Onboarding: angular-ui/bootstrap

Generated by RepoPilot · 2026-05-06 · Source

Agent protocol

If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/angular-ui/bootstrap shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

Verdict

GO — Healthy across all four use cases

• 37+ active contributors
• MIT licensed
• CI configured
• Tests present
• ⚠ Stale — last commit 7y ago
• ⚠ Concentrated ownership — top contributor handles 54% of recent commits

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

Verify before trusting

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live angular-ui/bootstrap repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/angular-ui/bootstrap.

What it runs against: a local clone of angular-ui/bootstrap — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in angular-ui/bootstrap | Confirms the artifact applies here, not a fork | | 2 | License is still MIT | Catches relicense before you depend on it | | 3 | Default branch master exists | Catches branch renames | | 4 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 5 | Last commit ≤ 2672 days ago | Catches sudden abandonment since generation |

<details> <summary><b>Run all checks</b> — paste this script from inside your clone of <code>angular-ui/bootstrap</code></summary>

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of angular-ui/bootstrap. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/angular-ui/bootstrap.git
#   cd bootstrap
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of angular-ui/bootstrap and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "angular-ui/bootstrap(\\.git)?\\b" \\
  && ok "origin remote is angular-ui/bootstrap" \\
  || miss "origin remote is not angular-ui/bootstrap (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(MIT)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"MIT\"" package.json 2>/dev/null) \\
  && ok "license is MIT" \\
  || miss "license drift — was MIT at generation time"

# 3. Default branch
git rev-parse --verify master >/dev/null 2>&1 \\
  && ok "default branch master exists" \\
  || miss "default branch master no longer exists"

# 4. Critical files exist
test -f "index.js" \\
  && ok "index.js" \\
  || miss "missing critical file: index.js"
test -f "package.json" \\
  && ok "package.json" \\
  || miss "missing critical file: package.json"
test -f "Gruntfile.js" \\
  && ok "Gruntfile.js" \\
  || miss "missing critical file: Gruntfile.js"
test -f "karma.conf.js" \\
  && ok "karma.conf.js" \\
  || miss "missing critical file: karma.conf.js"
test -f ".eslintrc" \\
  && ok ".eslintrc" \\
  || miss "missing critical file: .eslintrc"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 2672 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~2642d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/angular-ui/bootstrap"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

</details>

TL;DR

A library of native AngularJS directives that wrap Bootstrap 3 components (accordion, alert, carousel, modal, tooltip, etc.) without requiring jQuery or Bootstrap's JavaScript. It produces a 20kB gzipped bundle and lets developers build Bootstrap UIs using pure Angular templating and controllers. Monolithic single-build structure: src/ contains ~15 component directories (accordion/, alert/, carousel/, modal/, tooltip/, etc.), each with [component].js (directive logic), test/[component].spec.js (Jasmine tests), and docs/ (demo HTML + readme). Built artifacts go to dist/. misc/demo/ serves the live demo site. Entry point is index.js which re-exports all component modules.

Who it's for

AngularJS 1.4+ developers building web applications who want Bootstrap's styling and component behavior without jQuery dependencies or manual DOM manipulation. Teams that standardized on AngularJS (1.x) and Bootstrap 3 in the 2013–2018 era.

Maturity & risk

Feature-complete but unmaintained. The project is deprecated (see README status section)—maintainers moved to ng-bootstrap (Angular 2+) and have stepped back. Last version is 2.5.4. It has a full test suite (karma.conf.js, jasmine), Travis CI configured (.travis.yml), and was actively used for years, making it stable for existing AngularJS codebases but not suitable for new projects.

High risk for new development. No active maintenance means no security patches, no bug fixes, and no AngularJS 1.7+ compatibility updates. Zero runtime dependencies is a plus, but the library is locked into AngularJS 1.4–1.6 (devDependencies show Angular 1.6.1). Migration path is unclear if you outgrow AngularJS, and ng-bootstrap is the official successor for Angular 2+.

