{"id":22064698,"url":"https://github.com/ldarren/pico-client","last_synced_at":"2026-05-03T13:31:26.250Z","repository":{"id":4176874,"uuid":"5293272","full_name":"ldarren/pico-client","owner":"ldarren","description":"pico html5 framework","archived":false,"fork":false,"pushed_at":"2023-04-16T02:29:57.000Z","size":18345,"stargazers_count":1,"open_issues_count":15,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-12-09T07:57:36.103Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ldarren.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2012-08-04T05:04:07.000Z","updated_at":"2021-11-14T08:31:03.000Z","dependencies_parsed_at":"2023-07-06T19:01:45.215Z","dependency_job_id":null,"html_url":"https://github.com/ldarren/pico-client","commit_stats":{"total_commits":1599,"total_committers":6,"mean_commits":266.5,"dds":"0.034396497811131965","last_synced_commit":"3ea36d7cc0a9296393cfa4a771fa1264eabfdc95"},"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/ldarren/pico-client","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ldarren%2Fpico-client","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ldarren%2Fpico-client/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ldarren%2Fpico-client/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ldarren%2Fpico-client/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ldarren","download_url":"https://codeload.github.com/ldarren/pico-client/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ldarren%2Fpico-client/sbom","scorecard":{"id":581274,"data":{"date":"2025-08-11","repo":{"name":"github.com/ldarren/pico-client","commit":"b19559344f227e8573ceccf6c6782bbcdf56b191"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":0,"reason":"license file not detected","details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 6 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-20T19:14:04.036Z","repository_id":4176874,"created_at":"2025-08-20T19:14:04.036Z","updated_at":"2025-08-20T19:14:04.036Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32571450,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-03T06:36:36.687Z","status":"ssl_error","status_checked_at":"2026-05-03T06:36:09.306Z","response_time":103,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-30T19:13:14.954Z","updated_at":"2026-05-03T13:31:26.222Z","avatar_url":"https://github.com/ldarren.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# pico-client\npico app framework\n\n## Example\n[An obligatory Todo App](https://cdn.rawgit.com/ldarren/pico-example-todo/master/bin/todo/index.html) to demotrate the framework. The example source code can be found [here](https://github.com/ldarren/pico-example-todo)\n\n## Browser Compatibility\n * Android Browser: compatible\n * Chrome/Chromium: compatible\n * Safari: compatible\n * Safari ios: compatible\n * Firefox: compatible\n * IE 11: compatible\n * IE 10 and below: not compatible\n\n## Features\n### Data Driven\nA pico client is data driven, meaning that the application structure is not defined by script but by data. The data file is in json file format. The data file format is closely assemble to lisp syntax. for example\n\n```json\n[\"name\", \"type\", \"content\", \"meta data\"]\n```\n\nand the example of a complete project file\n```json\n[\n    [\"component1\", \"view\", [\n    \t[\"moduleA\", \"view\", []],\n\t[\"moduleB\", \"view\", []]\n    ]],\n    [\"component2\", \"view\", []]\n]\n```\n\n### Lazy Load At Component Level\n```javascript\nvar\ndep1 = require('vendorA/dep1'),\ndep2 = require('vendorB/dep2')\n\nthis.load=function(){\n    dep1.doSeomthing()\n    dep2.doSomething()\n}\n```\n\n### Decentralized Configuration\npico archieved decentralized configuration by making spec files joinable during runtime.\n\nA spec file with a entry point (a special js file) can be compiled to a bundle file, the build script generate single .js file based on the configuration file and the entry point\n\nto add external spec to current spec, use dynamic `require` load the external spec and `spawn` to render it\n\n```javascript\nrequire('/path/to/external/spec', (err, spec) =\u003e {\n\tif (err) return console.error(err)\n\tthis.spawn(specMgr.create('id-here', 'view', [], spec))\n})\n```\n\nComplete example at `example/bundle`\n\n#### Create bundle\n```\nnpx pclient-build\n```\n\n### Manage environment config with dependency injection\nmove environment dependant config to a separate config file, inject the env config to main config in the main js file\n```javascript\n    var specMgr= require('p/specMgr')\n    var View= require('p/View')\n    var project = require('cfg/xin.json')\n    var env = require('cfg/dev.json')\n    var main\n\n    return function(){\n        specMgr.load(null, null, project, function(err, spec){\n            if (err) return console.error(err)\n            main = new View\n            main.spawnBySpec(spec, null, env)\n        })\n    }\n```\n\n### Code Spliting\nCode spliting is done at the project file level, each bundle can hae it own project file and project can be load lazily during runtime\n\n### Support circular dependencies\npico-client supported asynchronous module loading, therefore no circular dependencies issue\n\n### Syntax similar to commonjs and amd, easy to pickup\nsyntax of pico-client is heavely burrow from commonjs and amd to reduce learning curve\n\n### Support recursive view component\nfor recursive view component such tree view\n```javascript\n// tree-node.js\nreturn {\n\tdeps: {\n\t\t'tree_node': 'view', // self referencing\n\t},\n\tcreate(deps, params){\n\t\tthis.spawn(deps.tree_node) // or, this.spawn(deps.tree_node, null, [deps.tree_node.splice(0, 3)]]\n\t}\n}\n```\n\n## Caveat\n### sub-module readiness\npico modules are loaded in series orderly, what it means is module declared at top always load first and pico ensure it is loaded completely before loading the next module.\nOne caveat is submodule may not ready during event call. for example project configuration as follow\n```json\n[\n\t[\"modA\",\"view\",[\n\t\t[\"modA-subA\",\"view\",[]]\n\t]],\n\t[\"modB\",\"view\",[]]\n]\n```\nif modB event call modA immediately in create function, modA-subA may not ready when modA receive the event. modA should listen to moduleAdded emitted by modA-subA before using any functionality from modA-subA\n\n### External editable static property\nModuleA\n```javascript\nvar obj={\n\ta:1,\n\tprint:function(){\n\t\tconsole.log(obj.a)\n\t}\n}\nreturn obj\n```\nif ModuleA.print method was call in ModuleB\n```javascript\nvar modA=require('ModuleA')\nmodA.print() // 1\n```\nwhat if ModuleA.a was changed in ModuleB?\n```javascript\nvar modA=require('ModuleA')\nmodA.a='hello'\nmodA.print() // 1\n```\nprint result is still 1, that's because 'hello' is set on modA placeholder, to make ModuleA.a an editable property, make this changes to ModuleA\n```javascript\nvar modA=require('ModuleA')\nvar obj={\n\ta:1,\n\tprint:function(){\n\t\tconsole.log(modA.a)\n\t}\n}\nreturn obj\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fldarren%2Fpico-client","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fldarren%2Fpico-client","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fldarren%2Fpico-client/lists"}