gulp-bower-check
Advanced tools
Readme
Checks that dependencies specified as repositories (git urls) points to the tags.
If you haven't used Gulp before. Once you're familiar with that process, you may install this plugin with this command:
npm install gulp-bower-check --save-dev
Once the plugin has been installed, it may be enabled inside your Gruntfile with this line of JavaScript:
require('gulp-bower-check')(gulp)
Just run
gulp gulp-bower-check
Module checks bower.json file, which is expected to be in the same directory as gulpfile.js. If any of repository dependencies don't point to tag you will see an error about that.
For example you have bower.json
"dependencies": {
"angular": "1.4.8",
"angular-animate": "1.4.8",
...
"custom-library": "git@github.com:custom/library.git#branch-1"
},
so, this plugin goes through all your dependencies and checks where you are pointing to GitHub directly.
Why do you need to point directly to GitHub? For example you have some private library and don't want to publish it to NPM repo but keep your library only in GitHub.
For the example above it will find custom-library and will check if branch-1 is tag or not.
Why do you need to have such check? For example if you have your automated release process and you want to verify that all your dependencies points to specific tag, not a branch, that after any commit to that branch you won't be able to have the same distribution again.
FAQs
Checks the bower's file repository dependencies
We found that gulp-bower-check demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The Python Software Foundation has secured a 5-year sponsorship from Fastly that supports PSF's activities and events, most notably the security and reliability of the Python Package Index (PyPI).
Security News
LDAPjs, an LDAP Client and Server API for Node.js, was decommissioned after its maintainer received an abusive email from a user, raising concerns about this form of abuse as a potential attack vector.
Security News
CISA launched a new project called Vulnrichment to enrich CVEs with details that help prioritize patching and mitigation efforts, as the NVD backlog of unenriched CVEs awaiting analysis surpasses 10,000.