{"id":33202108,"url":"https://github.com/mapbox/mvt-fixtures","last_synced_at":"2025-11-21T03:00:52.525Z","repository":{"id":10229336,"uuid":"64881173","full_name":"mapbox/mvt-fixtures","owner":"mapbox","description":"Suite of valid and invalid Mapbox Vector Tiles","archived":false,"fork":false,"pushed_at":"2024-09-05T15:41:27.000Z","size":20784,"stargazers_count":28,"open_issues_count":8,"forks_count":11,"subscribers_count":119,"default_branch":"main","last_synced_at":"2025-10-20T22:48:04.616Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mapbox.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-08-03T21:38:45.000Z","updated_at":"2025-04-04T04:23:06.000Z","dependencies_parsed_at":"2023-01-11T20:14:20.753Z","dependency_job_id":null,"html_url":"https://github.com/mapbox/mvt-fixtures","commit_stats":null,"previous_names":["mapbox/evilmvt"],"tags_count":21,"template":false,"template_full_name":null,"purl":"pkg:github/mapbox/mvt-fixtures","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mapbox%2Fmvt-fixtures","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mapbox%2Fmvt-fixtures/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mapbox%2Fmvt-fixtures/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mapbox%2Fmvt-fixtures/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mapbox","download_url":"https://codeload.github.com/mapbox/mvt-fixtures/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mapbox%2Fmvt-fixtures/sbom","scorecard":{"id":616432,"data":{"date":"2025-08-11","repo":{"name":"github.com/mapbox/mvt-fixtures","commit":"72431849ba453c812fdc5692860fc3e76b00a867"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.1,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":5,"reason":"Found 8/14 approved changesets -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Token-Permissions","score":9,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/test.yml:11","Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE-CC0-1.0.md:0","Info: FSF or OSI recognized license: Creative Commons Zero v1.0 Universal: LICENSE-CC0-1.0.md:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/mapbox/.github/SECURITY.md:1","Info: Found linked content: github.com/mapbox/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/mapbox/.github/SECURITY.md:1","Info: Found text in security policy: github.com/mapbox/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Branch-Protection","score":5,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'main'","Warn: 'stale review dismissal' is disabled on branch 'main'","Warn: required approving review count is 1 on branch 'main'","Warn: codeowners review is not required on branch 'main'","Warn: 'last push approval' is disabled on branch 'main'","Warn: no status checks found to merge onto branch 'main'","Info: PRs are required in order to make changes on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Pinned-Dependencies","score":3,"reason":"dependency not pinned by hash detected -- score normalized to 3","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/mapbox/mvt-fixtures/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/mapbox/mvt-fixtures/test.yml/main?enable=pin","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned","Info:   1 out of   1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":0,"reason":"18 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-rq8g-5pc5-wrhr","Warn: Project is vulnerable to: GHSA-qrmc-fj45-qfc2","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-44pw-h2cw-w3vq","Warn: Project is vulnerable to: GHSA-jp4x-w63m-7wgm","Warn: Project is vulnerable to: GHSA-c429-5p7v-vgjp","Warn: Project is vulnerable to: GHSA-896r-f27r-55mw","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m","Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h","Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9","Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp","Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6","Warn: Project is vulnerable to: GHSA-2m39-62fm-q8r3","Warn: Project is vulnerable to: GHSA-mf6x-7mm4-x2g7","Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 1 commits out of 26 