npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

sign-hash-pdf

v0.0.0

Published

Library that supports signing PDF documents by generating a hash value, then getting its signature provided by external services

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

ninh2k1ptitninh2k1ptit

Keywords

Readme

sign-hash-pdf

Library that supports signing PDF documents by generating a hash value, then getting its signature provided by external services

Installation

  npm install sign-hash-pdf

Usage

Declare the library and initialize the variable containing the PDF document

const fs = require("fs");
const { Pdf } = require("sign-hash-pdf");

const pdf = new Pdf(fs.readFileSync("./assets/document.pdf")); // Document as Uint8Array or Buffer

Next, create a placeholder and get the hash value to ask the external service to return the signature and certificate

const hash = await pdf.generateHexToBeSigned({
  x: 100,
  y: 100,
  width: 100,
  height: 200,
  signedBy: "your_name",
  reason: "your_reason",
  location: "your_country",
  contactInfo: "your_email",
  pageNumber: 1,
  background: fs.readFileSync("./assets/signature.png"),
  hashAlgorithm: "sha256",
});

Details about the parameters:

  • x, y are the coordinates of the placeholder. x = 0, y = 0 are the bottom left position of the document
  • pageNumber is the page of the document to which the placeholder will be attached
  • width, height are the size of the placeholder, it can be zero
  • signedBy, reason, location, contactInfo are some basic information, it can be changed - after the document has been signed
  • background is the display image of the placeholder, it can be null
  • hashAlgorithm is Cryptographic hash function used to create hash values ​​and also to create signatures in external services, be careful with this because hashAlgorithm does not match the algorithm returned from the external service will make the signature invalid
  • hashAlgorithm is supporting: md5, sha1, sha224, sha256, sha384, sha512

generateHexToBeSigned returns a Promise that emits a hexadecimal string (e.g. 314b301806092a864886f70d010903310b06092a864886f70d010701302f06092a864886f70d01090431220420072674532b01f3043898b959bb10792d6a28322486463610c985f8ee6014a9a5)

Send the hash value in the previous step to an external service to sign it. Some libraries can support this like jsrsasign.KJUR.crypto.Signature or java.security.Signature. Finally, use the sign function to replace the placeholder with a valid signature

pdf.sign({
  signature: signature,
  signatureAlgorithm: signatureAlgorithm,
  certificate: certificate,
});

fs.writeFileSync("pdf-signed.pdf", pdf.buffer.final); //The PDF document has been signed

Details about the parameters:

  • signature is the hexadecimal string received from the external service's response
  • signatureAlgorithm is the signature creation algorithm used by external services, for example: SHA256withECDSA, MD5withRSA,...
  • certificate is the PEM string that the external service used (along with a private key) to create a signature, for example:
-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgIEXinimTANBgkqhkiG9w0BAQsFADBqMQswCQYDVQQGEwJC
RTEMMAoGA1UECBMDT1ZMMQ4wDAYDVQQHEwVHaGVudDEXMBUGA1UEChMOaVRleHQg
U29mdHdhcmUxCzAJBgNVBAsTAklUMRcwFQYDVQQDEw5CcnVubyBTcGVjaW1lbjAg
Fw0xMjA4MDMyMTAwMDBaGA8yMTEyMDcxMDIxMDAwMFowajELMAkGA1UEBhMCQkUx
DDAKBgNVBAgTA09WTDEOMAwGA1UEBxMFR2hlbnQxFzAVBgNVBAoTDmlUZXh0IFNv
ZnR3YXJlMQswCQYDVQQLEwJJVDEXMBUGA1UEAxMOQnJ1bm8gU3BlY2ltZW4wggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCndrp+8IyR2cDnSH3O3p3zIohW
CqaKsz2jU7iTiujYDEGqeLJ/tLk+KCZ/qzH1SsYzMp8N6NgQTcBCwKkukrtO3CJv
gRPl0ObazZIua+1hB2eSi9cpERsihdvK5ZEwGTEIx1wMTTp0uGUkXgzN5ec6Slnz
0VRwG/9HIIAA9acbmIhNAI4IMxvNBqTilHY5pOnJYyGIJHc8NptsnG+ymgI9vscg
66yCWI0r2U47YigpKBCSi9efxGnXcSXV4TpZwSYMAUA/kQrxdUZILMkZl82XI/o/
Eyc76wyTQ9SCfFsXhTujhiz4Ckg68NqNgQ6NUIIJWj/u+94fH6k+WreQdLdvAgMB
AAGjITAfMB0GA1UdDgQWBBR3r9IU9woOYNOC/j1cQ/nf9+dKBzANBgkqhkiG9w0B
AQsFAAOCAQEAEy1Wmr3tudvP1H4gZVxlw+l3CMcEuR5Odt441wx3TIHFCjSWoCt4
KeS04QZrihl72NVSAdab5QRc9XL6POSTKGNS/vVK2WYY94quGUNo/To2X82Dwquc
TigV8FYiRO8OkXYHuUgchWuVqPG5/jKnpP4Gk+oqSb9I7KorcjyoWFW1nGjhlyYe
vePDB0jqKhRRvaMfwKH5peDXGbAKaHjFeuUVB96u3pwvvda/cssPWQUKwr5/iD7T
PaBB6Ei8P+0kjA3cFWTuH+M/weZrOlpx1x/2ua0Sfxa35OnSu1UhIe8B3RbITDSB
l7PnMelzKu1eetoNems8skdHKVQs9rCcEA==
-----END CERTIFICATE-----