Active areas of work

Nothing—the project is in maintenance-only mode. The README explicitly states it is no longer being maintained, and the focus shifted to ng-bootstrap for Angular 2+. No active PRs or issues are being addressed.

Get running

git clone https://github.com/angular-ui/bootstrap.git
cd bootstrap
npm install
npm test          # Run Jasmine tests via Karma
npm run demo      # Start local demo server on port 8080

Daily commands:

# Development with watch: file changes trigger rebuild
grunt watch

# Run full test suite
grunt test

# Build distribution
grunt

# Start demo server (after build)
npm run demo
# Then visit http://localhost:8080

Map of the codebase

• index.js — Main entry point that exports the entire ui-bootstrap module and all component modules; required for understanding module composition.
• package.json — Defines project metadata, dependencies, and build scripts; essential for setting up development environment and understanding project status (feature-complete, unmaintained).
• Gruntfile.js — Defines the build, test, and distribution pipeline; required for understanding how components are compiled and released.
• karma.conf.js — Test runner configuration; critical for understanding how to run and debug tests for any component modifications.
• .eslintrc — Code quality standards enforced across the codebase; must read to understand linting rules before contributing.
• README.md — Project overview and status declaration (feature-complete, no longer maintained); essential context for all contributors.
• CONTRIBUTING.md — Contribution guidelines and workflow; required reading before submitting any pull requests or modifications.

How to make changes

Add a New UI Component

1. Create component directory with standard structure (src/[componentName]/)
2. Implement the main directive file (src/[componentName]/[componentName].js)
3. Create component index file that exports the module (src/[componentName]/index.js)
4. Add Jasmine test suite (src/[componentName]/test/[componentName].spec.js)
5. Create documentation README and demo files (src/[componentName]/docs/readme.md)
6. Create demo HTML and JavaScript (src/[componentName]/docs/demo.html)
7. Export component in main index.js (index.js)

Fix or Test a Component

1. Locate the component source file (src/[componentName]/[componentName].js)
2. Review existing test cases (src/[componentName]/test/[componentName].spec.js)
3. Add test cases for the bug or feature (src/[componentName]/test/[componentName].spec.js)
4. Implement the fix or feature in the component (src/[componentName]/[componentName].js)
5. Run tests via npm test or grunt (Gruntfile.js)
6. Update component documentation if API changed (src/[componentName]/docs/readme.md)

Build and Distribute

1. Review build configuration and available tasks (Gruntfile.js)
2. Run full build pipeline (tests, linting, minification) (Gruntfile.js)
3. Verify built distribution files in dist/ directory (package.json)
4. Update version number and changelog (package.json)
5. Review changelog template for release notes (misc/changelog.tpl.md)

Why these technologies

• AngularJS 1.6.x — The entire library is built as a collection of AngularJS directives; core dependency for all components
• Bootstrap CSS Framework — Provides the CSS styling and HTML structure conventions; ui-bootstrap wraps Bootstrap components without requiring Bootstrap JS
• Grunt — Task runner for build pipeline: testing, linting, minification, distribution packaging
• Karma + Jasmine — Test runner and BDD testing framework for comprehensive unit test coverage of all directives
• ESLint / JSHint — Static analysis to enforce consistent code quality and style across the modular component structure

Trade-offs already made

• No jQuery dependency; pure AngularJS bindings

  • Why: Reduce bundle size (20kB gzipped) and eliminate external JS dependencies; users only need AngularJS
  • Consequence: Developers must use AngularJS APIs (jqlite) instead of jQuery; some advanced DOM manipulation requires more verbose code

• Feature-complete, no longer actively maintained

  • Why: Team transitioned to modern Angular; library is stable and covers Bootstrap 3 use cases
  • Consequence: No new features or bug fixes; users on AngularJS 1.x are responsible for maintenance forks

• Modular component structure with per-component index.js files

  • Why: Allow tree-shaking and selective bundling; users can import only needed components
  • Consequence: Slight build complexity; developers must update both component and main index.js when adding new components

