Adapted version of Bower package manager in order to provide support for private hosted + authenticated Web components dependencies.
It implements a initial version of the authrc specification.
Note that this is an experimental implementation, use it under your own risk
Bower is a package manager for the web. It offers a generic, unopinionated solution to the problem of front-end package management, while exposing the package dependency model via an API that can be consumed by a more opinionated build stack. There are no system wide dependencies, no dependencies are shared between different apps, and the dependency tree is flat.
Bower runs over Git, and is package-agnostic. A packaged component can be made up of any type of asset, and use any type of transport (e.g., AMD, CommonJS, etc.).
npm install -g bower-auth
Also make sure that git is installed as some bower packages require it to be fetched and installed.
Much more information is available via
bower-auth help once it's installed. This
is just enough to get you started.
oh-my-zsh, do not forget to
alias bower-auth='noglob bower-auth' or
bower-auth install jquery\#1.9.1
Running commands with sudo
Bower is a user command, there is no need to execute it with superuser permissions.
However, if you still want to run commands with sudo, use
Installing packages and dependencies
Bower offers several ways to install packages:
# Using the dependencies listed in the current directory's bower.json bower-auth install # Using a local or remote package bower-auth install <package> # Using a specific version of a package bower-auth install <package>#<version> # Using a different name and a specific version of a package bower-auth install <name>=<package>#<version>
<package> can be any one of the following:
- A name that maps to a package registered with Bower, e.g,
- A remote Git endpoint, e.g.,
git://github.com/someone/some-package.git. Can be public or private. ‡
- A local endpoint, i.e., a folder that's a Git repository. ‡
- A shorthand endpoint, e.g.,
someone/some-package(defaults to GitHub). ‡
- A URL to a file, including
tarfiles. Its contents will be extracted.
‡ These types of
<package> might have versions available. You can specify a
semver compatible version to fetch a specific release, and lock the
package to that version. You can also use ranges to specify a range of versions.
All package contents are installed in the
bower_components directory by default.
You should never directly modify the contents of this directory.
bower-auth list will show all the packages that are installed locally.
N.B. If you aren't authoring a package that is intended to be consumed by others (e.g., you're building a web app), you should always check installed packages into source control.
To search for packages registered with Bower:
bower-auth search [<name>]
bower-auth search will list all packages in the registry.
The easiest approach is to use Bower statically, just reference the package's
installed components manually using a
For more complex projects, you'll probably want to concatenate your scripts or use a module loader. Bower is just a package manager, but there are plenty of other tools -- such as Sprockets and RequireJS -- that will help you do this.
To register a new package:
- There must be a valid manifest JSON in the current working directory.
- Your package should use semver Git tags.
- Your package must be available at a Git endpoint (e.g., GitHub); remember to push your Git tags!
Then use the following command:
bower-auth register <my-package-name> <git-endpoint>
The Bower registry does not have authentication or user management at this point
in time. It's on a first come, first served basis. Think of it like a URL
shortener. Now anyone can run
bower-auth install <my-package-name>, and get your
There is no direct way to unregister a package yet. For now, you can request a package be unregistered.
To uninstall a locally installed package:
bower-auth uninstall <package-name>
Bower can be configured using JSON in a
The current spec can be read
Defining a package
You must create a
bower.json in your project's root, and specify all of its
dependencies. This is similar to Node's
package.json, or Ruby's
and is useful for locking down a project's dependencies.
NOTE: In versions of Bower before 0.9.0 the package metadata file was called
component.json rather than
bower.json. This has changed to avoid a name
clash with another tool. You can still use
component.json for now but it is
deprecated and the automatic fallback is likely to be removed in an upcoming
You can interactively create a
bower.json with the following command:
bower.json defines several options:
name(required): The name of your package.
version: A semantic version number (see semver).
main[string|array]: The primary endpoints of your package.
ignore[array]: An array of paths not needed in production that you want Bower to ignore when installing your package.
dependencies[hash]: Packages your package depends upon in production.
devDependencies[hash]: Development dependencies.
private[boolean]: Set to true if you want to keep the package private and do not want to register the package in future.
Consuming a package
Bower also makes available a source mapping. This can be used by build tools to easily consume Bower packages.
If you pass the
--paths option to Bower's
list command, you will get a
simple path-to-name mapping:
Alternatively, every command supports the
--json option that makes bower
output JSON. Command result is outputted to
stdout and error/logs to
Bower provides a powerful, programmatic API. All commands can be accessed
var bower = ;bowercommands;bowercommands;
Commands emit four types of events:
logis emitted to report the state/progress of the command.
promptis emitted whenever the user needs to be prompted.
errorwill only be emitted if something goes wrong.
endis emitted when the command successfully ends.
For a better of idea how this works, you may want to check out our bin file.
When using bower programmatically, prompting is disabled by default. Though you can enable it when calling commands with
interactive: true in the config.
This requires you to listen for the
prompt event and handle the prompting yourself. The easiest way is to use the inquirer npm module like so:
var inquirer = ;bowercommands// ..;
NOTE: Completion is still not implemented for the 1.0.0 release
Bower now has an experimental
completion command that is based on, and works
similarly to the npm completion. It is
not available for Windows users.
This command will output a Bash / ZSH script to put into your
bower-auth completion >> ~/.bash_profile
A note for Windows users
To use Bower on Windows, you must install msysgit correctly. Be sure to check the option shown below:
Note that if you use TortoiseGit and if Bower keeps asking for your SSH
password, you should add the following environment variable:
GIT_SSH - C:\Program Files\TortoiseGit\bin\TortoisePlink.exe. Adjust the
path if needed.
Have a question?
Contributing to this project
Anyone and everyone is welcome to contribute. Please take a moment to review the guidelines for contributing.
Thanks for assistance and contributions:
@addyosmani, @angus-c, @borismus, @carsonmcdonald, @chriseppstein, @danwrong, @davidmaxwaterman, @desandro, @hemanth, @isaacs, @josh, @jrburke, @marcelombc, @marcooliveira, @mklabs, @MrDHat, @necolas, @paulirish, @richo, @rvagg, @sindresorhus, @SlexAxton, @sstephenson, @svnlto, @tomdale, @uzquiano, @visionmedia, @wagenet, @wibblymat, @wycats
Copyright 2013 Twitter, Inc.
Licensed under the MIT License