
Security News
Cline CLI npm Package Compromised via Suspected Cache Poisoning Attack
A compromised npm publish token was used to push a malicious postinstall script in cline@2.3.0, affecting the popular AI coding agent CLI with 90k weekly downloads.
@terrestris/vectortiles
Advanced tools
A simple library that makes use of free available world-wide terrestris vectortiles in MapBox MVT format from OpenStreetMap data
A simple library that makes use of free available world-wide terrestris vectortiles in MapBox MVT format from OpenStreetMap data.
The main method getOSMLayer creates an openlayers VectorTile Layer, which you
can use straight in your openlayers application.

A simple demonstration application can be found here:
https://demo.terrestris.de/democlient/index.html
Install the module e.g. by
npm i @terrestris/vectortiles
Then, in your code, import as follows:
import terrestrisVectorTiles from '@terrestris/vectortiles';
Then you can create the OSM-VectorTile layer by calling
const layer = new terrestrisVectorTiles();
or with custom configuration and style:
const layer = new terrestrisVectorTiles({
declutter: false,
usePlacesLabels: false,
style_roads: [{
...
}]
});
FAQs
A simple library that makes use of free available world-wide terrestris vectortiles in MapBox MVT format from OpenStreetMap data
We found that @terrestris/vectortiles demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 17 open source maintainers collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
A compromised npm publish token was used to push a malicious postinstall script in cline@2.3.0, affecting the popular AI coding agent CLI with 90k weekly downloads.

Product
Socket is now scanning AI agent skills across multiple languages and ecosystems, detecting malicious behavior before developers install, starting with skills.sh's 60,000+ skills.

Product
Socket now supports PHP with full Composer and Packagist integration, enabling developers to search packages, generate SBOMs, and protect their PHP dependencies from supply chain threats.