
Security News
/Research
Compromised Injective SDK npm Package Exfiltrates Wallet Keys and Mnemonics
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.
@gltf-transform/view
Advanced tools
⚠️ EXPERIMENTAL
Creates three.js objects from glTF Scene,
Node,
Mesh,
Material
and other properties, and keeps those three.js objects updated in realtime as changes are made
through the glTF Transform library. Combined with
import/export using WebIO, @gltf-transform/view
provides a lossless workflow to load, view, edit, and export glTF assets — particularly useful in
editor-like applications on the web. Changes to a glTF Document are reflected in three.js
immediately, and any features three.js doesn't support won't be lost — they just aren't rendered
in the preview.
NOTICE: three.js can load glTF 2.0 files with THREE.GLTFLoader and export them with THREE.GLTFExporter, but the GLTFExporter step is lossy and expensive. In comparison, the edit/refresh loop provided by
@gltf-transform/viewis very fast and lossless, but requires some additional memory overhead when loading. This project is not meant to replace THREE.GLTFLoader for one-time resource loading.
Installation:
npm install --save @gltf-transform/view
import { Scene, WebGLRenderer, PerspectiveCamera } from 'three';
import { WebIO } from '@gltf-transform/core';
import { KHRONOS_EXTENSIONS } from '@gltf-transform/extensions';
import { DocumentView } from '@gltf-transform/view';
// Set up three.js scene.
const scene = new Scene();
// ...
// Load glTF Document.
const io = new WebIO().registerExtensions(KHRONOS_EXTENSIONS);
const document = await io.read('path/to/input.glb');
const documentView = new DocumentView(document);
// Add glTF content to the scene (just once).
const sceneDef = document.getRoot().listScenes()[0];
const sceneGroup = documentView.view(sceneDef);
scene.add(sceneGroup);
// Render.
function animate () {
requestAnimationFrame(animate);
renderer.render(scene, camera);
}
// When glTF Document is edited, scene updates automatically.
const materialDef = document.getRoot().listMaterials()
.find((mat) => mat.getName() === 'MyMaterial');
buttonEl.addEventListener('click', () => {
materialDef.setBaseColorHex(0xFF0000);
});
Each DocumentView instance maintains reference counts and disposes of three.js WebGL resources
(textures, geometry, materials) when the underlying glTF Transform properties are disposed.
Unused resources are not disposed immediately, in case they might be used again later. To
manually dispose of unused resources — e.g. to free up GPU memory — call documentView.gc().
Resources will be re-allocated automatically if they are used again.
| binding | status |
|---|---|
| Scene | ✅ |
| Node | ✅ |
| Mesh | ✅ |
| Primitive | ✅ |
| Accessor | ✅ |
| Material | ✅ |
| Texture | ✅ |
| TextureInfo | 🚧 |
| Morph Targets | ❌ |
| Animation | ❌ |
| Camera | ❌ |
| Light | ❌ |
For supported extensions, see glTF-Transform-View#7.
See CONTRIBUTING.md.
FAQs
Syncs a glTF-Transform Document with a three.js scene graph
The npm package @gltf-transform/view receives a total of 498 weekly downloads. As such, @gltf-transform/view popularity was classified as not popular.
We found that @gltf-transform/view demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.

Security News
npm v12 is generally available, turning install scripts off by default and beginning the deprecation of 2FA-bypass publishing tokens.

Research
/Security News
Socket tracks the activity as Operation “Muck and Load”: a threat actor uses commit-farming workflows, public dead drops, and protected archives to stage Windows RAT and infostealer malware.