Gathering detailed insights and metrics for @mapbox/mapbox-gl-draw
Gathering detailed insights and metrics for @mapbox/mapbox-gl-draw
Installations
npm install @mapbox/mapbox-gl-drawDeveloper
Developer Guide
BETA
Module System
CommonJS, UMD
Min. Node Version
Typescript Support
No
Node Version
14.21.3
NPM Version
9.5.1
Statistics
958 Stars
1,448 Commits
592 Forks
133 Watching
16 Branches
631 Contributors
Updated on 26 Nov 2024
Languages
JavaScript (98.65%)
HTML (1.35%)
Total Downloads
Cumulative downloads
Total Downloads
31,037,070
Last day
-17.4%
39,921
Compared to previous day
Last week
-0.1%
222,271
Compared to previous week
Last month
7.5%
929,142
Compared to previous month
Last year
13.6%
10,751,957
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
7
Dev Dependencies
27
stnyctapesinoneslintopenerrollup@babel/corenpm-run-allmock-browser@turf/centroid@babel/register@turf/bbox-clip@babel/preset-env@mapbox/cloudfriend@rollup/plugin-json@babel/eslint-parser@rollup/plugin-bubleeslint-plugin-importrollup-plugin-tersersynthetic-dom-eventsbabel-plugin-istanbuleslint-config-mourner@rollup/plugin-replace@rollup/plugin-commonjs@rollup/plugin-node-resolve@mapbox/mapbox-gl-draw-static-mode
Versions
@mapbox/mapbox-gl-draw
Adds support for drawing and editing features on mapbox-gl.js maps. See a live example here
Requires mapbox-gl-js.
If you are developing with mapbox-gl-draw, see API.md for documentation.
Installing
npm install @mapbox/mapbox-gl-draw
Draw ships with CSS, make sure you include it in your build.
Usage in your application
JavaScript
When using modules
1import mapboxgl from 'mapbox-gl'; 2import MapboxDraw from "@mapbox/mapbox-gl-draw";
When using a CDN
1<script src='https://api.mapbox.com/mapbox-gl-js/plugins/mapbox-gl-draw/v1.4.3/mapbox-gl-draw.js'></script>
CSS
When using modules
1import '@mapbox/mapbox-gl-draw/dist/mapbox-gl-draw.css'
When using CDN
1<link rel='stylesheet' href='https://api.mapbox.com/mapbox-gl-js/plugins/mapbox-gl-draw/v1.4.3/mapbox-gl-draw.css' type='text/css' />
Typescript
Typescript definition files are available as part of the DefinitelyTyped package.
npm install @types/mapbox__mapbox-gl-draw
Example usage
1mapboxgl.accessToken = 'YOUR_ACCESS_TOKEN';
2
3var map = new mapboxgl.Map({
4 container: 'map',
5 style: 'mapbox://styles/mapbox/streets-v12',
6 center: [40, -74.50],
7 zoom: 9
8});
9
10var Draw = new MapboxDraw();
11
12// Map#addControl takes an optional second argument to set the position of the control.
13// If no position is specified the control defaults to `top-right`. See the docs
14// for more details: https://docs.mapbox.com/mapbox-gl-js/api/#map#addcontrol
15
16map.addControl(Draw, 'top-left');
17
18map.on('load', function() {
19 // ALL YOUR APPLICATION CODE
20});https://www.mapbox.com/mapbox-gl-js/example/mapbox-gl-draw/
See API.md for complete reference.
Enhancements and New Interactions
For additional functionality check out our list of custom modes.
Mapbox Draw accepts functionality changes after the functionality has been proven out via a custom mode. This lets users experiment and validate their mode before entering a review process, hopefully promoting innovation. When you write a custom mode, please open a PR adding it to our list of custom modes.
Developing and testing
Install dependencies, build the source files and crank up a server via:
git clone git@github.com:mapbox/mapbox-gl-draw.git
npm ci
npm start & open "http://localhost:9967/debug/?access_token=<token>"
Testing
npm run test
Publishing
To GitHub and NPM:
npm version (major|minor|patch)
git push --tags
git push
npm publish
To CDN:
# make sure you are authenticated for AWS
git checkout v{x.y.z}
npm ci
npm run prepublish
aws s3 cp --recursive --acl public-read dist s3://mapbox-gl-js/plugins/mapbox-gl-draw/v{x.y.z}
Update the version number in the GL JS example.
Naming actions
We're trying to follow standards when naming things. Here is a collection of links where we look for inspiration.
No vulnerabilities found.
Reason
29 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: ISC License: LICENSE:0
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/mapbox/.github/SECURITY.md:1
- Info: Found linked content: github.com/mapbox/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/mapbox/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/mapbox/.github/SECURITY.md:1
Reason
SAST tool is run on all commits
Details
- Info: all commits (30) are checked with a SAST tool
Reason
3 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
Reason
branch protection is not maximal on development and all release branches
Details
- Info: 'allow deletion' disabled on branch 'main'
- Info: 'force pushes' disabled on branch 'main'
- Warn: 'branch protection settings apply to administrators' is disabled on branch 'main'
- Warn: 'stale review dismissal' is disabled on branch 'main'
- Warn: required approving review count is 1 on branch 'main'
- Warn: codeowners review is not required on branch 'main'
- Warn: 'last push approval' is disabled on branch 'main'
- Info: status check found to merge onto on branch 'main'
- Info: PRs are required in order to make changes on branch 'main'
Reason
dependency not pinned by hash detected -- score normalized to 4
Details
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/dependabot.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/mapbox/mapbox-gl-draw/dependabot.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/mapbox/mapbox-gl-draw/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/mapbox/mapbox-gl-draw/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/mapbox/mapbox-gl-draw/main.yml/main?enable=pin
- Info: 0 out of 3 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 1 out of 1 npmCommand dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: topLevel permissions set to 'write-all': .github/workflows/dependabot.yml:4
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Score
6.7
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More