npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@udes/bower-locker

v1.1.0

Published

A command-line tool for locking, unlocking, and validating bower files

Downloads

5

Readme

bower-locker

bower-locker is a node command line tool for providing "pseudo"-locking capability for a project leveraging bower.

Bower doesn't inherently provide a locking mechanism (see https://github.com/bower/bower/issues/505).

Bower does allow you to specify a specific version or commit for a given dependency, and a way to specify how you would like to resolve any conflicts (i.e., within the resolutions block). This can be effective but it is tedious to do manually to both "lock" the versions, and the "unlock" the versions to get newer updates.

bower-locker simply automates that process to make it easier to "unlock" and "lock" that bower file. It also provides a way to validate that the files installed after a bower install match the desired "locked" versions.

How does it work?

bower-locker reads through all of the subfolders of the bower_components directory to examine each components .bower.json where it extracts information pertinent to the release that is currently being used.

It then generates a new bower.json (saving a copy of the original as bower-locker.bower.json) where it defines each direct and indirect dependency (i.e., all components currently in the bower_components directory) with an exact commit id, under the dependencies block and adds an entry for each in the resolutions block in the event that any of them tries to load a conflicting dependency version.

Both the new bower.json and the original (saved as bower-locker.bower.json) can then be uploaded to your source code repo.

Anybody pulling down the project, will be able to run bower install normally and they should get the exact versions of the components previously used. The locked bower.json also has the nice property of making it easy to see when dependent script versions have changed over the course of commits as the version number and commit id will show being updated. An unlocked bower.json only shows changes when the version ranges are updated.

To validate that intended versions were installed, run bower-locker validate. It will again compare the downloaded components with the bower.json file.

To update the versions used, simply run bower-locker unlock to return to the original bower.json. Update the bower config as desired including running bower install. When done, just run bower-locker lock again to lock in that new version.

Install

Install the bower-locker module globally:

npm install bower-locker -g

This will install a global command of bower-locker.

Use

lock

bower-locker lock 

Expects to run from within a folder that contains a bower.json and a ./bower_components/ folder.

If there is no bower_components folder yet, just run bower install first to generate it.

It should save a copy of bower.json as bower-locker.bower.json and then change bower.json to be a "locked" version with an additional "bowerLocker" section.

The "bowerLocker" property object that contains the "lastUpdated" timestamp for when the locked version was generated. It also contains a "versions" property object within "bowerLocker" which records the versions that were locked in as a version number to more easily know what version we are using for each dependency.

Using the -v flag will output the bower dependency versions that are being locked.

unlock

bower-locker unlock 

Expects to run from within a folder that contains a bower.json and a bower-locker.bower.json.file.

It will check that bower.json is a locked bower file. If so, it will simply replace bower.json with bower-locker.bower.json.

Use this command to unlock the bower file for manual updates and edits. When done updating and editing the bower.json or the bower_components folder, run bower-locker lock to relock it.

validate

bower-locker validate 

Expects to run from within a folder that contains a bower.json and a ./bower_components/ folder.

It will check that bower.json is a locked bower file. If so, it will check through all bower_components metadata and compare the components found there with the locked versions within bower.json.

It will report and new or missing components, and any version differences.

Run validate to make sure that all bower_components were installed as expected.

status

bower-locker status 

Expects to run from within a folder that contains a bower.json.

It will report whether or not the bower.json is a locked bower file, and the time it was locked.

Using the -v flag will also output the locked bower dependency versions.