Gathering detailed insights and metrics for @deck.gl/react
Gathering detailed insights and metrics for @deck.gl/react
Installations
npm install @deck.gl/reactDeveloper
Developer Guide
BETA
Module System
ESM
Min. Node Version
Typescript Support
Yes
Node Version
18.20.5
NPM Version
lerna/8.1.2/node@v18.20.5+x64 (linux)
Statistics
12,293 Stars
5,019 Commits
2,088 Forks
1,669 Watching
82 Branches
257 Contributors
Updated on 28 Nov 2024
Bundle Size
4.72 kB
Minified
1.88 kB
Minified + Gzipped
Languages
TypeScript (70.94%)
JavaScript (16.82%)
Python (4.86%)
HTML (3.86%)
Jupyter Notebook (1.83%)
CSS (1.32%)
Makefile (0.13%)
Shell (0.09%)
MDX (0.06%)
Dockerfile (0.04%)
Jinja (0.04%)
Total Downloads
Cumulative downloads
Total Downloads
22,422,300
Last day
-18.1%
28,456
Compared to previous day
Last week
-2.5%
175,438
Compared to previous week
Last month
8.1%
748,521
Compared to previous month
Last year
19.7%
7,049,117
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Peer Dependencies
3
Dev Dependencies
4
Versions
deck.gl | Website
GPU-powered, highly performant large-scale data visualization
deck.gl is designed to simplify high-performance, WebGL2/WebGPU based visualization of large data sets. Users can quickly get impressive visual results with minimal effort by composing existing layers, or leverage deck.gl's extensible architecture to address custom needs.
deck.gl maps data (usually an array of JSON objects) into a stack of visual layers - e.g. icons, polygons, texts; and look at them with views: e.g. map, first-person, orthographic.
deck.gl handles a number of challenges out of the box:
- Performant rendering and updating of large data sets
- Interactive event handling such as picking, highlighting and filtering
- Cartographic projections and integration with major basemap providers
- A catalog of proven, well-tested layers
Deck.gl is designed to be highly customizable. All layers come with flexible APIs to allow programmatic control of each aspect of the rendering. All core classes such are easily extendable by the users to address custom use cases.
Flavors
Script Tag
1<script src="https://unpkg.com/deck.gl@latest/dist.min.js"></script>
NPM Module
1npm install deck.gl
Pure JS
React
Python
1pip install pydeck
Third-Party Goodies
- deckgl-typings (Typescript)
- mapdeck (R)
- vega-deck.gl (Vega)
- earthengine-layers (Google Earth Engine)
- deck.gl-native (C++)
- deck.gl-raster (Computation on rasters)
Learning Resources
- API documentation for the latest release
- Website demos with links to source
- Interactive playground
- deck.gl Codepen demos
- deck.gl Observable demos
- vis.gl Medium blog
- deck.gl Slack workspace
Contributing
deck.gl is part of vis.gl, an OpenJS Foundation project. Read the contribution guidelines if you are interested in contributing.
Attributions
Data sources
Data sources are listed in each example.
The deck.gl project is supported by
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
29 out of 29 merged PRs checked by a CI test -- score normalized to 10
Reason
40 different organizations found -- score normalized to 10
Details
- Info: contributors work for 42Zavattas,4ML-platform,Alhambra-bits,CartoDB,CodeLabs-Hubble-gl,FPGAwars,GeographicaGS,Indi-Quantum-Community,KeyCode-105,SIGSEV,SkinsBazaar,ViewBlock,action engine,aframevr,americanpanorama,carto,cartodb,cloudnativegeo,cogeotiff,conda-forge,datadog,developmentseed,foursquare,fsq,geoarrow,geopolars,georust,helmholtz zentrum,hubmapconsortium,instagram,joby,nst-guide,open-redist,openleap,pmndrs,refinery-platform,threejs,uber,universität stuttgart,w3c
Reason
no dangerous workflow patterns detected
Reason
update tool detected
Details
- Info: tool 'Dependabot' is used: :0
Reason
license file detected
Details
- Info: License file found in expected location: LICENSE:1
- Info: FSF or OSI recognized license: LICENSE:1
Reason
30 commit(s) out of 30 and 14 issue activity out of 30 found in the last 90 days -- score normalized to 10
Reason
security policy file detected
Details
- Info: security policy file detected: .github/SECURITY.md:1
- Info: Found linked content: .github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: .github/SECURITY.md:1
- Info: Found text in security policy: .github/SECURITY.md:1
Reason
found 1 unreviewed changesets out of 22 -- score normalized to 9
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
- Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating node:8.9.0 to node:8.9.0@sha256:ae75ba3568f2c3d93b0952bd1a1888434bbd6e2ea8c907aa57836958be688cef
- Warn: containerImage not pinned by hash: bindings/pydeck/tests/dev-containers/jupyterlab/Dockerfile:1: pin your Docker image by updating jupyter/minimal-notebook:latest to jupyter/minimal-notebook:latest@sha256:1c4c8b6c7c27059c353d4e80523c2696e34723fde67d27418873ebeb42032551
- Warn: containerImage not pinned by hash: bindings/pydeck/tests/dev-containers/jupyternb/Dockerfile:1: pin your Docker image by updating jupyter/minimal-notebook:latest to jupyter/minimal-notebook:latest@sha256:1c4c8b6c7c27059c353d4e80523c2696e34723fde67d27418873ebeb42032551
- Warn: pipCommand not pinned by hash: bindings/pydeck/tests/dev-containers/jupyterlab/Dockerfile:16-22
- Warn: pipCommand not pinned by hash: bindings/pydeck/tests/dev-containers/jupyterlab/Dockerfile:16-22
