Bulma
| Upstream URL | Security Risk | Abandonment Risk |
|---|---|---|
| https://bulma.io | Very Low | Very Low |
External contacts
The Bulma repository on GitHub includes a public issue tracker. Merge requests can be performed for any improvements we identify locally.
Security posture
As a CSS framework, there is virtually no way to use Bulma to exploit the Mall on Rails system. If upstream was somehow compromised, the only way to exploit development systems would be through Dart SASS.
Abandonment risk
Bulma has a great community, and project lead Jeremy Thomas is a dedicated steward of the web design community.
When we are able, financially supporting Bulma would be highly recommended.
If somehow Bulma became unmaintained upstream, it would still be usable for the Mall on Rails project, just without further updates or improvements. We would need to determine what would be needed for future browser compatibility, and work with the wider community to determine interest in maintaining a fork of it.
Versioning policy
Mall on Rails will continue using updates to the Bulma 1.x branch. Assuming a release of a 2.0, evaluation shall take place within one month of release, including determination of whether the 1.x branch will receive further updates, the amount of churn required in the MoR codebase, and any new features that would be directly useful for MoR.