Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

torba

Package Overview
Dependencies
Maintainers
1
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

torba

  • 1.2.0
  • Rubygems
  • Socket score

Version published
Maintainers
1
Created
Source

Torba

Build Status Gem version

Torba is a Bower-less asset manager for Sprockets. It makes a local copy of a JS/CSS library and puts it under Sprockets' load path.

Name origin

"Торба" [tǒːrba] in Ukrainian and "torba" in Polish, Turkic languages can mean "duffel bag", "gunny sack" or, more generally, any flexible container.

Status

Production ready.

Documentation

Released version

Why

De facto approach, i.e. wrapping JS and CSS libraries in a gem, requires a maintainer to constantly track changes in an upstream repository. Even more so, if a gem maintainer stops using that specific library, the gem will eventually become abandoned. Additionally, many libraries still have no gem wrappers.

Other alternatives:

  • rails-assets relies on Bower and it is quite complex,
  • bower-rails relies on Bower, see below for why this can be an issue.

Problems with the Bower:

  • it is not a part of the Ruby ecosystem,
  • frontend JS libraries are usually standalone (except for a potential jQuery dependency), so there's no need for a complex Bundler-like solution with tree-dependency resolution,
  • often we can't use optimistic version constraints, because the JavaScript community does not consistenly apply the principles of Semver. By specifying strict versions we use Bower as a complex facade for functionality that could be accomplished with curl.

External dependencies

  • curl
  • unzip
  • gzip
  • tar

Design limitations

  • Torba doesn't do any version dependency resolution, it's up to you to specify the correct version of each asset package,
  • Torba doesn't do any builds, you should use remote sources with pre-built assets.

Installation

Rails

Use torba-rails.

Sinatra

See this example project.

Other Ruby application

Add this line to your application's Gemfile and run bundle:

gem 'torba'

Usage

  1. Create Torbafile at the project root and commit it.

  2. Run bundle exec torba pack.

  3. Add "require" Sprockets directives to your "application.js" and/or "@import" Sass directives to "application.css".

If any changes made to the Torbafile, run bundle exec torba pack again.

Torbafile

Torbafile is an assets specification. It is a plain text file that contains one or more sections, each of them describes one remote source of assets.

Currently only zip, tar.gz archives, Github releases and npm packages are supported.

Zip archive package

Allows to download and unpack asset package from any source accessible by curl.

The syntax is:

zip "name", url: "..." [, import: %w(...)]

where "name" is an arbitrary name for the package, more on "import" below. For example,

zip "scroll_magic", url: "https://github.com/janpaepke/ScrollMagic/archive/v2.0.0.zip"
Tar.gz archive package

The syntax is same as for a zip package:

targz "name", url: "..." [, import: %w(...)]

for example,

targz "scroll_magic", url: "https://github.com/janpaepke/ScrollMagic/archive/v2.0.0.tar.gz"
Github release package

This is a more readable version/shortcut for "https://github.com/.../archive/..." URLs.

The syntax is:

gh_release "name", source: "...", tag: "..." [, import: %w(...)]

where "source" is the user + repository and "tag" is the repository tag (exactly as on Github, i.e. with "v" prefix if present), more on "import" below. For example,

gh_release "scroll_magic", source: "janpaepke/ScrollMagic", tag: "v.2.0.0"

You can omit the name, it will be equal to the repository name:

gh_release source: "janpaepke/ScrollMagic", tag: "v.2.0.0" # "ScrollMagic" is assumed
npm package

Allows to download packages from npm registry.

The syntax is:

npm "name", package: "...", version: "..." [, import: %w(...)]

where "package" is the package name as published on npm registry and "version" is its version, more on "import" below. For example,

npm "coffee", package: "coffee-script", version: "1.9.2"

You can omit the name, it will be equal to the package name:

npm package: "coffee-script", version: "1.9.2"

Examples

See Torbafiles used for testing.

"Packing the torba" process

When you run torba pack the following happens:

  1. All remote sources are cached locally.

  2. Archives are unpacked with top level directory removed. This is done for good because it usually contains the package version in the name, e.g. "react-0.13.2", and you don't want to have to reference versions inside your application code (except Torbafile).

  3. Remote source's content is copied as is to the Torba.home_path location with package name used as a namespace.

    This is also done for good reason in order to avoid name collisions (since many JS projects can have assets with the same names and all packages are placed into Sprockets' shared virtual filesystem). The downside is that you have to use namespaces in each require directive, which can lead to duplication:

    // application.js
    //= require 'underscore/underscore'
    

    Hint: use "require_directory" if you're strongly against such duplication:

    //= require_directory 'underscore'
    
  4. Stylesheets (if any) are converted to ".css.erb" with "asset_path" helpers used in "url(...)" statements.

:import option

Copying whole remote source's content has the disadvantage of using remote source specific paths in your require/import directives. For example, if an archive contains files in the "dist/css" directory, you'll have to mention it:

/* application.css */
@import 'lightslider/dist/css/lightslider';

To mitigate this you can cherry-pick files from the source via the "import" option, for example:

gh_release "lightslider", source: "sachinchoolur/lightslider", tag: "1.1.2", import: %w[
  dist/css/lightslider.css
]

Such files will be copied directly to the package root (i.e. file tree becomes flatten), thus you can omit unnecessary paths:

@import 'lightslider/lightslider';

You can use any Dir.glob pattern:

gh_release "lightslider", source: "sachinchoolur/lightslider", tag: "1.1.2", import: %w[
  dist/css/lightslider.css
  dist/img/*.png
]

In addition to this "path/" is treated as a shortcut for "path/**/*" glob pattern.

FAQs

Package last updated on 18 Aug 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc