
Research
/Security News
11 Malicious NuGet Tools Pose as Game Cheats to Drop a Windows Host-Surveillance Payload
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.
@gltf-transform/cli
Advanced tools
Part of the glTF-Transform project.
Install the CLI, supported in Node.js v14+.
npm install --global @gltf-transform/cli
List available CLI commands:
gltf-transform --help
Optimize everything all at once:
gltf-transform optimize input.glb output.glb --texture-compress webp
Or pick and choose your optimizations, building a custom pipeline.
Compress mesh geometry with Draco or Meshoptimizer:
# Draco (compresses geometry).
gltf-transform draco input.glb output.glb --method edgebreaker
# Meshopt (compresses geometry, morph targets, and keyframe animation).
gltf-transform meshopt input.glb output.glb --level medium
Resize and compress textures with Sharp, or improve VRAM usage and performance with KTX2 and Basis Universal:
# Resize textures.
gltf-transform resize input.glb output.glb --width 1024 --height 1024
# Compress textures with WebP.
gltf-transform webp input.glb output.glb --slots "baseColor"
# Compress textures with KTX2 + Basis Universal codecs, UASTC and ETC1S.
gltf-transform uastc input.glb output1.glb \
--slots "{normalTexture,occlusionTexture,metallicRoughnessTexture}" \
--level 4 --rdo 4 --zstd 18 --verbose
gltf-transform etc1s output1.glb output2.glb --quality 255 --verbose
... and much more.
See Credits.
Copyright 2023, MIT License.
FAQs
CLI interface to glTF Transform
The npm package @gltf-transform/cli receives a total of 25,655 weekly downloads. As such, @gltf-transform/cli popularity was classified as popular.
We found that @gltf-transform/cli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.

Research
/Security News
4 compromised asyncapi packages deliver miasma botnet loader on macOS, Linux and Windows.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.