Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
bower
Advanced tools
Readme
..psst! While Bower is maintained, we recommend yarn and webpack or parcel for new front-end projects!
Bower offers a generic, unopinionated solution to the problem of front-end package management, while exposing the package dependency model via an API that can be consumed by a more opinionated build stack. There are no system wide dependencies, no dependencies are shared between different apps, and the dependency tree is flat.
Bower runs over Git, and is package-agnostic. A packaged component can be made up of any type of asset, and use any type of transport (e.g., AMD, CommonJS, etc.).
View complete docs on bower.io
View all packages available through Bower's registry.
$ npm install -g bower
Bower depends on Node.js and npm. Also make sure that git is installed as some bower packages require it to be fetched and installed.
See complete command line reference at bower.io/docs/api/
# install dependencies listed in bower.json
$ bower install
# install a package and add it to bower.json
$ bower install <package> --save
# install specific version of a package and add it to bower.json
$ bower install <package>#<version> --save
We discourage using bower components statically for performance and security reasons (if component has an upload.php
file that is not ignored, that can be easily exploited to do malicious stuff).
The best approach is to process components installed by bower with build tool (like Grunt or gulp), and serve them concatenated or using a module loader (like RequireJS).
To uninstall a locally installed package:
$ bower uninstall <package-name>
On prezto
or oh-my-zsh
, do not forget to alias bower='noglob bower'
or bower install jquery\#1.9.1
Bower is a user command; there is no need to execute it with superuser permissions.
To use Bower on Windows, you must install Git for Windows correctly. Be sure to check the options shown below:
Note that if you use TortoiseGit and if Bower keeps asking for your SSH
password, you should add the following environment variable: GIT_SSH - C:\Program Files\TortoiseGit\bin\TortoisePlink.exe
. Adjust the TortoisePlink
path if needed.
To use Bower on Ubuntu, you might need to link nodejs
executable to node
:
sudo ln -s /usr/bin/nodejs /usr/bin/node
Bower can be configured using JSON in a .bowerrc
file. Read over available options at bower.io/docs/config.
You can ask questions on following channels in order:
We welcome contributions of all kinds from anyone. Please take a moment to review the guidelines for contributing.
Note that on Windows for tests to pass you need to configure Git before cloning:
git config --global core.autocrlf input
Support us with a monthly donation and help us continue our activities. [Become a backer]
Copyright (c) 2012-present Twitter and other contributors
Licensed under the MIT License
FAQs
The browser package manager
The npm package bower receives a total of 290,762 weekly downloads. As such, bower popularity was classified as popular.
We found that bower demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.