Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
@mapbox/cardboard
Advanced tools
Cardboard is a JavaScript library for managing the storage of GeoJSON features on an AWS backend. It relies on DynamoDB for indexing and small-feature storage, and S3 for large-feature storage. Cardboard provides functions to create, read, update, and delete single features or in batch, as well as simple bounding-box spatial query capabilities.
npm install cardboard
# or globally
npm install -g cardboard
Generate a client by passing the following configuration options to cardboard:
option | required | description |
---|---|---|
table | X | the name of the DynamoDB table to use |
region | X | the region containing the given DynamoDB table |
bucket | X | the name of an S3 bucket to use for large-object storage |
prefix | X | a folder prefix to use within the S3 bucket |
accessKeyId | AWS credentials | |
secretAccessKey | AWS credentials | |
sessionToken | AWS credentials | |
dyno | a pre-configured dyno client to use for DynamoDB interactions | |
s3 | a pre-configured s3 client to use for S3 interactions |
Providing AWS credentials is optional. Cardboard depends on the AWS SDK for JavaScript, and so credentials can be provided in any way supported by that library. See configuring the SDK in Node.js for more configuration options.
If you provide a preconfigured dyno client, you do not need to specify table
and region
when initializing cardboard.
var Cardboard = require('cardboard');
var cardboard = Cardboard({
table: 'my-cardboard-table',
region: 'us-east-1',
bucket: 'my-cardboard-bucket',
prefix: 'test'
});
Once you've initialized the client, you can use it to create a table for you:
cardboard.createTable(callback);
You don't have to create the table each time; you can provide the name of a pre-existing table to your configuration options to use that table.
See api.md.
Most cardboard functions require you to specify a dataset
. This is a way of grouping sets of features within a single Cardboard table. It is similar in concept to "layers" in many other GIS systems, but there are no restrictions on the types of features that can be associated with each other in a single dataset
. Each feature managed by cardboard can only belong to one dataset
.
Features within a single dataset
must each have a unique id
. Cardboard uses a GeoJSON feature's top-level id
property to determine and persist the feature's identifier. If you provide a cardboard function with a GeoJSON feature that does not have an id
property, it will assign one for you, otherwise, it will use the id
that you provide. Be aware that inserting two features to a single dataset with the same id
value will result in only the last feature being persisted in cardboard.
Whenever dealing with individual GeoJSON features, cardboard will expect or return a GeoJSON object of type Feature
. In batch situations, or in any request that returns multiple features, cardboard will expect/return a FeatureCollection
.
As datasets become large, retrieving all the features they contain can become a prohibitively expensive / slow operation. Functions in cardboard that may return large numbers of features allow you to provide pagination options, allowing you to gather all the features in a single dataset through a series of consecutive requests.
Pagination options are an object with two properties:
option | type | description |
---|---|---|
maxFeatures | number | instructs cardboard to provide no more than this many features in a single .list() request |
start | string | [optional] instructs cardboard to begin providing results after the specified key. |
Cardboard will attempt to return maxFeatures
number of results per paginated request. However, if the individual features in the dataset are very large, or you've specifed maxFeatures
very high, cardboard may return fewer results. It will never return more than this number of features.
Once you've received a set of results, find the id of the last feature in the FeatureCollection, i.e.
var lastId = featureCollection.features.pop().id;
By using this as the start
option for the next request, cardboard will provide you with the next set of results.
You have received all the features when the request returns a FeatureCollection with no features in it.
var Cardboard = require('cardboard');
var cardboard = Cardboard({
table: 'my-cardboard-table',
region: 'us-east-1',
bucket: 'my-cardboard-bucket',
prefix: 'test'
});
var features = [];
getFeatures();
function getFeatures(start) {
var options = { maxFeatures: 10 };
if (start) options.start = start;
cardboard.list('my-dataset', options, function(err, featureCollection) {
if (err) throw err;
if (!featureCollection.features.length) return;
features = features.concat(featureCollection.features);
var lastId = featureCollection.features.pop().id;
getFeatures(lastId);
});
}
Metadata can be stored pertaining to each dataset in the cardboard table:
property | description |
---|---|
west | west-bound of dataset's extent |
south | south-bound of dataset's extent |
east | east-bound of dataset's extent |
north | north-bound of dataset's extent |
count | number of features in the dataset |
size | approximate size (in bytes) of the entire dataset |
updated | unix timestamp of the last update to this metadata record, |
minzoom | suggested minimum zoom for this dataset |
maxzoom | suggested maximum zoom for this dataset |
Use the cardboard.getDatasetInfo
function to retrieve a dataset's metadata. By default, dataset metadata is not updated incrementally as features are added, updated, or removed. The metadata record can be updated by calling cardboard.calculateDatasetInfo
. This operation gathers all the features in the dataset and recalculates the metadata cache.
cardboard.metadata.addFeature
, cardboard.metadata.updateFeature
, and cardboard.metadata.removeFeature
provide mechanisms to incrementally adjust metadata information on a per-feature basis. Note that these operations will only expand the extent information. If you've performed numerous deletes and need to contract the extent, use cardboard.calculateDatasetInfo
.
Cardboard retains the precision of a feature's coordinates to six decimal places.
FAQs
A library for storing and searching geographic features
We found that @mapbox/cardboard demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 14 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.