Product
Announcing Bun and vlt Support in Socket
Bringing supply chain security to the next generation of JavaScript package managers
By Ricky Reusser, Eli Insua -  Nov 19, 2025
🚀 DAY 3 OF LAUNCH WEEK:Announcing Bun and vlt Support in Socket.Learn more →
bower-sinopia-resolver
Advanced tools
bower-sinopia-resolver
A custom Bower resolver supporting installation of scoped npm packages from a sinopia server
npm packages for installation via bower are expected to contain a bower.json file.
Installation
npm install -g bower-sinopia-resolver
Client Configuration
Global .bowerrc
Create or edit a .bowerrc file in your home director (~/.bowerrc).
Add bower-sinopia-resolver to a resolvers section
"resolvers": [
"bower-sinopia-resolver"
]
Add a bower-sinopia-resolver configuration
"bower-sinopia-resolver": {
"scopes": {
// scope would be @myco
"myco": {
// uri of your sinopia server
// must not contain a trailing slash
"server": "https://sinopia.myco.com",
// optional - allows strict ssl support for self-signed or private certificates
"cafile": "/path/to/certificate.pem"
}
}
}
Full example .bowerrc
This is a minimal example only. For a full reference see http://bower.io/docs/config/
{
"resolvers": [
"bower-sinopia-resolver"
],
"bower-sinopia-resolver": {
"scopes": {
// scope would be @myco
"myco": {
// uri of your sinopia server
// must not contain a trailing slash
"server": "https://sinopia.myco.com",
// optional - allows strict ssl support for self-signed or private certificates
"cafile": "/path/to/certificate.pem"
}
}
}
}
Usage
Once configured, your bower.json files may reference packages using npm scope syntax:
"dependencies": {
"@myco/package-name": "1.0.0"
}
Even though referenced with the scope, packages will install without the @myco scope prefixed name.
Notes
Authentication is not currently supported - packages are downloaded anonymously.
History
This packaged was based off of bower-art-resolver
License
Copyright 2015 Jack Henry & Associates Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Keywords
FAQs
Use Sinopia as a registry for for Bower Dependencies
We found that bower-sinopia-resolver demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Package last updated on 02 Nov 2015
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Announcing Socket Certified Patches: One-Click Fixes for Vulnerable Dependencies
A safer, faster way to eliminate vulnerabilities without updating dependencies
By Mikola Lysenko, Jordan Harband, Jonah Ghebremichael -  Nov 18, 2025
Product
Reachability for Ruby Now in Beta
Reachability analysis for Ruby is now in beta, helping teams identify which vulnerabilities are truly exploitable in their applications.
By Oskar Haarklou Veileborg -  Nov 17, 2025