Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@mapbox/geojsonhint
Advanced tools
A lint tool for the GeoJSON standard. geojsonhint is written to the standard, with no missing or additional opinions about structure.
Thanks to jsonlint-lines
, GeoJSON that is also not valid JSON
can return informative, line-oriented parsing errors.
The basis of this tool is the published GeoJSON specification.
errors = geojsonhint.hint(string or object, options)
Lint a file, given as a string or object. This call detects all aberrations from the GeoJSON standards and returns them as an array of errors. An example of the output:
[{
"message": "\"features\" property should be an array, but is an object instead",
"line": 1
}]
The options argument is optional. It has these options:
noDuplicateMembers
.
By default, geojsonhint will treat repeated properties as an error: you can set noDuplicateMembers to false to allow them. For instance:
geojsonhint.hint('{"type":"invalid","type":"Feature","properties":{},"geometry":null}', {
noDuplicateMembers: false
});
The repeated type
property in this input will be ignored with the option,
and flagged without it.
precisionWarning
.
GeoJSON now recommends six decimal places of accuracy for coordinates (Section 11.2). This option adds a warning message when coordinates contain over 6 decimal places of accuracy, up to 10 coordinates before the warning message is truncated for performance.
geojsonhint.hint('{ "type": "Point", "coordinates": [100.0000000001, 5.0000000001] }', {
precisionWarning: false
});
With this option enabled, geojsonhint will produce these warnings:
[{
line: 1,
level: 'message',
message: 'precision of coordinates should be reduced'
}, {
line: 1,
level: 'message',
message: 'precision of coordinates should be reduced'
}]
Without this option, this input will pass without errors.
Note that the GeoJSON can be given as a string or as an object. Here's how to choose which input to use:
string
inputs receive line numbers for each error. These make errors
easier to track down if the GeoJSON is hand-written.object
inputs don't have line numbers but are evaluated faster, by up to 10x.
GeoJSONHint is very fast already so unless you have identified it as a
bottleneck in your application, don't prematurely optimize based
on this fact.If you're really trying to save space and don't care about JSON validity errors -
only GeoJSON errors - you can require('geojsonhint/lib/object')
to get a version
of this library that bypasses jsonlint-lines and provides only the object
interface.
npm (node.js, browserify, webpack, etc)
npm install --save geojsonhint
CDN / script tag
Hit this URL to resolve to the latest pinned version.
https://unpkg.com/geojsonhint@latest/geojsonhint.js
Install:
npm install -g geojsonhint
➟ geojsonhint
Usage: geojsonhint FILE.geojson
Options:
--json output json-formatted data for hints
➟ geojsonhint test.geojson
line 9, each element in a position must be a number
npm test
npm run build
2.0.0
This is the first stable release of geojsonhint that supports the IETF GeoJSON standard
FAQs
validate and sanity-check geojson files
The npm package @mapbox/geojsonhint receives a total of 7,127 weekly downloads. As such, @mapbox/geojsonhint popularity was classified as popular.
We found that @mapbox/geojsonhint demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 28 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.