A package manager for the web
Bower offers a generic, unopinionated solution to the problem of front-end package management, while exposing the package dependency model via an API that can be consumed by a more opinionated build stack. There are no system wide dependencies, no dependencies are shared between different apps, and the dependency tree is flat.
Bower runs over Git, and is package-agnostic. A packaged component can be made up of any type of asset, and use any type of transport (e.g., AMD, CommonJS, etc.).
View complete docs on bower.io
View all packages available through Bower's registry.
$ npm install -g bower
Bower depends on Node.js and npm. Also make sure that git is installed as some bower packages require it to be fetched and installed.
See complete command line reference at bower.io/docs/api/
# install dependencies listed in bower.json
$ bower install
# install a package and add it to bower.json
$ bower install <package> --save
# install specific version of a package and add it to bower.json
$ bower install <package>#<version> --save
We discourage using bower components statically for performance and security reasons (if component has an upload.php file that is not ignored, that can be easily exploited to do malicious stuff).
The best approach is to process components installed by bower with build tool (like Grunt or gulp), and serve them concatenated or using module loader (like RequireJS).
To uninstall a locally installed package:
$ bower uninstall <package-name>
On prezto or oh-my-zsh, do not forget to alias bower='noglob bower' or bower install jquery\#1.9.1
Bower is a user command, there is no need to execute it with superuser permissions.
However, if you still want to run commands with sudo, use --allow-root option.
To use Bower on Windows, you must install msysgit correctly. Be sure to check the option shown below:
Note that if you use TortoiseGit and if Bower keeps asking for your SSH
password, you should add the following environment variable: GIT_SSH - C:\Program Files\TortoiseGit\bin\TortoisePlink.exe. Adjust the TortoisePlink
path if needed.
Bower can be configured using JSON in a .bowerrc file. Read over available options at bower.io/docs/config.
NOTE: Completion is still not implemented for the 1.0.0 release
Bower now has an experimental completion command that is based on, and works
similarly to the npm completion. It is
not available for Windows users.
This command will output a Bash / ZSH script to put into your ~/.bashrc,
~/.bash_profile, or ~/.zshrc file.
$ bower completion >> ~/.bash_profile
We welcome contributions of all kinds from anyone. Please take a moment to review the guidelines for contributing.
Note that on Windows for tests to pass you need to configure Git before cloning:
git config --global core.autocrlf input
Bower is made by lots of people across the globe, contributions large and small. Our thanks to everyone who has played a part.
Copyright (c) 2015 Twitter and other contributors
Licensed under the MIT License
FAQs
The browser package manager
We found that bower-art demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.