Is bootstrap-sass safe to use?

bootstrap-sass has 4 known vulnerabilities on the latest version (3.4.1). DepScope rates its health at 54/100 (high risk).

What is the latest version of bootstrap-sass?

The latest version of bootstrap-sass is 3.4.1, released 2019-02-13.

Does bootstrap-sass have known vulnerabilities?

Yes. bootstrap-sass has 4 known vulnerabilities. See depscope.dev/pkg/rubygems/bootstrap-sass for details.

Is bootstrap-sass deprecated?

No, bootstrap-sass is actively maintained. Latest release: 3.4.1 (2019-02-13).

What are alternatives to bootstrap-sass?

Popular alternatives to bootstrap-sass in RubyGems include: jmespath, netrc, thread_safe, crass, tzinfo.

What license does bootstrap-sass use?

bootstrap-sass is licensed under MIT.

bootstrap-sass

rubygemsv3.4.1

bootstrap-sass is a Sass-powered version of Bootstrap 3, ready to drop right into your Sass powered applications.

License MITpermissive20 versions2 deps31,060,295 weekly dl

twbs/bootstrap-sass

/ 100

Health

safe to use

[email protected] is safe to use (health: 54/100)

Update to >= 4.3.1 to fix known vulnerabilities

Health breakdown0 – 100

0/25

maintenance

20/20

popularity

17/25

security

9/15

maturity

8/15

community

Vulnerabilities

4 medium

Advisories (4)

Severity	ID	Summary	Fixed in
medium	CVE-2018-14040	Bootstrap vulnerable to Cross-Site Scripting (XSS)	4.1.2
medium	CVE-2016-10735	Bootstrap Cross-site Scripting vulnerability	4.0.0-beta.2
medium	CVE-2018-14042	Bootstrap Cross-site Scripting vulnerability	4.1.2
medium	CVE-2019-8331	Bootstrap Vulnerable to Cross-Site Scripting	4.3.1

Quality signals

OSS Criticality

0.49medium

Download trend

stable(0%)

Health History

Dependency Tree

License Audit

Dependencies (2)

autoprefixer-rails sassc

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/rubygems/bootstrap-sass