
Security News
pnpm 11.10 Hardens Registry Authentication to Block Token Redirection
pnpm 11.10 hardens registry auth to block token redirection, tightens pack-app and deploy, and makes the Rust port (v12) installable.
@gltf-transform/cli
Advanced tools
Part of the glTF-Transform project.
Install the CLI, supported in Node.js v14+.
npm install --global @gltf-transform/cli
List available CLI commands:
gltf-transform --help
Optimize everything all at once:
gltf-transform optimize input.glb output.glb --texture-compress webp
Or pick and choose your optimizations, building a custom pipeline.
Compress mesh geometry with Draco or Meshoptimizer:
# Draco (compresses geometry).
gltf-transform draco input.glb output.glb --method edgebreaker
# Meshopt (compresses geometry, morph targets, and keyframe animation).
gltf-transform meshopt input.glb output.glb --level medium
Resize and compress textures with Sharp, or improve VRAM usage and performance with KTX2 and Basis Universal:
# Resize textures.
gltf-transform resize input.glb output.glb --width 1024 --height 1024
# Compress textures with WebP.
gltf-transform webp input.glb output.glb --slots "baseColor"
# Compress textures with KTX2 + Basis Universal codecs, UASTC and ETC1S.
gltf-transform uastc input.glb output1.glb \
--slots "{normalTexture,occlusionTexture,metallicRoughnessTexture}" \
--level 4 --rdo 4 --zstd 18 --verbose
gltf-transform etc1s output1.glb output2.glb --quality 255 --verbose
... and much more.
See Credits.
Copyright 2023, MIT License.
FAQs
CLI interface to glTF Transform
The npm package @gltf-transform/cli receives a total of 32,735 weekly downloads. As such, @gltf-transform/cli popularity was classified as popular.
We found that @gltf-transform/cli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
pnpm 11.10 hardens registry auth to block token redirection, tightens pack-app and deploy, and makes the Rust port (v12) installable.

Security News
/Research
Socket uncovered 17 malicious npm and PyPI packages typosquatting Paysafe, Skrill, and Neteller SDKs to steal developer secrets.

Security News
Node.js is debating whether AI-driven security report volume warrants moving more vulnerability reports into public workflows.