The SDK is a monorepo containing the following packages intended for client use:
- c2pa is the main package used for loading and verifying manifests. This package runs all of the processing logic on the client using a WebAssembly module and exposes a TypeScript-compatible API for easy integration.
- c2pa-wc provides UI components designed with input from the C2PA UX working group. It enables users to get up and running with standard UI patterns quickly and easily in any front-end environment.
- @contentauth/react-hooks provides a hooks interface for React components to quickly get manifest and thumbnail data in your React app.
To learn how to use these libraries, see the Quick start.
Additionally, the SDK includes the following supporting packages that are not intended for separate use:
- @cai/toolkit contains the WebAssembly module, data binding functions, and related build tools. The
c2papackage consumes this library under the hood. The WebAssembly module handles manifest parsing and validation.
- @cai/detector provides a high-performance binary scanner to quickly detect if C2PA manifest data exists in a file. The
c2papackage also consumes this library.
The SDK makes integration easy, with full TypeScript support and robust debugging using the debug library.
The processing code of this library uses a high-performance WebAssembly binary. Additionally, the library offloads processing tasks to a configurable Web Worker pool to enable parallelization and avoid blocking a web application's main thread.
Lazy loading and processing
Since images can be quite large, the library inspects the start of an asset file for C2PA manifest data before requesting the entire file, if the server supports it. The library will download the rest of the asset only if it finds the metadata marker. Additionally, it delays loading the WebAssembly binary until it makes the first processing request.
Adherence to the C2PA specification
The SDK strives to maintain compliance with the C2PA specification as much as possible, and the web components follow the C2PA user experience guidance recommendations.
Security and encryption
The SDK handles all validation via the Web Crypto API and passes any validation errors back to the client.
Supported signature algorithms
The JS SDK supports all ECDSA and RSASSA-PSS algorithms listed in the C2PA specification.
Ed25519 signatures are currently not supported by the JS SDK.