Bootstrap: Provide `bootstrap‑reboot` as a separate package (e.g. `@bootstrap/reboot`)

Hi @ExE-Boss,

AFAIK we don't have any open security issues 😉

For your other points: /CC @twbs/css-review @twbs/js-review

I agree at some point we should do this, but last time we had a PR about this kind of change (using lerna) it changed quite a few things and we didn't feel like it was the right solution.

@Johann-S I meant, when security vulnerability is discovered, GitHub and npm send security vulnerability alerts about it.

A CSS‑only package can’t really have classical security vulnerabilities due to what CSS is (a declarative stylesheet language, which only controls how the web page is displayed on the screen).

I’ve long wanted Reboot to be it’s own thing, but never got around to exploring how best to do it. Given where it’s at for v5, I could see us doing something to help share it better, even if the releases are done manually for it.

Alternatively, we could also separate it out, develop it on it’s own a la Normalize (which it’s forked from), and then include it via npm. We’d then move the docs, create a new subdomain, add a new top level nav link, etc.

... and then include it via npm

We currently don't depend on npm yet, that's why RFS is copied in a vendor folder for example. Depending on npm will break composer, NuGet and repo installs.

But yeah, I like the idea of splitting it up, we just got to find out how.

You could probably also just keep everything as is, and just create a second package by copying bootstrap‑reboot.css from dist into a new package as index.css.

The only way when we last discussed this was lerna.

Just one thing to keep in mind, we should keep things simple, whatever we decide.

I think it would be nice to have separate packages for each of bootstrap’s dist files, including utilities, reboot, and grid, assuming they don’t already exist.