Security News
The Hidden Blast Radius of the Axios Compromise
The Axios compromise shows how time-dependent dependency resolution makes exposure harder to detect and contain.
By Ahmad Nassri - Apr 01, 2026
New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details → →
@goongmaps/goong-map-react
Advanced tools
@goongmaps/goong-map-react | Documentation
@goongmaps/goong-map-react is a fork of react-map-gl. It provides React components for Goong GL JS. More information in the online documentation.
See our Design Philosophy.
Installation
Using @goongmaps/goong-map-react requires react >= 16.3.
npm install --save @goongmaps/goong-map-react
Example
import * as React from 'react';
import ReactMapGL from '@goongmaps/goong-map-react';
function Map() {
const [viewport, setViewport] = React.useState({
latitude: 21.03072,
longitude: 105.85239,
zoom: 12
});
return (
<ReactMapGL
{...viewport}
width="100%"
height="100%"
onViewportChange={(viewport) => setViewport(viewport)}
/>
);
}
Using Goong Maptiles key
To show maps from Goong you will need to register on our website in order to retrieve a map tiles key required by the map component, which will be used to identify you and start serving up map tiles. The service will be free until a certain level of traffic is exceeded.
There are several ways to provide a token to your app, as showcased in some of the example folders:
- Provide a
goongApiAccessTokenprop to the map component - Set the
GoongAccessTokenenvironment variable (or setREACT_APP_GOONG_ACCESS_TOKENif you are using Create React App)
But we would recommend using something like dotenv and put your key in an untracked .env file, that will then expose it as a process.env variable, with much less leaking risks.
Limitations
This library provides convenient wrappers around initializing and (to some degree) tracking the state of a Goong WebGL map. Because most of the functionality of Goong's JS API depends on the use of HTML5 canvases and WebGL, which React is not built to manipulate, the React component does not mirror all the functionality of Goong GL JS's Map class. You may access the native Goong API exposed by the getMap() function in this library. However, proceed with caution as calling the native APIs may break the connection between the React layer props and the underlying map state.
Examples of replacing common native API calls with their React equivalents can be found on the FAQ page.
Contribute
See contribution guide.
FAQs
A fork of react-map-gl. React components for Goong JS
The npm package @goongmaps/goong-map-react receives a total of 140 weekly downloads. As such, @goongmaps/goong-map-react popularity was classified as not popular.
We found that @goongmaps/goong-map-react demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Package last updated on 30 Dec 2022
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Supply Chain Attack on Axios Pulls Malicious Dependency from npm
A supply chain attack on Axios introduced a malicious dependency, plain-crypto-js@4.2.1, published minutes earlier and absent from the project’s GitHub releases.
By Socket Research Team - Mar 31, 2026
Research
TeamPCP Compromises Telnyx Python SDK to Deliver Credential-Stealing Malware
Malicious versions of the Telnyx Python SDK on PyPI delivered credential-stealing malware via a multi-stage supply chain attack.
By Socket Research Team - Mar 27, 2026