Gathering detailed insights and metrics for cesium
Gathering detailed insights and metrics for cesium
An open-source JavaScript library for world-class 3D globes and maps 🌎
Installations
npm install cesiumDeveloper Guide
BETA
Typescript
Yes
Module System
ESM
Min. Node Version
>=20.19.0
Node Version
20.19.2
NPM Version
11.4.2
Score
93.7
Supply Chain
80.5
Quality
96.5
Maintenance
100
Vulnerability
79.9
License
Releases
173
Languages
6
JavaScript
HTML
GLSL
CSS
TypeScript
Python
JavaScript (89.84%)
HTML (7.75%)
GLSL (2.13%)
CSS (0.22%)
TypeScript (0.04%)
Python (0.02%)
Developer
Download Statistics
Total Downloads
12,774,662
Last Day
2,584
Last Week
51,489
Last Month
231,694
Last Year
3,024,306
GitHub Statistics
Apache-2.0 License
13,877 Stars
42,227 Commits
3,624 Forks
479 Watchers
403 Branches
370 Contributors
Updated on Jul 08, 2025
Bundle Size
4.38 MB
Minified
1.18 MB
Minified + Gzipped
Maintainers
15
Package Meta Information
Latest Version
1.131.0
Package Id
cesium@1.131.0
Unpacked Size
97.10 MB
Size
25.35 MB
File Count
1,131
NPM Version
11.4.2
Node Version
20.19.2
Published on
Jul 01, 2025
Total Downloads
Cumulative downloads
Total Downloads
12,774,662
Last Day
-19.5%
2,584
Compared to previous day
Last Week
-11.9%
51,489
Compared to previous week
Last Month
-13.8%
231,694
Compared to previous month
Last Year
-15.8%
3,024,306
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
2
Dev Dependencies
47
@cesium/eslint-config@playwright/testchokidarcloccompressionesbuildeslinteslint-plugin-htmlexpressglobalsglobbyglsl-strip-commentsgulpgulp-clean-cssgulp-insertgulp-renamegulp-replacegulp-tapgulp-ziphuskyistanbul-lib-instrumentjasmine-corejsdockarmakarma-chrome-launcherkarma-coveragekarma-detect-browserskarma-edge-launcherkarma-firefox-launcherkarma-ie-launcherkarma-jasminekarma-longest-reporterkarma-safari-launcherkarma-sourcemap-loaderkarma-spec-reportermarkdownlint-climerge-streammkdirpnode-fetchopenprettierprismjsrequestrimraftsd-jsdoctypescriptyargs
CesiumJS
CesiumJS is a JavaScript library for creating 3D globes and 2D maps in a web browser without a plugin. It uses WebGL for hardware-accelerated graphics, and is cross-platform, cross-browser, and tuned for dynamic-data visualization.
Built on open formats, CesiumJS is designed for robust interoperability and scaling for massive datasets.
Examples :earth_asia: Docs :earth_americas: Website :earth_africa: Forum :earth_asia: User Stories
:rocket: Get started
Visit the Downloads page to download a pre-built copy of CesiumJS.
npm & yarn
If you’re building your application using a module bundler such as Webpack, Parcel, or Rollup, you can install CesiumJS via the cesium npm package:
1npm install cesium --save
Then, import CesiumJS in your app code. Import individual modules to benefit from tree shaking optimizations through most build tools:
1import { Viewer } from "cesium"; 2import "cesium/Build/Cesium/Widgets/widgets.css"; 3 4const viewer = new Viewer("cesiumContainer");
In addition to the cesium package, CesiumJS is also distributed as scoped npm packages for better dependency management:
@cesium/engine- CesiumJS's core, rendering, and data APIs@cesium/widgets- A widgets library for use with CesiumJS
What next?
See our Quickstart Guide for more information on getting a CesiumJS app up and running.
Instructions for serving local data are in the CesiumJS Offline Guide.
Interested in contributing? See CONTRIBUTING.md. :heart:
:green_book: License
Apache 2.0. CesiumJS is free for both commercial and non-commercial use.
:earth_americas: Where does the Global 3D Content come from?
The Cesium platform follows an open-core business model with open source runtime engines such as CesiumJS and optional commercial subscription to Cesium ion.
CesiumJS can stream 3D content such as terrain, imagery, and 3D Tiles from the commercial Cesium ion platform alongside open standards from other offline or online services. We provide Cesium ion as the quickest option for all users to get up and running, but you are free to use any combination of content sources with CesiumJS that you please.
Bring your own data for tiling, hosting, and streaming from Cesium ion. Using Cesium ion helps support CesiumJS development.
