Security News
The Hidden Blast Radius of the Axios Compromise
The Axios compromise shows how time-dependent dependency resolution makes exposure harder to detect and contain.
By Ahmad Nassri - Apr 01, 2026
New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details → →
Rubric.js
Rubric Underpins Better Reusability In Components
An es6 component, entity, system, framework with a minimal core. Rubric was designed with a verbose syntax and naming scheme that focuses on ease of use and clarity. This standpoint was largely inspired by Douglas Crockford's comment to the effect that code is meant to be "read by humans and incidentally run by machines".
It relies on powertrain for its' engine and uses babel and mocha in dev.
Example
There is a barebones 🍖 code example here. The is a running demo of it here, which is pretty boring visually.
Docs
There is a small jsdoc site here.
Better documentation will be coming to the readme very soon. 4/4/17
// Examples to follow shortly
Config File
module.exports = {
// A useful way to pass things in to input adapters and other utilities
// In the example implementation mentioned above these keys will have preventDefault() called when they are pressed
preventKeys: ['up', 'down', 'space', 'left', 'right'],
// These options will all be passed to Rubric's core engine, Powertrain
engine: {
playspeed: 1,
fps: 60,
},
// More on this coming soon 4/4/17
};
Testing Rubric
Testing is done with mocha and chai.
$ npm run test
All tests are written against babel compiled output in the /dist directory.
Code coverage with nyc.
$ npm run coverage
Quick lcov.info generation for line highlighting in your editor via cowboy-hat.
$ npm run cowboy-hat
This will watch for file changes and generate lcovs against /src for relatively fast coverage line highlighting updates.
Feedback ✉️
It is greatly appreciated! 🎉 Please hit me up, I'd love to hear what you have to say!
https://github.com/limeandcoconut
Cheers!
TODO:
- Proxy powertrain pause and stop methods through Rubric
- Normalize type capitalization in docblocks
- Normalize punctuation in errors
- Cover the Single responsibility principle in readme
Canceled:
Plugins in general
- Consider changing plugin identifiers to uid rather than constructor name
- Allow plugins to register for multiple hooks
- Switch to dt in engine. This takes advantage of extra renders
Usage Stats
License
MIT, see LICENSE.md for details.
FAQs
An es6 component, entity, system, framework with a minimal core.
The npm package rubricjs receives a total of 11 weekly downloads. As such, rubricjs popularity was classified as not popular.
We found that rubricjs demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 05 Apr 2017
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Supply Chain Attack on Axios Pulls Malicious Dependency from npm
A supply chain attack on Axios introduced a malicious dependency, plain-crypto-js@4.2.1, published minutes earlier and absent from the project’s GitHub releases.
By Socket Research Team - Mar 31, 2026
Research
TeamPCP Compromises Telnyx Python SDK to Deliver Credential-Stealing Malware
Malicious versions of the Telnyx Python SDK on PyPI delivered credential-stealing malware via a multi-stage supply chain attack.
By Socket Research Team - Mar 27, 2026