Yes, there is an upgrade path for the Gulp-setup.
We will also make sure that you can update your Gulp and that the setup is backwards-compatible.
We still need to write the blogpost on how that would work, please upvote this issue on Gitlab if you would want this.
Compony's future is in your hands in terms of features.
If you would love to integrate [Flash] in to Compony's architecture, head over to the roadmap and find out if [Flash] is already on the the roadmap.
If it is already already on the roadmap, upvote it, as we can't work on everything at once.
If it isn't on the roadmap already, be the first person to propose it by creating an issue, or even better: make the integration and create a pull request to the skeleton-theme!
Yes, nothing in Compony hijacks Drupal in a way that it could have an impact on security.
Yes, but it doesn't stop there.
We are planning on paying the people that help bring this idea to life, contribute components, make pull requests to the skeleton theme, work on the Drupal side of things, etc.
So please, if you already earned some feathers on Drupal.org, you deserve the paying features for free, just make an account, and contact us afterwards.
If you only wish to use the community-built tools and not contribute a bit of time, we do ask for a bit of money, fair no?
When you contribute a component, we automatically create a repository on Gitlab. You will have rights to push to that repository and make changes.
Other people will be able to make pull requests for features that they seem usefull.
Because we are different.
Short answer: no.
The platform takes a sketchbook-approach to components. The idea is that you download components, and you edit in those components while developing. When you edit inside components, ideally you only do some simple things, like tweaking it towards your design.
When you experience a bug with a component, it's either your own doing, or it's a known problem with that component, and you can contribute it back by fixing it!
(Brace yourself, an opinion is coming)
NPM promises something that is impossible by design: upgrade-paths for interlinked frontend-components. Have you ever updated your NPM packages, and deployed it to live on a Friday? I bet you haven't, because updating your node_modules is a nightmare.
It's not a nightmare because of how NPM built it, the people there are quite amazing in what they have built. It's a nightmare because the concept of updating is fundamentally broken.
If we take certain decisions: like not relying on externally hosted code. Then there is no need for an update path. Every line of CSS of any component can impact every aspect of the DOM of your frontend. finding an upgrade path in there, is impossible, and you should let go of that idea. ;)
Compony is funded through the sponsorships and memberships.