:white_check_mark: Features
- Stream in 3D Tiles and other standard formats from Cesium ion or another source
- Visualize and analyze on a high-precision WGS84 globe
- Share with users on desktop or mobile
See more in the CesiumJS Features Checklist.
Moderate
6.1/10
Summary
Cross-site Scripting in cesium
Affected Versions
<= 1.111.0
Reason
30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE.md:0
Reason
0 existing vulnerabilities detected
Reason
binaries present in source code
Details
- Warn: binary detected: Specs/TestWorkers/TestWasm/testWasm.wasm:1
- Warn: binary detected: packages/engine/Source/ThirdParty/basis_transcoder.wasm:1
Reason
Found 8/12 approved changesets -- score normalized to 6
Reason
branch protection is not maximal on development and all release branches
Details
- Info: 'allow deletion' disabled on branch 'main'
- Warn: 'force pushes' enabled on branch 'main'
- Warn: 'branch protection settings apply to administrators' is disabled on branch 'main'
- Warn: 'stale review dismissal' is disabled on branch 'main'
- Warn: required approving review count is 1 on branch 'main'
- Warn: codeowners review is not required on branch 'main'
- Warn: 'last push approval' is disabled on branch 'main'
- Warn: no status checks found to merge onto branch 'main'
- Info: PRs are required in order to make changes on branch 'main'
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/deploy.yml:15
- Warn: jobLevel 'statuses' permission set to 'write': .github/workflows/deploy.yml:14
- Warn: no topLevel permission defined: .github/workflows/cla.yml:1
- Warn: no topLevel permission defined: .github/workflows/deploy.yml:1
- Warn: no topLevel permission defined: .github/workflows/dev.yml:1
- Warn: no topLevel permission defined: .github/workflows/prod.yml:1
Reason
Project has not signed or included provenance with any releases.
Details
- Warn: release artifact 1.131 not signed: https://api.github.com/repos/CesiumGS/cesium/releases/229175092
- Warn: release artifact 1.130.1 not signed: https://api.github.com/repos/CesiumGS/cesium/releases/227393460
- Warn: release artifact 1.130 not signed: https://api.github.com/repos/CesiumGS/cesium/releases/222553719
- Warn: release artifact 1.129 not signed: https://api.github.com/repos/CesiumGS/cesium/releases/216019007
- Warn: release artifact 1.128 not signed: https://api.github.com/repos/CesiumGS/cesium/releases/209702042
- Warn: release artifact 1.131 does not have provenance: https://api.github.com/repos/CesiumGS/cesium/releases/229175092
- Warn: release artifact 1.130.1 does not have provenance: https://api.github.com/repos/CesiumGS/cesium/releases/227393460
- Warn: release artifact 1.130 does not have provenance: https://api.github.com/repos/CesiumGS/cesium/releases/222553719
- Warn: release artifact 1.129 does not have provenance: https://api.github.com/repos/CesiumGS/cesium/releases/216019007
- Warn: release artifact 1.128 does not have provenance: https://api.github.com/repos/CesiumGS/cesium/releases/209702042
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cla.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/CesiumGS/cesium/cla.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cla.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/CesiumGS/cesium/cla.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/CesiumGS/cesium/deploy.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/CesiumGS/cesium/deploy.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dev.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/CesiumGS/cesium/dev.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dev.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/CesiumGS/cesium/dev.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dev.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/CesiumGS/cesium/dev.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dev.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/CesiumGS/cesium/dev.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dev.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/CesiumGS/cesium/dev.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dev.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/CesiumGS/cesium/dev.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dev.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/CesiumGS/cesium/dev.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dev.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/CesiumGS/cesium/dev.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prod.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/CesiumGS/cesium/prod.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prod.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/CesiumGS/cesium/prod.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prod.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/CesiumGS/cesium/prod.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prod.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/CesiumGS/cesium/prod.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/actions/verify-package/script.sh:18
- Warn: npmCommand not pinned by hash: .github/workflows/cla.yml:21
- Warn: npmCommand not pinned by hash: .github/workflows/deploy.yml:33
- Warn: npmCommand not pinned by hash: .github/workflows/dev.yml:59
- Warn: npmCommand not pinned by hash: .github/workflows/dev.yml:75
- Warn: npmCommand not pinned by hash: .github/workflows/dev.yml:21
- Warn: npmCommand not pinned by hash: .github/workflows/dev.yml:42
- Warn: npmCommand not pinned by hash: .github/workflows/prod.yml:17
- Warn: npmCommand not pinned by hash: .github/workflows/prod.yml:42
- Info: 0 out of 16 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 9 npmCommand dependencies pinned
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 26 are checked with a SAST tool
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Score
4.4
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More