[X3D-Ecosystem] XML validation woes, no header vs header

Mon Sep 8 20:26:51 PDT 2025

Note that XML validation with X3DJSAIL currently *requires* a .dtd and/or
.xsd listed in the header, or you will get hundreds of messages telling you
to email Don Brutzman, who will tell you to put the header on the file.

So put the header on the file, and be happy that all those messages go
away.   But don’t DOS the digital signature XML schema site with batch
requests such that they block you!

I doubt if such issues will arise with JSON schema.

YMMV,

John

On Mon, Sep 8, 2025 at 10:12 PM John Carlson <yottzumm at gmail.com> wrote:

> I’m not seeing that x3dvalidate got new versions recently, so likely
> there’s no issue with it.  To be on the safe side, go with version
> 9.0.1 perhaps:
>
> https://www.npmjs.com/package/x3dvalidate
>
> $ npx x3dvalidate at 9.0.1 file1.x3dj file2.x3dj …
>
> Unless you need the latest features!
>
> Probably there will be an alternative way to check X3D JSON when the
> standard gets released, depending on whether a JSON schema  standard is
> released (in other words, never).   For those requiring alternative schema
> validation now, I suggest looking into X3DJSONLD.* and validating the
> result DOM against the XML schema.   Various X3DJSONLD JSON to DOM
> Converters exist for JavaScript, Java, C, and Pascal.  If sufficient
> pressure is placed on me, I will create a schema validator in python which
> doesn’t use x3d.py/X3DPSAIL, yet validates JSON against XML Schema.
> Please indicate your interest.  I’m guessing XML schema validation will
> outperform JSON schema validation in Python.  Python validation against
> JSON schema has been done, but it’s not performant as JavaScript, so I
> typically test with the latter.  Since JSON schema has been deprecated
> until further notice, it might be wise to use X3DJSONLD to convert to XML
> or DOM for validation.
>
> Java already has something to validate X3D JSON against XML schema, that’s
> where I would look first, if not X3DJSAIL’s DOM Loader being used with
> X3DJSONLD.java.  I haven’t built something to validate JavaScript DOM
> against XML schema yet, but I can serialize to XML, and validate against
> XML schema, most likely.   Mostly, I use DOM to XML serialization to
> compare roundtrip conversions from XML to JSON to DOM.
>
> Note that there are missing features in X3dToJson.xslt which might be
> addressed later this year, I am going with Holger’s x3d-tidy in the short
> term as I am exercising Material nodes which aren’t mapped well yet in
> X3dToJson.xlst.  For those on the leading edge, see how the SFNodes in
>
>
> https://www.web3d.org/specifications/X3Dv4/ISO-IEC19775-1v4-IS/Part01/components/shape.html#Material
>
> are mapped to JSON with X3dToJson.xslt.  AFAIK, the SFNodes should be
> mapped to JSON objects, not JSON arrays, those are for MFNodes. Obviously,
> if one is validating the DOM against XML schema is done, perhaps important
> stuff like array versus object is swept under the covers?  IDK.
>
> Note that X3DJSONLD is not affiliated with JSON-LD.  The former is a JSON
> loader (hence the LD) and has nothing to do with linked data.
>
> John
>
>
> On Mon, Sep 8, 2025 at 8:00 PM John Carlson <yottzumm at gmail.com> wrote:
>
>> https://youtu.be/taEIb3xXzjk
>> <https://youtu.be/taEIb3xXzjk?si=L6RsGCfQ53J4FE2a>
>>
>> I have not yet determined whether my packages are affected.  I have one
>> published npm (node package manager) module published, “x3dvalidate.”
>>
>> Here are my x3dvalidate dependencies, which you can certainly check to
>> see if they are affected:
>>
>> "dependencies": {
>> "ajv": "*",
>> "ajv-formats": "*",
>> "ajv-formats-draft2019": "*",
>> "ajv-i18n": "*"
>> },
>>
>> I’m guessing there will be many possible versions of packages being
>> withdrawn.
>>
>> Apparently some npm module maintainer fell for some clever phishing email
>> that used a icon similar to the npm icon, claiming that 2FA needed to be
>> updated.
>>
>> AFAIK, this is legit, but it’s just some guy, “Matt  Johansen” reporting
>> on YouTube.
>>
>> There’s also reports on Reddit, which say only one user is affected, but
>> if any of your dependencies depend on his/her dependencies, you might be
>> affected:
>>
>>
>> https://www.reddit.com/r/programming/comments/1nbqt4d/largest_npm_compromise_in_history_supply_chain/
>>
>> The directly affected packages are listed there.
>>
>> It mostly appears like this is an attack on cryptocurrency, primarily.  I
>> don’t invest in cryptocurrencies.
>>
>> I will be reviewing emails, and potentially changing dependencies on my
>> various node packages, which I’ve been meaning to do for a while, while
>> these are on GitHub, I’ve only published the one module to npm.
>>
>> I don’t know if anyone else in X3D is affected, just be aware of package
>> dependencies for any npx programs you execute.  This includes stuff like
>> React, Vite, and anyone else using npm and npx.
>>
>> Primarily, I will be investigating my X3DJSONLD dependencies as found in
>> my package-lock.json, listed here:
>>
>> https://github.com/coderextreme/X3DJSONLD/blob/master/package-lock.json
>>
>>
>> This didn’t really hit the most popular tech news sites, but reporting
>> has been done in the Cryptocurrency sites (which I’m just seeing headlines
>> in google).
>>
>> John
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://web3d.org/pipermail/x3d-ecosystem_web3d.org/attachments/20250908/2a5ed5e5/attachment.html>