Releases: kovetz-PDF/pdf-defang
Releases · kovetz-PDF/pdf-defang
v0.1.0 - Initial release
First public release of pdf-defang — a lightweight Python library for stripping JavaScript, OpenAction, Launch actions, and other active content from PDFs.
Install
pip install pdf-defangHighlights
- Two levels:
strict(default) removes all active content;balancedpreserves form interactivity and embedded files for trusted sources. - 6 public APIs:
sanitize/scan, plus async variants for FastAPI/aiohttp, plus bytes variants for S3/Lambda pipelines. - 9 categories of dangerous content stripped: document JavaScript,
/OpenAction, document/page/annotation/AA, XFA forms, embedded files, dangerous annotation actions (/Launch,/GoToR,/ImportData, etc.), annotation/JSkeys, and unsafe URI schemes (javascript:,file:,data:, UNC paths). - Full encryption preservation when a password is supplied.
- CLI:
pdf-defang clean/pdf-defang scanwith--levelflag. - Field-tested against 4,558 real-world PDFs (1.96 GB), zero page-count regressions.
Quality
- 133 automated tests
- 90% code coverage
mypy --strictclean (6 files)ruffclean- CI matrix: Python 3.9 - 3.13 × Linux, macOS, Windows
Quick start
from pdf_defang import sanitize
# Public uploads (safest default):
sanitize("untrusted.pdf")
# Trusted internal form that needs Submit/Calculate buttons:
sanitize("expense_form.pdf", level="balanced")Origin
Extracted from production code at kovetz.co.il after an APT scanning campaign targeted PDF upload endpoints in May 2026. See the origin story for the full background.
Documentation
- Full docs site: https://kovetz-pdf.github.io/pdf-defang/
- API reference: https://kovetz-pdf.github.io/pdf-defang/api/
- What gets removed: https://kovetz-pdf.github.io/pdf-defang/protections/
- Comparison with Dangerzone: https://kovetz-pdf.github.io/pdf-defang/compare/dangerzone/
License
MIT.