• Comprehensive demo site and documentation per component

  • Why: Lower learning curve for new users; clear examples of directive usage and API
  • Consequence: Documentation must be kept in sync with component code; dual maintenance burden

Non-goals (don't propose these)

• Does not provide Bootstrap JavaScript plugins (dropdowns, modals, tooltips, popovers); only CSS-based styling and AngularJS directive logic
• Does not support Bootstrap 4 or Bootstrap 5; limited to Bootstrap 3.x CSS classes and structure
• Does not include authentication, state management, or data persistence layers
• Does not provide responsive grid system; relies on Bootstrap CSS grid
• Does not handle accessibility concerns beyond ARIA attributes in directives; accessibility is secondary to Bootstrap 3 defaults

Traps & gotchas

AngularJS 1.4+ only: Project requires Angular 1.4.8+; Angular 1.3 (last supported in 0.14.3) and Angular 2+ (use ng-bootstrap instead) are out of scope. ngAnimate and ngTouch required: Accordion, carousel, etc. depend on ngAnimate; swipe actions require ngTouch—these must be included as separate script tags or module dependencies. No jQuery, but Bootstrap CSS required: Directives assume Bootstrap 3 CSS is loaded; they do not include or bundle Bootstrap CSS. Deprecated: No bug fixes or security patches forthcoming; use only for maintaining legacy AngularJS apps. Template precompilation: Templates are baked into the JS bundle via grunt-html2js; modifying a template requires a rebuild.

Architecture

Concepts to learn

• AngularJS Directive Definition Object (DDO) — Every component (accordion, modal, tooltip) is built as a directive with restrict, scope, transclude, link, and controller properties; understanding DDO structure is essential to modifying or adding directives.
• Transclusion — Many components (accordion, carousel, modal) use ng-transclude to inject child content into templates; this is how slot-like behavior is achieved without Shadow DOM.
• Bootstrap Component Wrapping Pattern — The library wraps Bootstrap 3's HTML/CSS structure (e.g., .modal, .accordion-group, .alert) and adds AngularJS logic (controllers, watchers, event binding) without modifying Bootstrap itself.
• Isolate Scope (& vs @ vs =) — Components use isolate scopes with 2-way binding (=), one-way binding (@), and method binding (&) to control parent interaction; critical for component composition in accordion, modal, and tabs.
• ngAnimate Hook Architecture — Accordion, carousel, and collapse use ngAnimate's enter/leave/addClass/removeClass hooks to coordinate CSS transitions; understanding these callbacks is necessary to debug animation timing issues.
• Template Precompilation (grunt-html2js) — Inline templates are converted to JavaScript via grunt-html2js and bundled, eliminating HTTP requests; this pattern is why no separate template files ship in dist/.
• Conventional Commits & Semantic Versioning — The project enforces conventional commit format (feat:, fix:, docs:) and uses grunt-conventional-changelog to auto-generate CHANGELOG.md; breaking changes bump major version, features bump minor.

Related repos

• ui-bootstrap/core — Official successor—ng-bootstrap provides the same components for Angular 2+ with modern patterns (no jQuery, TypeScript-first). This is the recommended path for new projects.
• angular/angular.js — Upstream framework (AngularJS 1.6); this project depends on its API (directives, services, $scope). Core reference for AngularJS directive architecture.
• twbs/bootstrap — Upstream CSS framework; angular-ui-bootstrap wraps Bootstrap 3 components and assumes its CSS is loaded. Directives are designed to match Bootstrap 3 markup and class structure.
• angular/angular-animate — Sibling dependency (angular-sanitize, angular-mocks in devDeps); ngAnimate is required for accordion, carousel, modal transitions. Consumed as a module dependency.
• gruntjs/grunt — Build orchestrator; Gruntfile.js is the single source of truth for testing, linting, bundling, and demo generation for this project.

