Font Awesome
| Upstream URL | Security Risk | Abandonment Risk |
|---|---|---|
| https://fontawesome.com | Low | Very Low |
External contacts
The Font Awesome team is contactable via public GitHub issue tracker, email, and a Pro support contract. Security reports are taken via a private email.
Security posture
Font Awesome is primarily a client-side icon font used for iconography in the Mall on Rails system. It does use the Sass language, so it can potentially be used in a chained attack as explained in the Dart Sass section. Additionally, any supply chain attack on Font Awesome could have repercussions as font processing libraries are historically responsible for a number of Web browser security vulnerabilities.
All in all, we rank the overall security risk low, but still present.
Abandonment risk
Font Awesome is a popular font icon library, maintained by a company that has significant sponsorship, and also has an open source component. It is very unlikely that it would be abandoned. If it were to be abandoned upstream, it would still be useable in its present state by Mall on Rails for the foreseeable future, especially since the Web Font standard is unlikely to see churn.
Versioning policy
We utilise Font Awesome 6. Font Awesome 7 was announced the day this document was written. Since Font Awesome is the source of the entirety of our deprecation warnings during Sass compilation, we expect to evaluate its suitability for Mall on Rails within two weeks of its release.