Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
The shapefile npm package is used for reading and parsing shapefiles, which are a popular geospatial vector data format for geographic information system (GIS) software. This package allows you to read shapefiles and convert them into GeoJSON format, making it easier to work with geospatial data in JavaScript applications.
Reading Shapefiles
This feature allows you to read a shapefile and log its contents. The code opens a shapefile, reads its records, and logs each record to the console.
const shapefile = require('shapefile');
shapefile.open("path/to/shapefile.shp")
.then(source => source.read()
.then(function log(result) {
if (result.done) return;
console.log(result.value);
return source.read().then(log);
}))
.catch(error => console.error(error));
Converting Shapefiles to GeoJSON
This feature allows you to convert a shapefile directly to GeoJSON format. The code reads a shapefile and converts its contents to GeoJSON, which is then logged to the console.
const shapefile = require('shapefile');
shapefile.read("path/to/shapefile.shp")
.then(geojson => console.log(JSON.stringify(geojson)))
.catch(error => console.error(error));
shpjs is a JavaScript library for reading shapefiles in the browser. It can read both .shp and .dbf files and convert them to GeoJSON. Compared to shapefile, shpjs is more focused on client-side usage and is suitable for web applications that need to handle shapefiles directly in the browser.
Terraformer is a modular toolkit for working with geographic data in JavaScript. It includes tools for reading and writing GeoJSON, as well as converting between different geospatial formats. While it does not specifically focus on shapefiles, it provides a broader set of tools for geospatial data manipulation compared to shapefile.
gdal (Geospatial Data Abstraction Library) is a powerful library for reading and writing raster and vector geospatial data formats. The gdal npm package provides bindings to the GDAL library, allowing you to work with a wide range of geospatial data formats, including shapefiles. It is more comprehensive and feature-rich compared to shapefile, but also more complex to use.
In Node:
var shapefile = require("shapefile");
shapefile.open("example.shp")
.then(source => source.read()
.then(function log(result) {
if (result.done) return;
console.log(result.value);
return source.read().then(log);
}))
.catch(error => console.error(error.stack));
In a browser:
<!DOCTYPE html>
<script src="https://unpkg.com/shapefile@0.5"></script>
<script>
shapefile.open("https://cdn.rawgit.com/mbostock/shapefile/master/test/points.shp")
.then(source => source.read()
.then(function log(result) {
if (result.done) return;
console.log(result.value);
return source.read().then(log);
}))
.catch(error => console.error(error.stack));
</script>
This parser implementation is based on the ESRI Shapefile Technical Description and dBASE Table File Format. Caveat emptor: this is a work in progress and does not currently support all shapefile geometry types. It only supports dBASE III and has little error checking. Please contribute if you want to help!
# shapefile.open(shp[, dbf[, options]]) <>
Returns a promise that yields an open shapefile source.
If typeof shp is “string”, opens the shapefile at the specified shp path. If shp does not have a “.shp” extension, it is implicitly added. If shp instanceof ArrayBuffer or shp instanceof Uint8Array, reads the specified in-memory shapefile. Otherwise, shp must be a Node readable stream in Node or a WhatWG standard readable stream in browsers.
If typeof dbf is “string”, opens the dBASE file at the specified dbf path. If dbf does not have a “.dbf” extension, it is implicitly added. If dbf instanceof ArrayBuffer or dbf instanceof Uint8Array, reads the specified in-memory dBASE file. If dbf is undefined and shp is a string, then dbf defaults to shp with the “.shp” extension replaced with “.dbf”; in this case, no error is thrown if there is no dBASE file at the resulting implied dbf. If dbf is undefined and shp is not a string, or if dbf is null, then no dBASE file is read, and the resulting GeoJSON features will have empty properties. Otherwise, dbf must be a Node readable stream in Node or a WhatWG standard readable stream in browsers.
If typeof shp or dbf is “string”, in Node, the files are read from the file system; in browsers, the files are read using streaming fetch, if available, and falling back to XMLHttpRequest. See path-source for more.
The follwing options are supported:
encoding
- the dBASE character encoding; defaults to “windows-1252”highWaterMark
- in Node, the size of the stream’s internal buffer; defaults to 65536# shapefile.read(shp[, dbf[, options]]) <>
Returns a promise that yields a GeoJSON feature collection for specified shapefile shp and dBASE table file dbf. The meaning of the arguments is the same as shapefile.open. This is a convenience API for reading an entire shapefile in one go; use this method if you don’t mind putting the whole shapefile in memory. The yielded collection has a bbox property representing the bounding box of all records in this shapefile. The bounding box is specified as [xmin, ymin, xmax, ymax], where x and y represent longitude and latitude in spherical coordinates.
# source.bbox
The shapefile’s bounding box [xmin, ymin, xmax, ymax], where x and y represent longitude and latitude in spherical coordinates.
Returns a Promise for the next record from the underlying stream. The yielded result is an object with the following properties:
value
- a GeoJSON feature, or undefined if the stream endeddone
- a boolean which is true if the stream endedReturns a Promise which is resolved when the underlying stream has been destroyed.
FAQs
An implementation of the shapefile (.shp) spatial data format.
We found that shapefile demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.