Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
@here/harp.gl
Advanced tools
Readme
This is convienience module that provides harp.gl
as
JS-friendly bundle, with whole harp.gl
API exposed in harp
namespace.
Usage example with unpkg.com
CDN:
<script src="https://unpkg.com/three/build/three.min.js"></script>
<!-- harp.gl bundle requires specific threejs version to be already loaded in runtime -->
<script src="https://unpkg.com/@here/harp.gl/dist/harp.js"></script>
<!-- latest version of harp.gl bundle -->
<script>
const canvas = document.getElementById("mapCanvas");
const map = new harp.MapView({
canvas,
theme:
"https://unpkg.com/@here/harp-map-theme@0.2.2/resources/berlin_tilezen_base.json"
});
...
</script>
This snippets loads all required scripts and creates MapView
with theme
loaded from unpkg.com
CDN.
@here/harp.gl
provides following bundles:
harp.js
and harp.min.js
containing selected symbols from these
bundles in harp
namespace:
MapView
functionality - @here/harp-mapview
@here/harp-geoutils
@here/harp-controls
(excluding [CameraAnimation] related functions)@here/harp-vectortile-datasource
@here/harp-features-datasource
@here/harp-webtile-datasource
@here/harp-geojson-datasource
harp-decoders.js
same-origin
policy,three.js
implementation, which usually is detected
automatically (it re-uses same script URL that is used in main JS runtime).harp.js
bundle depends on Three.JS being already loaded in Javascript
Runtime.harp.gl
uses Web Workers from harp-decoders.js
to offload CPU intensive work from main thread
(in particular for
OmvDataSource and
GeoJsonDataProvider.
Web Workers.harp.gl
detects URL from which is loaded and by default detects location of
harp-decoders.js
which is distributed together. That may cause problems with same-origin
policy that mandates that Web Workers can be loaded only from same origin that main page.
To overcome this issue, we attempt to load harp-decoders.js
by converting it to Blob
. This
requires, that CSP policy of your page allows loading workers from blob:
URLs.harp.js: Unable to determine location of three(.min).js
As noted above, harp.gl
tries to find URL of three.js
so URL can loaded in web-workers.
If for some reason you don't have three.js
script in your DOM, you can tell harp.gl
where
to find like this:
harp.WorkerLoader.dependencyUrlMapping.three = "https://unpkg.com/three/build/three.min.js";
Refused to create a worker from 'blob:http://...' because it violates the following Content Security Policy ...
As noted above, if harp.js
and harp-decoders.js
is loaded from other domain (like CDN), we try
to load script into Blob
and then execute worker from blob-url. For this mechanism to work, your
CSP policy for worker-src
and/or child-src
should allow blob:
origin. blob:
origin is
enabled by default, but if for some reason it's not the case, you can re-enable it with
following snippet:
<meta http-equiv="Content-Security-Policy" content="worker-src 'self' blob:" />
If for some reason, you cannot change CSP policy of your app to allow blob:
worker-source, you
have to load harp-decoders.js
(and possibly harp.js
) from same origin as your main page.
FAQs
JS Bundle containing all the functionality needed to render a map with harp.gl
The npm package @here/harp.gl receives a total of 136 weekly downloads. As such, @here/harp.gl popularity was classified as not popular.
We found that @here/harp.gl demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.