npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@open-secure-viewer/irm

v9.1.0

Published

IRM key exchange module for Open Secure Viewer — RSA-4096 + AES-GCM WebCrypto

Downloads

2,045

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

prabhakarkumarprabhakarkumar

Keywords

irminformation-rights-managementdrmdocument-securitywebcryptokey-exchangersarsa-4096aesaes-gcmpdfsecure-pdfencrypted-documentosv

Readme

@open-secure-viewer/irm

Information Rights Management (IRM) key exchange for the Open Secure Viewer SDK. Implements RSA-4096 + AES-256-GCM key exchange using the browser's native WebCrypto API — zero persistence, zero backend code in the SDK.

Install

npm i @open-secure-viewer/irm @open-secure-viewer/core

How It Works

  1. Browser generates a one-time RSA-4096 key pair in memory (private key never leaves the browser)
  2. Public key is sent to your backend
  3. Backend encrypts the document AES key with the RSA public key and returns the encrypted blob
  4. SDK decrypts the AES key in-browser and uses it to decrypt the document bytes
  5. Key pair is discarded after use — nothing is stored in localStorage/sessionStorage/IndexedDB

React Hook

import { useIrmLoader } from '@open-secure-viewer/react';
import { SecureViewer, useOsvViewer } from '@open-secure-viewer/react';

function ProtectedDoc() {
  const { viewer } = useOsvViewer();
  const { loadIrmDocument, isExchanging, irmError } = useIrmLoader(viewer);

  useEffect(() => {
    loadIrmDocument({
      contentId: 'doc-123',
      getViewUrl: async (publicKey) => {
        const res = await fetch(`/api/view?pk=${publicKey}`);
        const { url } = await res.json();
        return url;
      },
    });
  }, []);
}

IntraLinks Proprietary PDF Filter (customHandlerId: 342553)

Some IntraLinks IRM PDFs embed a proprietary /Filter inside the PDF /Encrypt dictionary. PDFTron handles them via customHandlerId: 342553; the open-source PDFium build the SDK uses does not ship that handler, so loading fails with Unsupported security scheme even when the password is correct.

@open-secure-viewer/irm exports IntraLinksPdfHandler — a PdfSecurityHandler plugin that the core SDK invokes automatically after PDFium's initial load fails. It tries two strategies:

  1. AES-GCM whole-payload decrypt — for backends that wrap the document bytes in AES-GCM (key = SHA-256(password), IV = nonce). Mirrors the XLSX renderer's transport-layer fallback.
  2. PDF /Encrypt dictionary patching — rewrites the proprietary /Filter to /Standard so PDFium can decrypt the bytes with the supplied password. Works when the underlying cipher matches ISO 32000 AES.

Register once at app startup

import { OsvViewer } from '@open-secure-viewer/core';
import { IntraLinksPdfHandler } from '@open-secure-viewer/irm';

OsvViewer.registerPdfSecurityHandler(new IntraLinksPdfHandler());

Use from DocumentViewer.tsx

After registering the handler, pass the password + nonce returned from the RSA key exchange via fetchOpts — the SDK fetches and decrypts the PDF automatically.

import React, { useState, useEffect } from 'react';
import { SecureViewer } from '@open-secure-viewer/react';
import { registerOfficeRenderers } from '@open-secure-viewer/office';
import { OsvViewer } from '@open-secure-viewer/core';
import { IntraLinksPdfHandler } from '@open-secure-viewer/irm';
import { IlLoading } from 'il-framework-component/src/components/IlLoading';
import { IlContent } from '../ContentViewerComponent/contentViewerTypes';
import { consumeContentKey } from '../../../services/secureViewerService';

registerOfficeRenderers();
OsvViewer.registerPdfSecurityHandler(new IntraLinksPdfHandler());

interface IDocumentViewerComponentProps {
  viewerContent: IlContent;
  isContentLoading: boolean;
}

interface IIrmFetchOpts {
  password: string;
  nonce?: string;
  credentials: RequestCredentials;
}

const DocumentViewer: React.FC<IDocumentViewerComponentProps> = ({
  viewerContent,
  isContentLoading,
}) => {
  const [error, setError] = useState<string>();
  const [irmFetchOpts, setIrmFetchOpts] = useState<IIrmFetchOpts | null>(null);
  const { id, downloadUrl, isIRMProtected } = viewerContent;

  useEffect(() => {
    setError(undefined);
    setIrmFetchOpts(null);
    if (!isIRMProtected || !downloadUrl || !id) return;
    (async () => {
      const contentKey = await consumeContentKey(id, downloadUrl);
      setIrmFetchOpts({
        password:    contentKey.password,
        nonce:       contentKey.nonce,
        credentials: 'include',
      });
    })().catch((err: Error) => setError(err.message));
  }, [id, downloadUrl, isIRMProtected]);

  if (error) return <p role="alert">{error}</p>;

  const isLoading = isContentLoading || (isIRMProtected && irmFetchOpts === null);
  const fetchOpts = isIRMProtected && irmFetchOpts
    ? irmFetchOpts
    : { credentials: 'include' as RequestCredentials };

  return isLoading ? (
    <IlLoading />
  ) : (
    <SecureViewer
      source={downloadUrl}
      wasmUrl={`${process.env.PUBLIC_URL}/pdfium/pdfium.wasm`}
      security={{
        disablePrint:       true,
        disableCopy:        true,
        disableContextMenu: true,
        watermark: {
          diagonal: {
            text:     `CONFIDENTIAL — ${new Date().toLocaleDateString()}`,
            opacity:  0.12,
            fontSize: 40,
          },
        },
      }}
      style={{ width: '100%', height: 'calc(100vh - 48px)' }}
      fetchOpts={fetchOpts}
      onError={(err) => setError(err.message)}
    />
  );
};

export default DocumentViewer;

Customising the handler

If the IntraLinks /Filter name in your captured PDFs differs from the defaults (/IntraLinks, /ILSecurityHandler, /ILDRM, /ILRM), or if customHandlerId: 342553 uses non-standard /V / /R / /O / /U values, override via constructor options:

OsvViewer.registerPdfSecurityHandler(
  new IntraLinksPdfHandler({
    filterNames: ['IntraLinksCustom', 'MyCorp.IL'],
    debug:       true,
  }),
);

Inspect the /Encrypt dictionary in a captured IRM PDF (e.g. with qpdf --qdf input.pdf - or any hex editor) to discover the exact filter name. The il-viewer-app source is also authoritative — search for the PDFTron customHandlerId registration to confirm the filter token and the cipher parameters used.

Links

License

MIT