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-21T04:08:11.274Z","repository_id":10229336,"created_at":"2025-08-21T04:08:11.274Z","updated_at":"2025-08-21T04:08:11.274Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":285548627,"owners_count":27190487,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-11-21T02:00:06.175Z","response_time":61,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-11-16T09:00:28.687Z","updated_at":"2025-11-21T03:00:52.517Z","avatar_url":"https://github.com/mapbox.png","language":"JavaScript","funding_links":[],"categories":["Low-level utilities"],"sub_categories":[],"readme":"![mvt-fixtures crew](https://c1.staticflickr.com/5/4495/24124229798_b82cd97858_o.png)\n\n[![Run tests](https://github.com/mapbox/mvt-fixtures/actions/workflows/test.yml/badge.svg)](https://github.com/mapbox/mvt-fixtures/actions/workflows/test.yml)\n\nA `require()`able suite of valid and invalid vector tile fixtures for testing [Mapbox Vector Tile](https://github.com/mapbox/vector-tile-spec) encoders and decoders. You can view a list of all fixtures at [FIXTURES.md](FIXTURES.md).\n\n# Usage\n\nmvt-fixtures can be used in two distinct ways\n\n1. **javascript interface**: use the javascript interface to generate fixtures on the fly\n1. **raw fixtures** use the raw fixtures directly via the /fixtures directory.\n\nThe Javascript API is recommended if you are working in Javascript or Node.js. The raw fixtures are provided for those using this outside of a Javascript application. The recommended workflow is to have your encoder or decoder loop through every fixture and either expect to successfully decode/encode valid fixtures, or fail to decode/encode invalid fixtures. When new fixtures are added to this repository, you simply need to update the version of the module (or your submodule) to get the new fixtures and re-run tests.\n\n**Validity:** each fixture includes information about whether they are valid according to the specification versions and possible error outcomes if they are invalid. If any of the fixtures are invalid, they must include an `error` field describing how to recover (or not) from the error. These can be found in the `validity` field of the fixture and info.json files. The following checks:\n\n* `v1` (Boolean): is this fixture valid according to Version 1.x of the Mapbox Vector Tile spec\n* `v2` (Boolean): is this fixture valid according to Version 2.x of the Mapbox Vector Tile spec\n* `error` (String): describes if the encoder/decoder should recover from this error or stop completely. THis is only present if the fixture is invalid according to one or more spec revisions. Values are\n  * `recoverable`: should the encoder/decoder continue move on and continue its work? For instance, if invalid geometry is found, can the encoder safely move to the next feature?\n  * `fatal`: the encoder should completely stop its process\n\n### Javascript usage\n\nCheck out the full Javascript interface over at [API.md](API.md)\n\n```shell\nnpm install @mapbox/mvt-fixtures --save-dev\n```\n\n```javascript\nconst mvtf = require('@mapbox/mvt-fixtures');\nconst decoder = require('your-mvt-decoder');\n\n// assert on every single buffer\nmvtf.each(function(fixture) {\n  let output = decoder(fixture.buffer);\n  assert.equal(output.layers.length, fixture.json.layers.length, 'expected number of layers');\n  // ... more tests\n});\n\n// or you can get individual fixtures\nconst output = decoder(mvtf.get('043').buffer);\n\n// or you can build a fixture inline\nconst { buffer } = mvtf.create({\n  layers: [\n    {\n      version: 2,\n      name: 'parks',\n      features: [\n        {\n          id: 10,\n          tags: [ 0, 0 ], // name: Stanley Park\n          type: 1, // point\n          geometry: [ 9, 54, 38 ]\n        },\n        {\n          id: 10,\n          tags: [ 0, 0 ], // name: Olympic\n          type: 1, // point\n          geometry: [ 9, 2, 5 ]\n        }\n      ],\n      keys: [ 'name' ],\n      values: [\n        { string_value: 'Stanley Park' },\n        { string_value: 'Olympic' }\n      ],\n      extent: 4096\n    }\n  ]\n}); // ==\u003e Buffer()\n```\n\n### Non-JS interface\n\nYou can access all of the fixtures and their metadata in the /fixtures directory. You can download this repository and get them manually, or use this repository as a submodule. Each fixture is named by the directory /fixtures/{name} and has the following files:\n\n1. tile.mvt - the protocol buffer that represents (or intentionally breaks) the Mapbox Vector Tile specification\n1. tile.json - a JSON representation of the tile and its properties\n1. info.json - information about the fixture including `name`, `description`, and `specification_reference`.