4.6.82 does not have provenance: https://api.github.com/repos/mozilla/pdf.js/releases/172948034
- Warn: release artifact v4.5.136 does not have provenance: https://api.github.com/repos/mozilla/pdf.js/releases/167474243
- Warn: release artifact v4.4.168 does not have provenance: https://api.github.com/repos/mozilla/pdf.js/releases/163403167
Score
8.4
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More