Skip to main content


Welcome to the Content Authenticity Initiative JavaScript SDK. This library aims to make viewing and verifying C2PA data in the browser as easy as possible. Because it's a client JavaScript SDK, it performs only read operations on C2PA manifests, unlike the Rust SDK, which can both read and write manifests.

The SDK is a monorepo containing the following packages intended for client use:

  • c2pa is the main package used for loading and verifying manifests. This package runs all of the processing logic on the client using a WebAssembly module and exposes a TypeScript-compatible API for easy integration.
  • c2pa-wc provides UI components designed with input from the C2PA UX working group. It enables users to get up and running with standard UI patterns quickly and easily in any front-end environment.
  • @contentauth/react-hooks provides a hooks interface for React components to quickly get manifest and thumbnail data in your React app.

To learn how to use these libraries, see the Quick start.

Additionally, the SDK includes the following supporting packages that are not intended for separate use:

  • @cai/toolkit contains the WebAssembly module, data binding functions, and related build tools. The c2pa package consumes this library under the hood. The WebAssembly module handles manifest parsing and validation.
  • @cai/detector provides a high-performance binary scanner to quickly detect if C2PA manifest data exists in a file. The c2pa package also consumes this library.


Developer friendly

The SDK makes integration easy, with full TypeScript support and robust debugging using the debug library.


The processing code of this library uses a high-performance WebAssembly binary. Additionally, the library offloads processing tasks to a configurable Web Worker pool to enable parallelization and avoid blocking a web application's main thread.

Lazy loading and processing

Since images can be quite large, the library inspects the start of an asset file for C2PA manifest data before requesting the entire file, if the server supports it. The library will download the rest of the asset only if it finds the metadata marker. Additionally, it delays loading the WebAssembly binary until it makes the first processing request.

Adherence to the C2PA specification

The SDK strives to maintain compliance with the C2PA specification as much as possible, and the web components follow the C2PA user experience guidance recommendations.

Security and encryption

The SDK handles all validation via the Web Crypto API and passes any validation errors back to the client.

Supported signature algorithms

The JS SDK supports all ECDSA and RSASSA-PSS algorithms listed in the C2PA specification.


Ed25519 signatures are currently not supported by the JS SDK.


The UI components are Web Components that use the Lit library. Because of this, you can use them in React, Vue, Angular, Svelte, or even vanilla JavaScript.