Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
flatgeobuf
Advanced tools
A performant binary encoding for geographic data based on flatbuffers that can hold a collection of Simple Features including circular interpolations as defined by SQL-MM Part 3.
Inspired by geobuf and flatbush. Deliberately does not support random writes for simplicity and to be able to cluster the data on a packed Hilbert R-Tree enabling fast bounding box spatial filtering. The spatial index is optional to allow the format to be efficiently written as a stream, support appending, and for use cases where spatial filtering is not needed.
Goals are to be suitable for large volumes of static data, significantly faster than legacy formats without size limitations for contents or metainformation and to be suitable for streaming/random access.
The site switchfromshapefile.org has more in depth information about the problems of legacy formats and provides some alternatives but acknowledges that the current alternatives has some drawbacks on their own, for example they are not suitable for streaming.
FlatGeobuf is open source under the BSD 2-Clause License.
The fourth byte in the magic bytes indicates major specification version. The last byte of the magic bytes indicate patch level. Patch level is backwards compatible so an implementation for a major version should accept any patch level version.
Any 64-bit flatbuffer value contained anywhere in the file (for example coordinates) is aligned to 8 bytes to from the start of the file or feature to allow for direct memory access.
Encoding of any string value is assumed to be UTF-8.
A changelog of the specification is available here.
I recommend these blog posts by Horace Williams provides more details and explanations:
Preliminary performance tests has been done using road data from OSM for Denmark in SHP format from download.geofabrik.de, containing 906602 LineString features with a set of attributes.
Shapefile | GeoPackage | FlatGeobuf | GeoJSON | GML | |
---|---|---|---|---|---|
Read full dataset | 1 | 1.02 | 0.46 | 15 | 8.9 |
Read w/spatial filter | 1 | 0.94 | 0.71 | 705 | 399 |
Write full dataset | 1 | 0.77 | 0.39 | 3.9 | 3.2 |
Write w/spatial index | 1 | 1.58 | 0.65 | - | - |
Size | 1 | 0.72 | 0.77 | 1.2 | 2.1 |
The test was done using GDAL implementing FlatGeobuf as a driver and measurements for repeated reads using loops of ogrinfo -qq -oo VERIFY_BUFFERS=NO
runs and measurements for repeated writes was done with ogr2ogr
conversion from the original to a new file with -lco SPATIAL_INDEX=NO
and -lco SPATIAL_INDEX=YES
respectively.
Note that for the test with spatial filter a small bounding box was chosen resulting in only 1204 features. The reason for this is to primarily test the spatial index search performance.
As performance is highly data dependent I've also made similar tests on a larger dataset with Danish cadastral data consisting of 2511772 Polygons with extensive attribute data.
Shapefile | GeoPackage | FlatGeobuf | |
---|---|---|---|
Read full dataset | 1 | 0.23 | 0.12 |
Read w/spatial filter | 1 | 0.31 | 0.26 |
Write full dataset | 1 | 0.95 | 0.63 |
Write w/spatial index | 1 | 1.07 | 0.70 |
Size | 1 | 0.77 | 0.95 |
If you're accessing a FlatGeobuf file over HTTP, consider using a CDN to minimize latency.
In particular, when using the spatial filter to get a subset of features, multiple requests will be made. Often round-trip latency, rather than throughput, is the limiting factor. A caching CDN can be especially helpful here.
Fetching a subset of a file over HTTP utilizes Range requests. If the page
accessing the FGB is hosted on a different domain from the CDN, Cross
Origin policy
applies, and the required Range
header will induce an OPTIONS
(preflight)
request.
Popular CDNs, like Cloudfront, support Range Requests, but don't cache the requisite preflight OPTIONS requests by default. Consider enabling OPTIONS request caching . Without this, the preflight authorization request could be much slower than necessary.
See this example for a minimal how to depend on and use the flatgeobuf npm package.
It does not align on 8 bytes so it not always possible to consume it without copying first.
Performance reasons and to allow streaming/random access.
Separation of concerns and to allow random access.
Default behaviour is to assume untrusted data and verify buffer integrity for safety. If you have trusted data and want maximum performance make sure to set the open option VERIFY_BUFFERS to NO.
FlatGeobuf does not aim to compete with MapBox Vector Tiles. MVTs are great for rendering but they are relatively expensive to create and is a lossy format, where as FlatGeobuf is lossless and very fast to write especially if a spatial index is not needed.
See https://github.com/flatgeobuf/flatgeobuf/issues/244 for root cause and workaround.
Currently it likely does not but could in the future, see https://github.com/flatgeobuf/flatgeobuf/discussions/260.
FAQs
A performant binary encoding for geographic data
The npm package flatgeobuf receives a total of 2,445 weekly downloads. As such, flatgeobuf popularity was classified as popular.
We found that flatgeobuf demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.