Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@fulcrum/tokml
Advanced tools
Forked from https://github.com/mapbox/tokml
This fork changes each <Style>
node to include <IconStyle>
, <LineStyle>
and <PolyStyle>
nodes, each
with an appropriate <color>
node. All <Placemark>
nodes have a styleHash
associated with them so the styles
apply to each shape. This approach supports Fulcrum data,
which can contain multiple geometry types (Point, LineString, Polygon, MultiPoint, MultiLineString, MultiPolygon)
within the same file, and seems to apply colors correctly (in most tools).
The parent (and original) projects used a
mapbox.com
url for the href
in <Icon>
nodes. This url may have intended to return an icon, but it appears to no
longer be (publicly) accessible. A new iconUrl
option has been introduced to allow using a different url, however this
url will apply to all <Style><IconStyle><Icon>
nodes, which may cause Point data to show in the incorrect color.
with node/browserify
npm install --save @fulcrumapp/tokml
otherwise:
wget https://raw.github.com/fulcrumapp/tokml/master/tokml.js
as a binary:
npm install -g @fulcrumapp/tokml
tokml file.geojson > file.kml
tokml < file.geojson > file.kml
ESM
import * as tokml from "@fulcrumapp/tokml"
CommonJS
var tokml = require('@fulcrumapp/tokml')
Browser
You can also load the built tokml.js
file directly in a browser script tag and access it globally as tokml()
// kml is a string of KML data, geojsonObject is a JavaScript object of
// GeoJSON data
var kml = tokml(geojsonObject);
// grab name and description properties from each object and write them in
// KML
var kmlNameDescription = tokml(geojsonObject, {
name: "name",
description: "description",
});
// name and describe the KML document as a whole
var kmlDocumentName = tokml(geojsonObject, {
documentName: "My List Of Markers",
documentDescription: "One of the many places you are not I am",
});
tokml(geojsonObject, [options])
Given GeoJSON data as an object, return KML data as a string of XML.
options
is an optional object that takes the following options:
The property to name/description mapping: while GeoJSON supports freeform
properties
on each feature, KML has an expectation of name
and description
properties that are often styled and displayed automatically. These options let
you define a mapping from the GeoJSON style to KML's.
name
: the name of the property in each GeoJSON Feature that contains
the feature's namedescription
: the name of the property in each GeoJSON Feature that contains
the feature's descriptionTimestamp: KML can associate features with a moment in time via the TimeStamp
tag. GeoJSON doesn't
have a comparable field, but a custom property can be mapped
timestamp
: the name of the property in each GeoJSON Feature that contains
a timestamp in XML Schema Time (yyyy-mm-ddThh:mm:sszzzzzz)Document name and description: KML supports name
and description
properties
for the full document.
documentName
: the name of the full documentdocumentDescription
: the description of the full documentsimplestyle-spec support:
simplestyle
: set to true
to convert simplestyle-spec styles into KML stylesiconUrl
: override the href
of the <Icon>
nodes within each <Style>
Requires node.js and browserify:
To build tokml.js
:
make
To run tests:
yarn install
yarn run test
FAQs
convert geojson to kml
We found that @fulcrum/tokml demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.