The author got banned from github and gitlab after DMCA takedowns. The code used to be available in those, but I guess he got tired of starting over?
Anyway, extensions are just signed zip files. You can extract them and view the source. BPC sources are not compressed or obfuscated. The extension is evaluated and signed by Mozilla (otherwise it wouldn't install in release-channel Firefox), if you put any stock in that.
In case the author happens to read these - final statement in native CSS nesting is no longer true.
"The only small difference from Sass: for element selectors you need the & prefix. In Sass you could write a { color: red } inside a parent, but native CSS requires & a { color: red }."
It was true for a bit, but fixed within 2-3 releases iirc. You can now freely nav { a { color: red; } }
Installing extensions from file is available on the release build as well, after enabling dev options.
I think the only difference is nightly allows installing unsigned extensions, which I don't personally have a need for (as getting a personal/non-published extension signed is very easy).
uBO never had the ability to do CNAME decloaking in Chrome though, the required API (browser.dns/chrome.dns) wasn't there even in MV2. It was always a Gecko-only feature (and a big one!). IIRC Brave rolled its own CNAME decloaking mechanism in its Shields blocker, without exposing a chrome.dns API.
Mull has been officially discontinued by DivestOS back in December, along with most of their other projects. A fork by the name IronFox emerged but it's too new to know whether it's a real contender.
Anyway, extensions are just signed zip files. You can extract them and view the source. BPC sources are not compressed or obfuscated. The extension is evaluated and signed by Mozilla (otherwise it wouldn't install in release-channel Firefox), if you put any stock in that.