PR ideas

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add unit tests for carousel component

The carousel module (src/carousel/) lacks a test file compared to other components like accordion, alert, and buttons which all have .spec.js files. Given that carousel is a complex interactive component with state management, animation, and event handling, comprehensive unit tests are critical to prevent regressions. This is especially important for a feature-complete library where stability is paramount.

• [ ] Create src/carousel/test/carousel.spec.js following the pattern in src/accordion/test/accordion.spec.js and src/buttons/test/buttons.spec.js
• [ ] Add test cases for carousel initialization, slide navigation, auto-play functionality, and keyboard controls
• [ ] Verify tests run with 'npm test' and achieve >80% code coverage for carousel.js
• [ ] Update karma.conf.js if needed to include the new test file in the test suite

Add GitHub Actions CI workflow to replace Travis CI

The project currently uses .travis.yml for CI (visible in file structure), but GitHub Actions is now the standard for GitHub-hosted projects. This provides better integration, faster execution, and is more maintainable long-term. The current Travis configuration needs to be migrated to a GitHub Actions workflow to ensure the project can continue receiving automated test feedback.

• [ ] Create .github/workflows/test.yml that runs 'npm test' on push and pull requests for Node.js versions matching the project's requirements (check package.json for angular 1.6.1 compatibility)
• [ ] Add browser testing steps using Chrome headless (karma-chrome-launcher is already configured in karma.conf.js)
• [ ] Include linting and code coverage reporting steps that match existing Grunt tasks
• [ ] Remove or deprecate .travis.yml once the workflow is verified working

Create missing test file for datepicker component

Reviewing the file structure, while accordion, alert, buttons, and carousel have documented test directories, the datepicker component appears to exist but lacks a corresponding test specification file visible in the provided structure. Given that datepicker involves date parsing, validation, and UI interactions, a comprehensive test suite is essential for stability in this feature-complete library.

• [ ] Verify datepicker source files exist in src/datepicker/ (may not be shown in partial file structure)
• [ ] Create src/datepicker/test/datepicker.spec.js with test cases for date selection, format validation, min/max date constraints, and disabled dates
• [ ] Follow the test patterns established in src/accordion/test/accordion.spec.js and src/buttons/test/buttons.spec.js
• [ ] Ensure the test file is registered in karma.conf.js and verify 'npm test' includes datepicker tests

Good first issues

• Add TypeScript definition file (index.d.ts) for type-safe consumption in projects using TypeScript + AngularJS (via DefinitelyTyped format). Currently no .d.ts exists despite npm distribution.: Low-risk enhancement; TypeScript users on AngularJS 1.6 legacy codebases would benefit from autocomplete and type checking.
• Expand test coverage for src/popover/popover.spec.js and src/tooltip/tooltip.spec.js—edge cases for manual trigger timing and cleanup are sparse. Add tests for memory leaks on repeated show/hide.: These components interact with the DOM repeatedly; spec file reveals minimal coverage for edge cases like rapid open/close cycles.
• Add accessibility (a11y) tests: verify ARIA attributes (role, aria-expanded, aria-hidden) are correctly set/unset in modal, tooltip, accordion, and dropdown directives using axe-core or pa11y.: Bootstrap 3 + AngularJS 1.6 still used in enterprise; WCAG 2.1 compliance is increasingly required, but no a11y test suite exists in karma.conf.js.

Top contributors

• @wesleycho — 54 commits
• @icfantv — 7 commits
• @navarroaxel — 4 commits
• @bifodus — 2 commits
• [@Daniel Smith](https://github.com/Daniel Smith) — 1 commits

Recent commits

• baf0a56 — chore(build): fix CI build (icfantv)
• 6dd0de8 — chore(release): release 2.5.4 (icfantv)
• 17996a6 — chore(release): release 2.5.3 (icfantv)
• a8417eb — chore(release): release 2.5.2 (#6653) (icfantv)
• b4c7112 — Fix bad horizontal rule (icfantv)
• 5d2c440 — chore(docs): update readme and templates (#6646) (icfantv)
• a2dee1b — docs: add steps to reproduce section to template (#6443) (icfantv)
• 409eec4 — chore(release): starting 2.5.1 (wesleycho)
• b90485b — chore(release): 2.5.0 (wesleycho)
• 0d79005 — fix(angular): add compatibility with Angular 1.6 (Daniel Smith)