- Warn: pipCommand not pinned by hash: bindings/pydeck/tests/dev-containers/jupyterlab/Dockerfile:16-22
- Warn: pipCommand not pinned by hash: bindings/pydeck/tests/dev-containers/jupyterlab/Dockerfile:16-22
- Warn: pipCommand not pinned by hash: bindings/pydeck/tests/dev-containers/jupyternb/Dockerfile:16-20
- Warn: pipCommand not pinned by hash: bindings/pydeck/tests/dev-containers/jupyternb/Dockerfile:16-20
- Warn: pipCommand not pinned by hash: bindings/pydeck/tests/dev-containers/jupyternb/Dockerfile:16-20
- Info: 13 out of 13 GitHub-owned GitHubAction dependencies pinned
- Info: 3 out of 3 third-party GitHubAction dependencies pinned
- Info: 0 out of 3 containerImage dependencies pinned
- Info: 0 out of 7 pipCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no OSSFuzz integration found: Follow the steps in https://github.com/google/oss-fuzz to integrate fuzzing for your project. Over time, try to add fuzzing for more functionalities of your project. (High effort)
- Warn: no OneFuzz integration found: Follow the steps in https://github.com/microsoft/onefuzz to start fuzzing for your project. Over time, try to add fuzzing for more functionalities of your project. (High effort)
- Warn: no GoBuiltInFuzzer integration found: Follow the steps in https://go.dev/doc/fuzz/ to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
- Warn: no PythonAtherisFuzzer integration found: Follow the steps in https://github.com/google/atheris to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
- Warn: no CLibFuzzer integration found: Follow the steps in https://llvm.org/docs/LibFuzzer.html to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
- Warn: no CppLibFuzzer integration found: Follow the steps in https://llvm.org/docs/LibFuzzer.html to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
- Warn: no SwiftLibFuzzer integration found: Follow the steps in https://google.github.io/oss-fuzz/getting-started/new-project-guide/swift-lang/ to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
- Warn: no RustCargoFuzzer integration found: Follow the steps in https://rust-fuzz.github.io/book/cargo-fuzz.html to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
- Warn: no JavaJazzerFuzzer integration found: Follow the steps in https://github.com/CodeIntelligenceTesting/jazzer to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
- Warn: no ClusterFuzzLite integration found: Follow the steps in https://github.com/google/clusterfuzzlite to integrate fuzzing as part of CI. Over time, try to add fuzzing for more functionalities of your project. (High effort)
- Warn: no HaskellPropertyBasedTesting integration found: Use one of the following frameworks to fuzz your project: QuickCheck: https://hackage.haskell.org/package/QuickCheck hedgehog: https://hedgehog.qa/ validity: https://github.com/NorfairKing/validity smallcheck: https://hackage.haskell.org/package/smallcheck hspec: https://hspec.github.io/ tasty: https://hackage.haskell.org/package/tasty (High effort)
- Warn: no TypeScriptPropertyBasedTesting integration found: Use fast-check: https://github.com/dubzzz/fast-check (High effort)
- Warn: no JavaScriptPropertyBasedTesting integration found: Use fast-check: https://github.com/dubzzz/fast-check (High effort)
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 29 are checked with a SAST tool
- Warn: CodeQL tool not detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/release.yml:1: Visit https://app.stepsecurity.io/secureworkflow/visgl/deck.gl/release.yml/master?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:35: Verify which permissions are needed and consider whether you can reduce them. (High effort)
- Info: topLevel 'contents' permission set to 'read': .github/workflows/scorecard.yml:19
- Info: topLevel 'contents' permission set to 'read': .github/workflows/test.yml:11
- Warn: jobLevel 'checks' permission set to 'write': .github/workflows/test.yml:17: Verify which permissions are needed and consider whether you can reduce them. (High effort)
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/test.yml:18
- Warn: no topLevel permission defined: .github/workflows/website.yml:1: Visit https://app.stepsecurity.io/secureworkflow/visgl/deck.gl/website.yml/master?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/website.yml:26: Verify which permissions are needed and consider whether you can reduce them. (High effort)
Reason
25 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-g3rq-g295-4j3m / PYSEC-2021-66
- Warn: Project is vulnerable to: GHSA-h5c8-rqwp-cp95
- Warn: Project is vulnerable to: GHSA-h75v-3vvj-5mfj
- Warn: Project is vulnerable to: GHSA-5545-2q6w-2gh6 / PYSEC-2021-856
- Warn: Project is vulnerable to: GHSA-6p56-wp2h-9hxr
- Warn: Project is vulnerable to: GHSA-f7c7-j99h-c22f / PYSEC-2021-857
- Warn: Project is vulnerable to: GHSA-fpfv-jqm9-f5jm
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-w8qv-6jwh-64r5
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
- Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27
- Warn: Project is vulnerable to: GHSA-px4h-xg32-q955
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-w5p7-h5w8-2hfq
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
Score
6.3
/10
Last Scanned on 2024-11-27T16:01:03Z
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More