Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
bower-auto-release
Advanced tools
This **node module** will publish your package to a bower registry. Ideally you would **only publish to npm**, but as many older projects still use bower, this is sometime an unfortunate necessity.
This node module will publish your package to a bower registry. Ideally you would only publish to npm, but as many older projects still use bower, this is sometime an unfortunate necessity.
Assuming you already defined an npm module in CI and already use the incredible wnpm-release script to automatically bump your module's version, all you have to do to publish your package to bower is follow these simple steps:
Just run the command bower init
, and answer truthfully to all questions :P
Notice: This is critical so that you work against your private bower registry.
{
"name": "my-package",
"version": "1.0.0",
"scripts": {
"build": ":",
"test": ":",
"release": "wnpm-release; bower-auto-release",
"postpublish": "rm -f npm-shrinkwrap.json"
},
"devDependencies": {
"wnpm-ci": "*",
"bower-auto-release": "*"
}
}
--dist
optionBy default the contents of your post-build dist folder are copied to the bower component's root folder. You can change this using the --dist
option.
For example to copy the contents of the build
output folder you would use: bower-auto-release --dist build
Or, to copy everything simply use --dist .
(note that in this case dist
will be removed from .gitignore
on the bower-component branch).
--git-repo
optionBy default the output of your project is pushed to a branch on its own repository (designated by the GIT_REMOTE_URL
environment variable). You can change this by pointing to a different repository using the --git-repo
option.
For example: bower-auto-release --git-repo git@github.com:wix/my-library-bower-component
This option is typically used on monorepos that have multiple bower components to release. Since bower's design dictates one-to-one relationship between published component and git repository, you should create a separate repository for publishing and pass it using this option.
--branch
optionBy default your project is published to a branch named ${package-name}-bower-component
. You can change this using the --branch
option.
For example: bower-auto-release --branch kuku
In case you use a separate repository for publishing to bower from a monorepo as described above, it would make sense to do something like this:
bower-auto-release --git-repo git@github.com:wix/my-library-bower-component --branch master
Once you're build is complete in CI, your package can be installed with -
bower install package-name
where package-name
is the name you gave your package in bower init
above
FAQs
This **node module** will publish your package to a bower registry. Ideally you would **only publish to npm**, but as many older projects still use bower, this is sometime an unfortunate necessity.
The npm package bower-auto-release receives a total of 36,070 weekly downloads. As such, bower-auto-release popularity was classified as popular.
We found that bower-auto-release demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.