ReGraph Architecture

Security

ReGraph is a low-risk, highly secure JavaScript library that is unlikely to be affected by common security vulnerabilities.

  • It does not initiate data transfers with remote servers or server-side dependencies.
  • It does not track user data or use any persistent data on local storage.
  • It runs entirely within the browser using standard JavaScript. It has no plug-in or extension requirements.
  • All source code is obfuscated and minified before distribution.
  • Nothing is added to the global scope.
  • It does not pollute prototypes.
  • Any new APIs and features are tested to prevent introduction of vulnerabilities.

Development

ReGraph is a closed source project, with all code controlled by Cambridge Intelligence staff, reviewed by multiple expert developers and tested thoroughly by our experienced QA team.

ReGraph source code is developed and built with an automated toolchain which is configured according to modern best practices to help identify security issues and ensure consistency and quality across the codebase. The toolchain contains a linter (ESlint), a compiler (Babel) and a suite of security scanners, including:

  • Secret scanner - scans the source code for accidental exposure of sensitive security information
  • Container scanner - scans the webserver container for vulnerabilities
  • Dependency scanner - scans our internal and build-time dependencies for known issues and vulnerabilities
  • Static application security testing (SAST) - scans the source code for vulnerabilities, encryption issues and other potentially exploitable holes

If we identify a vulnerability, we review it internally and deal with it before release.

Our JavaScript files are built using secure processes and hosted on secure web servers. We will never add malicious behaviors to our source code, and we are confident that third parties cannot hijack or compromise our downloads. There is no accepted standard scanner for malicious JavaScript code.

Dependencies

ReGraph requires React (^16.6.0) as peer dependency. You can install it for example:

npm install react@^16.6.0
yarn add react@^16.6.0
pnpm install react@^16.6.0

ReGraph also requires Lodash (lodash@^4.0.0), Web Font Loader (webfontloader@^1.6.28) and Babel's modular runtime helpers (@babel/runtime-corejs3@^7.20); these are internal dependencies and will be automatically installed when you install ReGraph. If your project already depends on any of these packages, then your package manager will only download these modules once.

Leaflet Integration

To integrate ReGraph with Leaflet, ReGraph requires Leaflet (1.9.x). You can install it for example:

npm install [email protected]
pnpm install [email protected]

ReGraph uses OpenStreetMap as a default map tile provider.

PDF export

To use PDF export, ReGraph requires PDFKit and SVG-to-PDFKit. You can install them for example:

npm install pdfkit svg-to-pdfkit
yarn add pdfkit svg-to-pdfkit
pnpm install pdfkit svg-to-pdfkit

Once the dependencies are installed, import the export.js file into your project:

import 'regraph/export';

We strongly recommend that you only use the following versions which have been successfully tested to work with ReGraph:

  • PDFKit 0.14.0
  • SVG-to-PDFKit 0.1.8

Uncaught ReferenceError: process is not defined

If you manually installed the above polyfills but you still see this error in the console, this might be because your build tool doesn't polyfill the process global variable. To fix this, add your own code to polyfill the process variable before calling the function that fetches and downloads the image:

window.process = {
  nextTick(callback, ...args) {
    window.requestAnimationFrame(() => callback(...args));
  },
};

Rendering

ReGraph uses WebGL to render charts. This enables it to use hardware acceleration when supported by the browser. If WebGL is disabled or unsupported, ReGraph uses HTML5 Canvas to render components.

Vector images, such as SVGs, are rasterized when loaded into the chart to improve performance. See Images for more details.

Chart Latency

Sometimes, very large charts can seem slow to load or respond to user actions. This is very rarely a rendering issue, and is more likely to be caused by computationally expensive chart actions, like layouts. See our Performance showcase to compare rendering against other operations.

TypeScript

ReGraph includes full type definitions for TypeScript. The minimum supported version is TypeScript 4.7. Older versions may function as well but they haven't been tested and are not officially supported.

See index.d.ts for chart, time bar and object format definitions, and analysis.d.ts for analysis functions. Types should be automatically available when you import ReGraph.

For complete code examples using TypeScript, see the TypeScript stories.

Compliance

Cambridge Intelligence has implemented an information security management system that is certified to ISO 27001:2022 for the operations of software development, sale and associated support, all information assets processed and managed and all systems and services where information is processed by Cambridge Intelligence.

This includes:

  • Software Development Life Cycle
  • Risk management
  • Information classification
  • Business continuity and backups
  • Software development and code security
  • Vulnerability management
  • Logging and monitoring
  • External penetration testing
  • Physical security
  • Training and awareness

For further information, please contact our security team.

Terms of use

These terms do not alter or supersede any existing agreements between you (or your employer) and us.

By accessing or using any Content you agree to be bound by these Terms of Use. Please review these terms carefully before using the website.

The contents of this website, including but not limited to any text, code samples, API references, schemas, interactive tools, and other materials (collectively, the 'Content'), are made available for informational and internal evaluation purposes only. All intellectual property rights in the Content are reserved. No licence is granted to use the Content for any commercial purpose, or to copy, distribute, modify, reverse-engineer, or incorporate any part of the Content into any product or service, without our prior written consent.

This Content is provided “as is” and “as available,” without any representations, warranties, or guarantees of any kind, whether express or implied, including but not limited to implied warranties of merchantability, fitness for a particular purpose, non-infringement, or accuracy. To the fullest extent permitted by applicable law, we expressly exclude and disclaim all implied warranties, conditions, and other terms that might otherwise be implied.

We disclaim all liability for any loss or damage, whether direct, indirect, incidental, consequential, or otherwise, arising from any reliance placed on the Content or from your use of it, to the fullest extent permitted by applicable law. By continuing to access or use the Content, you acknowledge and agree to these terms.