Security News
Another Round of TEA Protocol Spam Floods npm, But It’s Not a Worm
Recent coverage mislabels the latest TEA protocol spam as a worm. Here’s what’s actually happening.
By Philipp Burckhardt - Nov 14, 2025
dirty-reprojectors
Advanced tools
Dirty Reprojectors
Quick and dirty re-projections to trick your web maps out of web mercator.
Install
npm install -g dirty-reprojectors
Usage
CLI
cat input.geojson | dirty-reproject --forward PROJECTION [--reverse PROJECTION=mercator] > output.geojson
Example: to reproject some geojson so that web mapping libraries will render it looking like 'albersUsa':
cat input.geojson | dirty-reproject --forward albersUsa > output.geojson
For a list of supported projections, dirty-reproject --list
API
reproject
Reprojects the given geometry coordinate array in place, with
unprojectable points or degenerate geometries removed. If both
options.forward and options.reverse are supplied, then forward is
performed first.
Parameters
optionsObjectoptions.forward(Function | string)? The forward projection to use.options.reverse(Function | string)? The reverse projection to use.options.projectionsObject? A map of named projections to use. If provided, then string values ofoptions.forwardoroptions.reversewill be used as keys to look up the projection function inoptions.projections. For an extensive list provided by d3-geo-projection, userequire('dirty-reprojectors/projections').
coordinatesArray
How it works
Take, for example:
cat input.geojson | dirty-reproject --forward albersUsa > output.geojson
What this actually does is:
- Project
input.geojsonfrom WGS 84 (longitude/latitude) intoalbersUsa, with the target coordinates scaled to match the dimensions of Web Mercator. - Reverse-project the result back to WGS84 as if it had been projected with Web Mercator. So now, when your favorite web mapping library tries to project it into mercator, the geometries end up looking like they were projected using Albers.
The main catch is that if you actually look at the longitude/latitude
coordinates in output.geojson, they are totally wrong. (There are other,
subtler catches, too, having to do with Web Mercator's limited latitude range,
varying loss of precision, and probably many other nuances I am not aware of.)
Credits
- Inspired by this trick
- All the heavy lifting here is thanks to Mike Bostock's excellent d3-geo and de-geo-projection
FAQs
make different projections
We found that dirty-reprojectors demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 01 Apr 2019
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
PyPI Expands Trusted Publishing to GitLab Self-Managed as Adoption Passes 25 Percent
PyPI adds Trusted Publishing support for GitLab Self-Managed as adoption reaches 25% of uploads
By Sarah Gooding - Nov 14, 2025
Research
/Security News
Malicious Chrome Extension Exfiltrates Seed Phrases, Enabling Wallet Takeover
A malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions, enabling full wallet takeover.
By Kirill Boychenko - Nov 12, 2025