\n\n### Defaults and validity\n\nValidity can be messy. In the case of the `validity` property for the fixtures, they refer to the _Mapbox Vector Tile Specification_ but depending on the protocol buffer specification we are _decoding_ with, fields that may be required by the spec and are missing can be interpreted as default values. For example: in fixture 003 where the \"GeomType\" tag is completely missing, any vector tile decoder using the proto2 syntax will interpret this by the default value UNKNOWN instead of a missing tag, so the fixture itself is interpreted as \"valid\".\n\n# Real-world fixtures\n\nWhile the bulk of mvt-fixtures is focused on minimal unit tests with very specific features, it also includes a set of real-world tiles that are useful for benchmarking and running your decoder through more realistic tiles. Learn more about each real world extent in [REAL-WORLD.md](REAL-WORLD.md).\n\n# Develop\n\n### Setup\n```\ngit clone git@github.com:mapbox/mvt-fixtures.git\ncd mvt-fixtures\ngit submodule update --init\nnpm install\nnpm install -g documentation\n```\n\n### Adding a new fixture\n\nAll fixtures have a source file in the /src directory. This file is a module that exports an object with the following parameters:\n\n```javascript\nmodule.exports = {\n  description: 'DESCRIPTION',\n  specification_reference: 'SPECIFICATION_URL',\n  validity: {\n    v1: false,\n    v2: false,\n    error: 'ERROR_TYPE'\n  },\n  json: {...},\n  proto: '2.1'\n};\n```\n\nA new fixture can be created by running the command, which will auto-increment the ID:\n\n```shell\nnpm run new\n# New file created: /src/003.js.\n```\n\n### Building fixtures\n\nTo rebuild all of the raw fixtures (including the tile.mvt, tile.json, and info.json files) in /fixtures you can run:\n\n```\nnpm run build\n```\n\n### Debugging fixtures\n\nThere are couple scripts included for debugging the fixtures as you create them.\n\n**protoc specification dump** allows you to dump mvt fixtures to the text-based representation supported by the google protoc tool. This can be very useful for debugging fixtures to ensure you've created what you expected (particularly for tiles designed to be invalid to parse).\n\n```bash\n$ ./scripts/dump fixtures/002/tile.mvt\nlayers {\n  name: \"hello\"\n  features {\n    type: POINT\n    geometry: 9\n    geometry: 50\n    geometry: 34\n  }\n  extent: 4096\n  version: 2\n}\n```\n\n**raw protoc dump** allows you to dump the raw contents of a buffer. This particularly useful for tiles that don't match the vector_tile.proto format and you want to view which tags are generated\n\n```bash\n$ ./scripts/dump fixtures/002/tile.mvt --raw\n3 {\n  15: 2\n  1: \"hello\"\n  2 {\n    2: \"\"\n    3: 1\n    4: \"\\t2\\\"\"\n  }\n  5: 4096\n}\n```\n\n**[vtvalidate](https://github.com/mapbox/vtvalidate)** is a node C++ addon that can be installed via npm separately. This uses vtzero to parse a vector tile buffer and has a CLI available for quick use.\n\n```bash\n$ vtvalidate fixtures/003/tile.mvt\nunknown geometry type\n```\n\n### Building docs\n\nDocumentation takes two forms...\n\n1. Javascript API docs in API.md\n1. Fixture reference in FIXTURES.md\n\nThese can be generated by running:\n\n```\nnpm run docs\n```\n\n### Running tests\n\nAll tests can be run with:\n\n```\nnpm test\n```\n\n# License\n\nThis repository is dual-licensed. The repository and code are distributed by Mapbox under the [CC0 v1.0 Universal](/LICENSE-CC0.md) license. The fixtures, which include [Open Street Map](https://www.openstreetmap.org/copyright) data, are distributed under the [Open Data Commons ODbL v1.0](/LICENSE-ODBL.md) license. Both should be included when depending on this project.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmapbox%2Fmvt-fixtures","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmapbox%2Fmvt-fixtures","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmapbox%2Fmvt-fixtures/lists"}