{"id":26138234,"url":"https://github.com/onecommons/polyform","last_synced_at":"2026-06-08T07:34:03.313Z","repository":{"id":23348159,"uuid":"98764544","full_name":"onecommons/polyform","owner":"onecommons","description":"A simple micro-framework for assembling web apps out of highly re-usable components without the boilerplate.","archived":false,"fork":false,"pushed_at":"2022-12-07T01:43:26.000Z","size":249,"stargazers_count":0,"open_issues_count":9,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-12-19T15:56:11.574Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/onecommons.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-07-29T23:46:13.000Z","updated_at":"2021-01-01T09:45:48.000Z","dependencies_parsed_at":"2022-08-07T11:00:25.069Z","dependency_job_id":null,"html_url":"https://github.com/onecommons/polyform","commit_stats":null,"previous_names":[],"tags_count":11,"template":false,"template_full_name":null,"purl":"pkg:github/onecommons/polyform","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/onecommons%2Fpolyform","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/onecommons%2Fpolyform/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/onecommons%2Fpolyform/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/onecommons%2Fpolyform/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/onecommons","download_url":"https://codeload.github.com/onecommons/polyform/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/onecommons%2Fpolyform/sbom","scorecard":{"id":706934,"data":{"date":"2025-08-11","repo":{"name":"github.com/onecommons/polyform","commit":"9259fc9cff9834c3b2b496229a5f8dc8e5cb4f8b"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":1.7,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/12 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 18 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"41 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x","Warn: Project is vulnerable to: GHSA-9vvw-cc9w-f27h","Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c","Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc","Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx","Warn: Project is vulnerable to: GHSA-9qj9-36jm-prpv","Warn: Project is vulnerable to: GHSA-wrvr-8mpx-r7pp","Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j","Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w","Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp","Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg","Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m","Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h","Warn: Project is vulnerable to: GHSA-8hfj-j24r-96c4","Warn: Project is vulnerable to: GHSA-wc69-rhjr-hc9g","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h","Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw","Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9","Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm","Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9","Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-ff7x-qrg7-qggm","Warn: Project is vulnerable to: GHSA-765h-qjxv-5f44","Warn: Project is vulnerable to: GHSA-f2jv-r9rf-7988","Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj","Warn: Project is vulnerable to: GHSA-fvqr-27wr-82fm","Warn: Project is vulnerable to: GHSA-4xc9-xhrj-v574","Warn: Project is vulnerable to: GHSA-x5rq-j2xg-h7qm","Warn: Project is vulnerable to: GHSA-jf85-cpcp-j695","Warn: Project is vulnerable to: GHSA-4xcv-9jjx-gfj3","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6","Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v","Warn: Project is vulnerable to: GHSA-38fc-wpqx-33j7","Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh","Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-22T06:53:59.791Z","repository_id":23348159,"created_at":"2025-08-22T06:53:59.791Z","updated_at":"2025-08-22T06:53:59.791Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34053435,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-08T02:00:07.615Z","response_time":111,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-03-11T01:56:20.473Z","updated_at":"2026-06-08T07:34:03.275Z","avatar_url":"https://github.com/onecommons.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Polyform\n\nStart taming the complexity of large-scale web applications with this simple mechanism for creating highly adapable and reusable components.\n\n`Polycubes` (cubes for short) are npm packages that can define both client and server-side logic. They export well-defined interfaces and configuration parameters designed to work seemly in a wide varienty different databases, middleware and front-end frameworks.\n\n# Why Polyform?\n\nSimple: Use it just like plain-old packages and modules, no boilerplate.\n\nReusable: Easy to mix and match database back-ends client-side templates, database\n\nReliable: Static and runtime type checking. Consistent unit tests across pcubes.\n\nProduction-ready: build and configuration designed for orchestration and micro-services.\n\n## Architecture\n\nPolyform's architecture consists of the following elements:\n\n**HostEnvironments** represent enviroments that components either are executed in, such as a browser environment or a Node.js app, or are \"installed\" in, that is modified by the component -- such as a database environment where components can update its schema.\n\n**Polycubes** are `npm` packages that knows how to adapt to the application's `HostEnvironments`. Polycubes can import interfaces and objects from the host environments as well as provide exports specialized for each environment.\n\n**Adapters** implement interfaces and \"install\" a polycube's exports. A `HostEnvironment` is essentially a collection of adapters For example an Express adapter would know how to add a component's request handler as an Express route or a Webpack adapter that knows how to add a component to a webpack bundle.\n\n## Polycubes\n\nThe key features of Polycubes are:\n\n* With Polyform you can import interfaces instead of specific modules. Compared to node.js packages this enables looser coupling between implementations but the use of interfaces enable stronger compatibility guarantees than just relying on semantic versioning strings as node.js packages do.\n\n* Cubes have exports just like Javascript modules but they must be explicitly typed with an interface and the environment has to explicitly know how to handle (\"install\") every exported types. When a cube is loaded each export is \"installed\" in the host environment.\n\n* Cubes can import types and objects from the environment\n\n### implementation\n\nA cube packages are defined convention with thise modules:\n\n* \"index.js\": stub used to load the implementation in some runtimes\n* \"interfaces\": declares types and interfaces, may not available at runtime, generates \"types\"\n* \"default\" (optional) Contains a default implementation for the interfaces\n\n## Adapters and interfaces\n* Polycubes expose load-time interfaces that other polycubes and application code can use.\n* These interfaces wrap objects and register them with the adapters associated with the interface.\n* At the end of load-time, adapters \"install\" the registered objects.\n\n## Registration/Installation/Adaptation\n\n* Polycubes and application code can register objects with the runtime\n* Adapters and cubes export adapters in \"interfaces\"\n* Optional static type-checking using \"import type\".\n* Optional runtime type-checking; import adapters from \"types\" to avoid runtime type-checking; runtime type-checking only guaranteed to happen during build-time.\n\n# Roadmap\n\n* [X] Publish empty stub package to unblock development with Lerna etc.\n* [ ] Dependency injection runtime\n* [ ] Config infrastructure\n* [ ] Build infrastructure\n* [ ] Basic adapters\n* [ ] Routing interface\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fonecommons%2Fpolyform","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fonecommons%2Fpolyform","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fonecommons%2Fpolyform/lists"}