Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The vt-pbf npm package is used for encoding vector tiles into Protocol Buffers (PBF) format. This is particularly useful in the context of geographic information systems (GIS) and mapping applications, where vector tiles are used to efficiently transmit map data.
Encoding GeoJSON to PBF
This feature allows you to encode a GeoJSON object into a PBF format. The code sample demonstrates how to convert a simple GeoJSON object into a PBF buffer.
const vtPbf = require('vt-pbf');
const geojson = { "type": "FeatureCollection", "features": [ { "type": "Feature", "geometry": { "type": "Point", "coordinates": [102.0, 0.5] }, "properties": { "prop0": "value0" } } ] };
const pbf = vtPbf.fromGeojsonVt({ 'layerName': geojson });
console.log(pbf);
Encoding multiple layers
This feature allows you to encode multiple GeoJSON layers into a single PBF. The code sample demonstrates how to convert two GeoJSON objects into a PBF buffer with multiple layers.
const vtPbf = require('vt-pbf');
const geojson1 = { "type": "FeatureCollection", "features": [ { "type": "Feature", "geometry": { "type": "Point", "coordinates": [102.0, 0.5] }, "properties": { "prop0": "value0" } } ] };
const geojson2 = { "type": "FeatureCollection", "features": [ { "type": "Feature", "geometry": { "type": "LineString", "coordinates": [ [102.0, 0.0], [103.0, 1.0] ] }, "properties": { "prop1": "value1" } } ] };
const pbf = vtPbf.fromGeojsonVt({ 'layer1': geojson1, 'layer2': geojson2 });
console.log(pbf);
The geojson-vt package is used for slicing GeoJSON data into vector tiles on the fly in the browser or on the server. Unlike vt-pbf, which focuses on encoding data into PBF format, geojson-vt is more about creating vector tiles from GeoJSON data.
The mapbox-gl package is a powerful library for interactive, customizable vector maps on the web. While it includes functionality for handling vector tiles, it is a much broader library that includes rendering and interaction capabilities, unlike vt-pbf which is focused solely on encoding.
The mvt package is another library for working with Mapbox Vector Tiles (MVT). It provides tools for encoding and decoding MVT data. Compared to vt-pbf, mvt offers more comprehensive tools for both encoding and decoding vector tiles.
Serialize Mapbox vector tiles to binary protobufs in javascript.
As far as I know, the two places you might get a JS representation of a vector tile are geojson-vt and vector-tile-js. These both use slightly different internal representations, so serializing each looks slightly different:
var vtpbf = require('vt-pbf')
var VectorTile = require('@mapbox/vector-tile').VectorTile
var Protobuf = require('pbf')
var data = fs.readFileSync(__dirname + '/fixtures/rectangle-1.0.0.pbf')
var tile = new VectorTile(new Protobuf(data))
var orig = tile.layers['geojsonLayer'].feature(0).toGeoJSON(0, 0, 1)
var buff = vtpbf(tile)
fs.writeFileSync('my-tile.pbf', buff)
var vtpbf = require('vt-pbf')
var geojsonVt = require('geojson-vt')
var orig = JSON.parse(fs.readFileSync(__dirname + '/fixtures/rectangle.geojson'))
var tileindex = geojsonVt(orig)
var tile = tileindex.getTile(1, 0, 0)
// pass in an object mapping layername -> tile object
var buff = vtpbf.fromGeojsonVt({ 'geojsonLayer': tile })
fs.writeFileSync('my-tile.pbf', buff)
vtpbf.fromGeojsonVt
takes two arguments:
layerMap
is an object where keys are layer names and values are a geojson-vt tile,options
is an object (optional argument). There are 2 supported keys: version
to define the version of the mvt spec used and extent
to define the extent of the tile. version
defaults to 1 and extent
to 4096.FAQs
Serialize mapbox vector tiles to binary protobufs in javascript.
The npm package vt-pbf receives a total of 944,641 weekly downloads. As such, vt-pbf popularity was classified as popular.
We found that vt-pbf demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 36 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.