I think that publishing them as an NPM project would be more appropriate for Rails apps with webpacker. https://www.driftingruby.com/episodes/creating-and-publishing-a-stimulus-controller-library. You could also do it with a gem similar to how Hotwire does it with its helpers and module types.
☒ It should work with cloud storage because we're never working with the file directly on the local storage path, but always going through Active Storage.
It's kind of a double-edge sword where we gain security and a "better user experience". The better user experience being a reduced amount of bots and spam within the site. I do explicitly mention that using a honey pot would be my first preferred method. That in combination with confirmation emails, you can get fairly far with security. However, there are bots smart enough to not fill out hidden elements as well as verify confirmation emails. There are alternatives if you don't want to give Google your data, there is hcaptcha as an alternative.