chore(pdf-server): switch to maintained @cantoo/pdf-lib fork#651
Draft
chore(pdf-server): switch to maintained @cantoo/pdf-lib fork#651
Conversation
The original pdf-lib package has been unmaintained since Nov 2021. @cantoo/pdf-lib is an actively maintained, API-compatible fork with ongoing releases and accumulated bugfixes. Also updates test assertions from the deprecated PDFNumber.value() to PDFNumber.asNumber() per the fork's API guidance.
@modelcontextprotocol/ext-apps
@modelcontextprotocol/server-basic-preact
@modelcontextprotocol/server-basic-react
@modelcontextprotocol/server-basic-solid
@modelcontextprotocol/server-basic-svelte
@modelcontextprotocol/server-basic-vanillajs
@modelcontextprotocol/server-basic-vue
@modelcontextprotocol/server-budget-allocator
@modelcontextprotocol/server-cohort-heatmap
@modelcontextprotocol/server-customer-segmentation
@modelcontextprotocol/server-debug
@modelcontextprotocol/server-map
@modelcontextprotocol/server-pdf
@modelcontextprotocol/server-scenario-modeler
@modelcontextprotocol/server-shadertoy
@modelcontextprotocol/server-sheet-music
@modelcontextprotocol/server-system-monitor
@modelcontextprotocol/server-threejs
@modelcontextprotocol/server-transcript
@modelcontextprotocol/server-video-resource
@modelcontextprotocol/server-wiki-explorer
commit: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
pdf-lib@1.17.1(unmaintained since Nov 2021) with@cantoo/pdf-lib@^2.6.5inexamples/pdf-serverpdf-annotations.ts, two test files,tests/helpers/range-counting-server.ts)PDFNumber.value()withPDFNumber.asNumber()in test assertionsWhy
pdf-libhas had no release in 4+ years (see Hopding/pdf-lib#1423).@cantoo/pdf-libis the community-recognized successor: ~180k downloads/week, 12 releases in the last 8 months, MIT-licensed, drop-in API compatible. Snyk andnpm auditboth report 0 vulnerabilities for the fork and its transitive deps.Supply-chain scanners flag pdf-lib's
dist/pdf-lib.esm.min.jsas "obfuscated code" — that is a false positive on terser-minified output (noeval/Function/atob, sourcemap present), and the file is CDN-only (unpkgfield), never loaded by Node or our Vite/bun builds. The fork ships the samedist/layout, so this PR does not clear that scanner finding — it should be allowlisted separately. This PR is about moving to a maintained dependency.New transitive deps:
color,crypto-js@^4.2.0,node-html-better-parser(used by the fork's SVG/encryption features; all audited clean).Test plan
npm run --workspace examples/pdf-server build— typecheck + Vite + bun bundle all greennpm test— 374 pass / 0 failnpm run test:e2e— all green incl. PDF Server "loads app UI" + "screenshot matches golden"npm audit— no new advisories introduced (pre-existingpostcssfinding is unrelated, comes from Vite/Vue)