There are lots of ways for an application to get your current location (latitude / longitude) programmatically, but wifi-triangulate is a little shady.
Most web apps ask for your permission before accessing your location (there’s a whole browser based API for this). But with wifi-triangulate, there’s no opt-in and it’s quite accurate. Pretty sure you could use this to locate a user, silently, without consent.
Yes, there are other / easier ways to get a user’s location. And no, this library isn’t inherently “evil.” But please be careful and follow the golden rule of software development: don’t be a dick (or a sucker).