npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@signature-kit/pdf

v0.3.0

Published

PDF/PAdES document preparation, visible signature placement, stamping, signing, verification, rubric stamping, merge helpers, and browser text-box extraction.

Readme

@signature-kit/pdf

PDF/PAdES document preparation, visible signature placement, stamping, signing, verification, rubric stamping, merge helpers, and browser text-box extraction.

Install

bun add @signature-kit/pdf @signature-kit/signatures @signature-kit/cms effect

Add a signer backend at the application boundary, for example:

bun add @signature-kit/a1

effect is a direct runtime dependency. The package consumes signing power through @signature-kit/signatures.

Public surface

  • @signature-kit/pdf/config — PDF schemas, signing/stamping/builder contracts, error catalog, and message catalog.
  • @signature-kit/pdf/signsignPdf for detached CMS/PAdES signing over a prepared placeholder.
  • @signature-kit/pdf/verifyverifyPdf for ByteRange, CMS, and optional trusted-root chain verification.
  • @signature-kit/pdf/stamp — badge layout, QR/link stamping, visible-signature stamping, initials/rubric helpers, and coordinate conversion.
  • @signature-kit/pdf/anchorsfindPdfTextAnchors for text-anchor placement.
  • @signature-kit/pdf/workflow — high-level load/template/prepare/sign batch workflows.
  • @signature-kit/pdf/builder — pure signature-field builder operations.
  • @signature-kit/pdf/builder-store — external builder store and placement queue helpers.
  • @signature-kit/pdf/byte-range — placeholder preparation and signature extraction helpers.
  • @signature-kit/pdf/mergemergePdfs; it copies pages only and intentionally drops source AcroForms, outlines, metadata, and attachments.
  • @signature-kit/pdf/liteparse-browser — browser-only LiteParse text-box extraction.

Verification coverage semantics: every signature ByteRange must start at byte 0, each signature must cryptographically verify, and the newest signature must cover the file end. Without trustedRoots, verifyPdf checks coverage and CMS cryptography but does not bind the signer to a trusted chain. Supplying trustedRoots makes chainValid and the final valid verdict require chain validation.

Rubrics never stamp the same page as the full visible signature block. rubricPageIndexesExcludingSignature(...) skips the main signature page, and single-page documents receive only the main block.

Example

import { a1SignaturesLayer } from "@signature-kit/a1/signer";
import { prepareAndSignPdf } from "@signature-kit/pdf/workflow";
import { verifyPdf } from "@signature-kit/pdf/verify";
import { Effect, Redacted } from "effect";

declare const pdf: Uint8Array;
declare const pfx: Uint8Array;
declare const trustedRoots: Uint8Array[];

const program = Effect.gen(function* () {
  const signed = yield* prepareAndSignPdf({
    pdf,
    badge: {
      header: { text: "Assinado digitalmente" },
      rows: [[{ label: "Documento", value: "Contrato" }]],
      footer: [{ text: "Validar no ITI", link: "https://validar.iti.gov.br/" }],
      qr: { text: "https://validar.iti.gov.br/" },
    },
    signing: {
      policy: "pades-icp-brasil",
      reason: "Assinatura digital",
      name: "Maria Silva",
      location: "BR",
    },
  });

  const verification = yield* verifyPdf({ pdf: signed, trustedRoots });
  return { signed, verification };
}).pipe(Effect.provide(a1SignaturesLayer({ pfx, password: Redacted.make("secret") })));

Errors and i18n

PDF failures use the PdfError code catalog and pdfErrorMessages; CMS and signer failures can also surface from signing workflows. Applications can render localized copy through @signature-kit/i18n with the catalogs for every package they call.

Docs: https://signaturekit.dev/en-US/docs/signing/pdf.

License

MIT. See LICENSE.