Offline-first PDF viewing
Document rendering is designed to work with bundled assets and local viewing flows rather than remote runtime dependencies.
Product page
VSCode PDF Viewer Secure
Security-first, offline-first PDF viewing for Visual Studio Code.
VSCode PDF Viewer Secure is a hardened PDF viewer extension for Visual Studio Code business environments. It is designed to support controlled document viewing workflows with reduced attack surface, conservative defaults, and local bundled assets.
Key features
The extension favors safe defaults and explicit enablement. Core controls are intended to be understandable to engineering, IT, and security review teams.
Read-only by default
Default behavior is aligned with viewing rather than editing, helping reduce accidental or unauthorized document modification paths.
Restrictive webview CSP
The webview applies a restrictive Content Security Policy to narrow the execution surface inside the Visual Studio Code environment.
PDF scripting disabled
PDF scripting support is disabled to avoid enabling active content paths that are unnecessary for standard viewing use cases.
External links disabled by default
Outbound link behavior is conservative by default so document interaction stays predictable in controlled environments.
No shell or child-process execution
The extension is designed without shell invocation or child-process execution paths as part of normal product behavior.
Feature flags for controlled enablement
Optional behavior can be gated so teams can review and enable specific capabilities deliberately rather than implicitly.
Security posture
VSCode PDF Viewer Secure is designed to reduce attack surface for PDF viewing inside Visual Studio Code. It is intended for controlled business environments where conservative defaults, operational review, and local handling are preferred.
- Printing, download, open file, forms, and annotation editing are disabled by default.
- The extension uses a bundled viewer and local assets rather than depending on remote runtime resources for core viewing behavior.
- Default controls are chosen to support reviewable, predictable deployment profiles for enterprise and internal tool environments.
Disclaimer
This software is provided on an as-is basis, without warranties of any kind. ToppyMicroServices does not guarantee the absence of defects, vulnerabilities, or fitness for a particular deployment. Users are responsible for conducting their own technical, legal, and security review before production or business use.
Open source and attribution
VSCode PDF Viewer Secure is based on tomoki1207/vscode-pdfviewer and uses Mozilla PDF.js. License notices and attribution are preserved in accordance with upstream requirements.
Links
Public listings and support information for review, procurement, and internal evaluation.