@pdfme/schemas MIT 10 versions

@pdfme/schemas

npm Repository Homepage

TypeScript base PDF generator and React base UI. Open source, developed by the community, and completely free to use under the MIT license!

10

Versions

MIT

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

hand-dot

Keywords

pdfpdf-designerpdf-generationpdf-viewerreacttypescript

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
semgrep	semgrep:base64-decode	AI (semgrep): Decoding base64 image data URIs to get image dimensions is standard PDF library behavior, not a malicious payload.	ai	2026/04/30
dependencies	unvetted-dep:air-datepicker	AI (dependencies): air-datepicker is a well-known open-source datepicker; legitimate use in a PDF schema UI package.	ai	2026/04/29

Versions (showing 10 of 10)

Version	Deps	Published
6.1.5	8 / 7	2026-06-06
6.1.3	8 / 7	2026-06-04
6.1.2	8 / 7	2026-05-07
6.1.1	8 / 7	2026-05-03
6.1.0	8 / 7	2026-05-02
6.0.6	8 / 7	2026-04-03
6.0.5	8 / 7	2026-04-03
6.0.3	8 / 7	2026-04-03
6.0.0	8 / 7	2026-04-03
5.5.10	7 / 7	2026-03-20

v6.1.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.1.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.1.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.1.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.0.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.0.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.5.10

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.