I wrote a backend command line tool in node.js to render thumbnails of 3d models files (currently the STL and AMF file formats): https://github.com/gi11es/3d2png
The dependencies I need pull quite a lot of subdependencies (maybe that's usual for node.js, I don't know), which might need security review.
Some of those node.js also require some debian packages, namely:
pkg-config, libcairo2-dev, libjpeg-dev, libxi-dev, libglu1-mesa-dev libglew-dev
I want to make sure that those are ok too.
Regarding the file formats themselves (AMF and STL). AMF is XML-based can be zipped. STL is binary or text. In both cases the parsing is done with custom code copied from three.js's examples (AMFLoader.js is slightly modified and be found at the root of 3d2png, STLLoader is taken directly from the three.js module's examples folder).