Project • Web App

PDF Changer

I wanted a PDF tool that doesn't upload my files to someone else's server. Most online tools do. So I built one that runs entirely in the browser — the backend only handles accounts and billing, it never touches a PDF.

Try it Source
ReactTypeScriptViteHonoCloudflare WorkersD1WebAuthnStripe
Nothing leaves the browser
All PDF processing uses pdf-lib, pdfjs-dist, and tesseract.js WASM. The API is auth and billing only — it never sees a file.
Metadata scrubber
Strips EXIF, IPTC, ICC profiles, embedded JS, and font subset fingerprints. Paranoid mode also randomizes document structure.
Passkey auth
No passwords anywhere. WebAuthn for login, recovery codes as backup. Sessions are signed cookies — no session store needed.

It's live

Frontend on Cloudflare Pages, API on Workers, D1 for the database. It's a PWA so it works offline after the first load. 140 tests across both apps.

Open it GitHub
pdf-changer.pages.dev
Cloudflare Pages + Workers
15 PDF tools
Merge, split, compress, rotate, crop, flatten, redact, OCR, watermark, sign, fill forms, image-to-PDF, page numbers, encrypt, unlock. All in-browser.
Metadata scrub
Goes deeper than most tools — scans the raw PDF buffer for JPEG/PNG markers and strips EXIF at the byte level, because pdf-lib doesn't expose embedded image streams.
Tracking dot detection
Renders pages to canvas and scans for yellow dot patterns (Machine Identification Codes). Printers embed these to fingerprint printed documents. Most people don't know they're there.
Pipeline
Chain operations together. Scrub, then flatten, then compress — one pass. I added this because doing three separate round-trips felt wasteful.
What's rough
  • No E2E tests yet — API integration tests are thin, mostly unit tests on crypto and cookie logic.
  • Stego detection is basic — flags yellow dots but doesn't decode the full MIC grid.
  • No monitoring or alerting. If something breaks in production I'd find out by checking manually.
  • Large PDFs (100+ pages) can be slow in-browser. Haven't done real performance profiling.
Next steps
  • Add integration tests for the API routes (register, login, billing flow).
  • Improve stego detection — decode the actual MIC dot pattern into printer serial/date.
  • Set up basic uptime monitoring and error alerting.
  • Profile and optimize large-file performance in the browser.
~17k
Lines of TS
15
PDF tools
140
Tests
2
Cloudflare apps