@pdfme/common MIT 10 versions

@pdfme/common

npm Repository Homepage

TypeScript base PDF generator and React base UI. Open source, developed by the community, and completely free to use under the MIT license!

10

Versions

MIT

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

hand-dot

Keywords

pdfpdf-designerpdf-generationpdf-viewerreacttypescript

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
semgrep	semgrep:child-process-import	AI (semgrep): child_process used only in set-version.js build script, not in published runtime code.	ai	2026/05/03
semgrep	semgrep:base64-decode	AI (semgrep): PDF library legitimately decodes base64 PDF data; stable pattern across all versions.	ai	2026/04/30
dependencies	unvetted-dep:@pdfme/pdf-lib	AI (dependencies): Internal pdfme org fork of pdf-lib; stable dependency pattern across all pdfme package versions.	ai	2026/04/29

Versions (showing 10 of 10)

Version	Deps	Published
6.1.5	4 / 1	2026-06-06
6.1.3	4 / 1	2026-06-04
6.1.2	4 / 1	2026-05-07
6.1.1	4 / 1	2026-05-03
6.1.0	4 / 1	2026-05-02
6.0.6	4 / 1	2026-04-03
6.0.5	4 / 1	2026-04-03
6.0.3	4 / 1	2026-04-03
6.0.0	4 / 1	2026-04-03
5.5.10	4 / 1	2026-03-20

v6.1.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.1.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.1.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.1.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.0.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.0.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.5.10

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.