Research
Security News
Malicious npm Packages Use Telegram to Exfiltrate BullX Credentials
Socket uncovers an npm Trojan stealing crypto wallets and BullX credentials via obfuscated code and Telegram exfiltration.
By Kush Pandya - May 08, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
grunt-npm-bower
Advanced tools
grunt-npm-bower
Wire
This repository is part of the source code of Wire. You can find more information at wire.com or by contacting opensource@wire.com.
You can find the published source code at github.com/wireapp.
For licensing information, see the attached LICENSE file and the list of third-party licenses at wire.com/legal/licenses/.
Description
Grunt plugin which helps migrating from Bower to npm.
Installation
npm install --save-dev grunt-npm-bower
grunt.loadNpmTasks('grunt-npm-bower');
Workflow
Using grunt-npm-bower is as simple as this:
- Run bower-away command in the project you want to migrate (but don't delete your
bower.jsonyet!). - Run grunt-npm-bower task (from your
Gruntfile.js) - Finally, delete your
bower.json(☠)
An exemplary task configuration:
Gruntfile.js
module.exports = grunt => {
grunt.initConfig({
npmBower: {
options: {
cleanTargetDir: true,
targetDir: './lib',
verbose: true,
}
});
grunt.loadNpmTasks('grunt-npm-bower');
grunt.registerTask('default', ['npmBower']);
};
Options
bowerConfig
- Type:
String - Default:
bower.json
Location of your Bower configuration (relative to your project's root directory).
componentDir
- Type:
String - Default:
node_modules
Location where your Bower components are installed. When using bower install this will be bower_components. If you are using npm install (or yarn), it's node_modules. If you are using a .bowerrc file, it might be something else.
npmConfig
- Type:
String - Default:
package.json
Location of your npm configuration (relative to your project's root directory).
cleanTargetDir
- Type:
Boolean - Default:
false
If setted to true, the specified targetDir will be removed before copying Bower components there.
overrideProp
- Type:
String - Default:
exportsOverride
Key name that is being used for export overrides (if defined). Read more about exportsOverride in "Advanced usage".
resolveName
- Type:
Boolean - Default:
true
If setted to true, the plugin tries to resolve the names of your dependencies from a bower.json, .bower.json or package.json file (in this order). If setted to false, it resolves the names from your package.json (Example: @bower_components/dexie).
FAQs
Grunt plugin which helps migrating from Bower to npm.
We found that grunt-npm-bower demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Package last updated on 30 Oct 2017
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
Backdooring the IDE: Malicious npm Packages Hijack Cursor Editor on macOS
Malicious npm packages posing as developer tools target macOS Cursor IDE users, stealing credentials and modifying files to gain persistent backdoor access.
By Kirill Boychenko - May 07, 2025
Security News
AI Slop Is Polluting Bug Bounty Platforms with Fake Vulnerability Reports
AI-generated slop reports are making bug bounty triage harder, wasting maintainer time, and straining trust in vulnerability disclosure programs.
By Sarah Gooding - May 06, 2025