Security observations

• High · Outdated AngularJS Dependencies — package.json - devDependencies (angular: 1.6.1, angular-mocks: 1.6.1, angular-sanitize: 1.6.1). The project uses AngularJS 1.6.1 (released 2017), which is no longer maintained and contains known security vulnerabilities. AngularJS reached end-of-life in December 2021. Multiple CVEs have been disclosed for versions in the 1.x branch, including XSS vulnerabilities in ng-bind-html and expression interpolation. Fix: Migrate to Angular (v2+) or at minimum update to the latest AngularJS 1.8.x version if migration is not immediately possible. However, the project README indicates it is no longer maintained, so upgrading the entire codebase to modern Angular is strongly recommended.
• High · Unmaintained Project with EOL Dependencies — README.md, package.json. Per the README, this project is feature-complete and no longer maintained. It relies on outdated versions of Angular (1.6.1 from 2017), Karma (0.13.22 from 2015), and other dependencies that will not receive security patches. This creates ongoing vulnerability exposure. Fix: Users should migrate to ng-bootstrap (the Angular version maintained by the same team) or find an actively maintained alternative. If continued use is necessary, implement strict Content Security Policy (CSP) headers and conduct regular security audits.
• High · Known Vulnerabilities in Karma Test Framework — package.json - devDependencies (karma: 0.13.22). Karma 0.13.22 (2015) is severely outdated and contains multiple known vulnerabilities in its dependencies, including older versions of dependencies that may be exploited during development and testing. Fix: Update to the latest Karma version (v6.x or later). While this is a devDependency, it can still pose risks in CI/CD pipelines and development environments.
• Medium · Outdated Build and Bundling Tools — package.json - devDependencies (grunt tools and plugins). Grunt-based build pipeline with outdated plugins (grunt: 0.4.5 from 2014, grunt-contrib-uglify: 1.0.1, grunt-contrib-concat: 1.0.0) creates potential supply chain risks. These tools may have known vulnerabilities and lack security features present in modern bundlers. Fix: Consider migrating to modern build tools (webpack, Rollup, or Vite) with security-focused configurations. At minimum, audit all grunt dependencies for known CVEs.
• Medium · XSS Risk Through ng-sanitize Dependency — package.json (angular-sanitize: 1.6.1), src/ components. While angular-sanitize is included as a devDependency, AngularJS's sanitization has known limitations. The library includes directives that could be vulnerable to DOM-based XSS if user input is improperly handled, especially given the age of the codebase. Fix: Implement strict Content Security Policy (CSP) headers in applications using this library. Review all user input handling in the source code (especially in src/alert, src/modal, src/popover, src/tooltip components) for proper sanitization.
• Medium · No Dependency Lock File or Version Pinning — package.json. While package.json shows specific versions, devDependencies use caret (^) and tilde (~) ranges which allow version updates. Without a lock file (package-lock.json or yarn.lock) being enforced, builds may pull vulnerable transitive dependencies. Fix: Use package-lock.json (npm v5+) and commit it to version control. Run 'npm audit' regularly and address all vulnerabilities. Consider using 'npm ci' in CI/CD pipelines instead of 'npm install'.
• Low · No Security Headers Configuration Visible — package.json - scripts.demo, .travis.yml. The demo script in package.json runs a static file server without explicit security headers beyond cache-control. There's no visible configuration for X-Frame-Options, X-Content-Type-Options, X-XSS-Protection, or Strict-Transport-Security. Fix: Configure the static server or reverse proxy to include security headers. Example

LLM-derived; treat as a starting point, not a security audit.

Where to read next

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

---

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.