π JavaScript library for mobile-friendly interactive maps πΊπ¦
Installations
npm install leafletDeveloper Guide
Typescript
No
Module System
CommonJS
Node Version
16.20.0
NPM Version
8.19.4
Score
99.5
Supply Chain
89.2
Quality
82.1
Maintenance
100
Vulnerability
100
License
Releases
Contributors
Languages
JavaScript (88.03%)
HTML (11.17%)
Handlebars (0.78%)
CSS (0.01%)
Developer
Download Statistics
Total Downloads
187,812,584
Last Day
65,513
Last Week
836,464
Last Month
4,922,599
Last Year
53,132,967
GitHub Statistics
41,688 Stars
7,830 Commits
5,862 Forks
892 Watching
51 Branches
821 Contributors
Bundle Size
145.74 kB
Minified
41.99 kB
Minified + Gzipped
Maintainers
Package Meta Information
Latest Version
1.9.4
Package Id
leaflet@1.9.4
Unpacked Size
3.57 MB
Size
848.99 kB
File Count
106
NPM Version
8.19.4
Node Version
16.20.0
Publised On
18 May 2023
Total Downloads
Cumulative downloads
Total Downloads
187,812,584
Last day
-71.5%
65,513
Compared to previous day
Last week
-33%
836,464
Compared to previous week
Last month
-3.6%
4,922,599
Compared to previous month
Last year
23.4%
53,132,967
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
27
Leaflet was created 11 years ago by Volodymyr Agafonkin, a Ukrainian citizen living in Kyiv.
Russian bombs are now falling over Volodymyr's hometown. His family, his friends, his neighbours, thousands and thousands of absolutely wonderful people, are either seeking refuge or fighting for their lives.
The Russian soldiers have already killed tens of thousands of civilians, including women and children, and are committing mass war crimes like gang rapes, executions, looting, and targeted bombings of civilian shelters and places of cultural significance. The death toll keeps rising, and Ukraine needs your help.
As Volodymyr expressed a few days before the invasion:
If you want to help, educate yourself and others on the Russian threat, follow reputable journalists, demand severe Russian sanctions and Ukrainian support from your leaders, protest war, reach out to Ukrainian friends, donate to Ukrainian charities. Just don't be silent.
Ukrainians are recommending the Come Back Alive charity. For other options, see StandWithUkraine.
If an appeal to humanity doesn't work for you, I'll appeal to your egoism: the future of Ukrainian citizens is the future of Leaflet.
It is chilling to see Leaflet being used for documenting Russia's war crimes, factual reporting of the war and for coordination of humanitarian efforts in Romania and in Poland. We commend these uses of Leaflet.
If you support the actions of the Russian government (even after reading all this), do everyone else a favour and carry some seeds in your pocket.
Yours truly,
Leaflet maintainers.
Leaflet is the leading open-source JavaScript library for mobile-friendly interactive maps. Weighing just about 39 KB of gzipped JS plus 4 KB of gzipped CSS code, it has all the mapping features most developers ever need.
Leaflet is designed with simplicity, performance and usability in mind. It works efficiently across all major desktop and mobile platforms out of the box, taking advantage of HTML5 and CSS3 on modern browsers while being accessible on older ones too. It can be extended with a huge amount of plugins, has a beautiful, easy to use and well-documented API and a simple, readable source code that is a joy to contribute to.
For more info, docs and tutorials, check out the official website.
For Leaflet downloads (including the built main version), check out the download page.
We're happy to meet new contributors. If you want to get involved with Leaflet development, check out the contribution guide. Let's make the best mapping library that will ever exist, and push the limits of what's possible with online maps!
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
GitHub workflow tokens follow principle of least privilege
Details
- Info: topLevel 'contents' permission set to 'read': .github/workflows/main.yml:4
- Info: no jobLevel write permissions found
Reason
1 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: BSD 2-Clause "Simplified" License: LICENSE:0
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/main.yml:192
Reason
Found 18/20 approved changesets -- score normalized to 9
Reason
dependency not pinned by hash detected -- score normalized to 1
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:198: update your workflow using https://app.stepsecurity.io/secureworkflow/Leaflet/Leaflet/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:204: update your workflow using https://app.stepsecurity.io/secureworkflow/Leaflet/Leaflet/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/Leaflet/Leaflet/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/Leaflet/Leaflet/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/Leaflet/Leaflet/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/Leaflet/Leaflet/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/Leaflet/Leaflet/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/Leaflet/Leaflet/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/Leaflet/Leaflet/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/Leaflet/Leaflet/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/Leaflet/Leaflet/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/Leaflet/Leaflet/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:110: update your workflow using https://app.stepsecurity.io/secureworkflow/Leaflet/Leaflet/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/Leaflet/Leaflet/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:145: update your workflow using https://app.stepsecurity.io/secureworkflow/Leaflet/Leaflet/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:151: update your workflow using https://app.stepsecurity.io/secureworkflow/Leaflet/Leaflet/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:156: update your workflow using https://app.stepsecurity.io/secureworkflow/Leaflet/Leaflet/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:160: update your workflow using https://app.stepsecurity.io/secureworkflow/Leaflet/Leaflet/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:172: update your workflow using https://app.stepsecurity.io/secureworkflow/Leaflet/Leaflet/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:182: update your workflow using https://app.stepsecurity.io/secureworkflow/Leaflet/Leaflet/main.yml/main?enable=pin
- Info: 0 out of 15 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 5 third-party GitHubAction dependencies pinned
- Info: 1 out of 1 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
Project has not signed or included provenance with any releases.
Details
- Warn: release artifact v1.9.4 not signed: https://api.github.com/repos/Leaflet/Leaflet/releases/103444138
- Warn: release artifact v1.9.3 not signed: https://api.github.com/repos/Leaflet/Leaflet/releases/82108289
- Warn: release artifact v1.9.2 not signed: https://api.github.com/repos/Leaflet/Leaflet/releases/78960917
- Warn: release artifact v1.9.1 not signed: https://api.github.com/repos/Leaflet/Leaflet/releases/77961324
- Warn: release artifact v1.9.0 not signed: https://api.github.com/repos/Leaflet/Leaflet/releases/73360964
- Warn: release artifact v1.9.4 does not have provenance: https://api.github.com/repos/Leaflet/Leaflet/releases/103444138
- Warn: release artifact v1.9.3 does not have provenance: https://api.github.com/repos/Leaflet/Leaflet/releases/82108289
- Warn: release artifact v1.9.2 does not have provenance: https://api.github.com/repos/Leaflet/Leaflet/releases/78960917
- Warn: release artifact v1.9.1 does not have provenance: https://api.github.com/repos/Leaflet/Leaflet/releases/77961324
- Warn: release artifact v1.9.0 does not have provenance: https://api.github.com/repos/Leaflet/Leaflet/releases/73360964
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Reason
12 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-2rxp-v6pw-ch6m
- Warn: Project is vulnerable to: GHSA-5866-49gr-22v4
- Warn: Project is vulnerable to: GHSA-r55c-59qm-vjw6
- Warn: Project is vulnerable to: GHSA-vmwr-mc7x-5vc3
- Warn: Project is vulnerable to: GHSA-6f62-3596-g6w7
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-6vfc-qv3f-vr6c
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
Score
5.6
/10
Last Scanned on 2024-12-23
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More