
Security News
npm v12 Ships With Install Scripts Off by Default, Begins Deprecating 2FA-Bypass Tokens
npm v12 is generally available, turning install scripts off by default and beginning the deprecation of 2FA-bypass publishing tokens.
@gltf-transform/view
Advanced tools
Creates three.js objects from glTF Scene,
Node,
Mesh,
Material
and other properties, and keeps those three.js objects updated in realtime as changes are made
through the glTF Transform library. Combined with
import/export using WebIO, @gltf-transform/view
provides a lossless workflow to load, view, edit, and export glTF assets — particularly useful in
editor-like applications on the web. Changes to a glTF Document are reflected in three.js
immediately, and any features three.js doesn't support won't be lost — they just aren't rendered
in the preview.
NOTICE: three.js can load glTF 2.0 files with THREE.GLTFLoader and export them with THREE.GLTFExporter, the GLTFExporter step is lossy and slow. In comparison, the fast edit/refresh loop provided by
@gltf-transform/viewrequires some additional memory overhead, and so this project is not meant to replace THREE.GLTFLoader for one-time resource loading.
Installation:
npm install --save @gltf-transform/view
import { Scene, WebGLRenderer, PerspectiveCamera } from 'three';
import { WebIO } from '@gltf-transform/core';
import { KHRONOS_EXTENSIONS } from '@gltf-transform/extensions';
import { DocumentView } from '@gltf-transform/view';
// Set up three.js scene.
const scene = new Scene();
// ...
// Load glTF Document.
const io = new WebIO().registerExtensions(KHRONOS_EXTENSIONS);
const document = await io.read('path/to/input.glb');
const documentView = new DocumentView(document);
// Add glTF content to the scene (just once).
const sceneDef = document.getRoot().listScenes()[0];
const sceneGroup = documentView.view(sceneDef);
scene.add(sceneGroup);
// Render.
function animate () {
requestAnimationFrame(animate);
renderer.render(scene, camera);
}
// When glTF Document is edited, scene updates automatically.
const materialDef = document.getRoot().listMaterials()
.find((mat) => mat.getName() === 'MyMaterial');
buttonEl.addEventListener('click', () => {
materialDef.setBaseColorHex(0xFF0000);
});
Each DocumentView instance maintains reference counts and disposes of three.js WebGL resources
(textures, geometry, materials) when the underlying glTF Transform properties are disposed.
Unused resources are not disposed immediately, in case they might be used again later. To
manually dispose of unused resources — e.g. to free up GPU memory — call documentView.gc().
Resources will be re-allocated automatically if they are used again.
| binding | status |
|---|---|
| Scene | ✅ |
| Node | ✅ |
| Mesh | ✅ |
| Primitive | ✅ |
| Accessor | ✅ |
| Material | ✅ |
| Texture | ✅ |
| TextureInfo | 🚧 |
| Morph Targets | ❌ |
| Animation | ❌ |
| Camera | ❌ |
| Light | ❌ |
For supported extensions, see glTF-Transform-View#7.
See CONTRIBUTING.md.
FAQs
Syncs a glTF-Transform Document with a three.js scene graph
The npm package @gltf-transform/view receives a total of 410 weekly downloads. As such, @gltf-transform/view popularity was classified as not popular.
We found that @gltf-transform/view demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
npm v12 is generally available, turning install scripts off by default and beginning the deprecation of 2FA-bypass publishing tokens.

Research
/Security News
Socket tracks the activity as Operation “Muck and Load”: a threat actor uses commit-farming workflows, public dead drops, and protected archives to stage Windows RAT and infostealer malware.

Security News
pnpm 11.10 hardens registry auth to block token redirection, tightens pack-app and deploy, and makes the Rust port (v12) installable.