Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Geobuf is a compact binary encoding for geographic data.
Geobuf provides nearly lossless compression of GeoJSON data into protocol buffers. Advantages over using GeoJSON alone:
The encoding format also potentially allows:
Think of this as an attempt to design a simple, modern Shapefile successor that works seamlessly with GeoJSON. Unlike Mapbox Vector Tiles, it aims for nearly lossless compression of datasets — without tiling, projecting coordinates, flattening geometries or stripping properties.
Note that the encoding schema is not stable yet — it may still change as we get community feedback and discover new ways to improve it.
"Nearly" lossless means coordinates are encoded with precision of 6 digits after the decimal point (about 10cm).
Data | JSON | JSON (gz) | Geobuf | Geobuf (gz) |
---|---|---|---|---|
US zip codes | 101.85 MB | 26.67 MB | 12.24 MB | 10.48 MB |
Idaho counties | 10.92 MB | 2.57 MB | 1.37 MB | 1.17 MB |
var buffer = geobuf.encode(geojson, new Pbf());
Given a GeoJSON object and a Pbf object to write to,
returns a Geobuf as UInt8Array
array of bytes.
In Node@4.5.0 or later, you can use Buffer.from
to convert back to a buffer.
var geojson = geobuf.decode(new Pbf(data));
Given a Pbf object with Geobuf data, return a GeoJSON object. When loading Geobuf data over XMLHttpRequest
, you need to set responseType
to arraybuffer
.
Node and Browserify:
npm install geobuf
Browser build CDN links:
Building locally:
npm install
npm run build-dev # dist/geobuf-dev.js (development build)
npm run build-min # dist/geobuf.js (minified production build)
npm install -g geobuf
Installs these nifty binaries:
geobuf2json
: turn Geobuf from stdin
or specified file to GeoJSON on stdout
json2geobuf
: turn GeoJSON from stdin
or specified file to Geobuf on stdout
shp2geobuf
: given a Shapefile filename, send Geobuf on stdout
json2geobuf data.json > data.pbf
shp2geobuf myshapefile > data.pbf
geobuf2json data.pbf > data.json
Note that for big files, geobuf2json
command can be pretty slow, but the bottleneck is not the decoding,
but the native JSON.stringify
on the decoded object to pipe it as a string to stdout
.
On some files, this step may take 40 times more time than actual decoding.
id
3.0.2
shp2geobuf
binary.Point
features with implicitly encoded type.FAQs
Compact binary encoding for geographic data
The npm package geobuf receives a total of 102,551 weekly downloads. As such, geobuf popularity was classified as popular.
We found that geobuf demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 62 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.