Edit (April 2014): Updated by @paulirish & @sheerun

Package unregistering will be available via bower unregister <package> soon, but for now, you can unregister packages yourself using curl, if the package is hosted on GitHub and you're an owner or collaborator.

curl -X DELETE "https://bower.herokuapp.com/packages/PACKAGE?access_token=TOKEN"

• Where PACKAGE is the package name you want to delete and TOKEN is GitHub's Personal Access Token that you can fetch from here: https://github.com/settings/applications
• A default GitHub Personal Access Token will work -- no permissions necessary
• You need to be an owner or collaborator of the repo and URL needs to be OK.
• You'll likely want to bower cache clean after your change.
• Please remember it is generally considered bad behavior to remove versions of a library that others are depending on. Think twice :)

If the above doesn't work for you, we can handle your case manually (and please post below). And again, soon we'll be addressing the remaining issues so this is much easier for everyone. :) Cheers.

Bower could do with something like npm's shrinkwrap feature to lock down specific versions for deploys.

https://npmjs.org/doc/shrinkwrap.html

This would probably be simpler than what npm has to do, as we'd just need to create a config file to represent the currently installed versions.

Related #416

I use this command to install bower in travis

(npm install -g bower grunt-cli; npm install; bower install)

randomly I get this error:

bower ENOTEMPTY     ENOTEMPTY, rename '/tmp/travis/bower/angular-8465-xIRvRU'
Stack trace:
Error: ENOTEMPTY, rename '/tmp/travis/bower/angular-8465-xIRvRU'
Console trace:
Trace
    at StandardRenderer.error (/home/travis/.nvm/v0.10.12/lib/node_modules/bower/lib/renderers/StandardRenderer.js:74:17)
    at Logger.updateNotifier.packageName (/home/travis/.nvm/v0.10.12/lib/node_modules/bower/bin/bower:109:18)
    at Logger.EventEmitter.emit (events.js:95:17)
    at Logger.emit (/home/travis/.nvm/v0.10.12/lib/node_modules/bower/node_modules/bower-logger/lib/Logger.js:29:39)
    at /home/travis/.nvm/v0.10.12/lib/node_modules/bower/lib/commands/install.js:27:16
    at _rejected (/home/travis/.nvm/v0.10.12/lib/node_modules/bower/node_modules/q/q.js:808:24)
    at /home/travis/.nvm/v0.10.12/lib/node_modules/bower/node_modules/q/q.js:834:30
    at Promise.when (/home/travis/.nvm/v0.10.12/lib/node_modules/bower/node_modules/q/q.js:1079:31)
    at Promise.promise.promiseDispatch (/home/travis/.nvm/v0.10.12/lib/node_modules/bower/node_modules/q/q.js:752:41)
    at /home/travis/.nvm/v0.10.12/lib/node_modules/bower/node_modules/q/q.js:574:44

And encourage NPM + Webpack/Browserify/etc workflows. I don't intend to introduce hard feelings or anything like that, but those other workflows are superior in many ways, and maybe we should encourage people to move to them for the greater good of the Web/JavaScript community as a whole.

Fix for bug #927. Ignore package if name matches specified in bower.json. Permit fetch if package is explicitly declared in dependencies or devDependencies. Designed for users who need tighter control of versions due to corporate liscence restrictions or other reasons.

When issuing bower install for the first time even with the -s option present bower asks 'May bower anonymously report usage statistics to improve the tool over time? (Y/n)' which breaks automated tools not expecting interaction (i.e. Travis).

Would be great if we could provide an answer as a part of the command or at least for the -s option to be respected.

yooo. I planned on using github's search api to auto-discover projects with component.json files, removing the need for a registry or any user action at all, but the problem right now is we're both using component.json but in different ways, so we already re-introduced the ambiguity of package.json :s

Based on https://github.com/bower/bower/pull/1592

• bower.lock doesn't exist:
  • [x] bower install creates bower.lock file only after all-successful non-production installation
  • [x] bower install --production complains there's no bower.lock and exits
  • [x] bower update acts as bower install
• bower.lock exists dependenies in bower.json match those on bower.lock
  • [x] bower install installs exact packages from bower.lock
  • [x] bower install --production installs exact packages from bower.lock ignoring devDependencies
  • [x] bower update is no-op
  • [x] if installation would change bower.lock, it fails with error message
• bower.lock exists and there are only extra dependencies in bower.json relative to bower.lock
  • [x] bower install tries to install bower.lock with only new packages from bower.json added. Installation fails if old bower.lock is not a subset of new bower.lock.
  • [x] bower install --production fails
  • [x] bower update --all re-creates bower.lock
• bower.lock` exists and dependencies in bower.json changed relative to bower.lock
  • [x] bower install fails, and says you need to bower update first
  • [x] bower install --production fails
  • [x] bower update complains there's no package specified to update
  • [x] bower update --all re-creates bower.lock
  • [x] bower update tries to install bower.lock with version replaced with version from bower.json. Installation fails if old bower.lock is not a subset of new bower.lock (except updated package).

hi, since the last update I'm getting this error when trying to install my packages:

bower chosen.jquery#*           cached https://github.com/harvesthq/chosen/releases/download/1.0.0/chosen_v1.0.0.zip#e-tag:3faf39b4e
bower chosen.jquery#*         validate e-tag:3faf39b4e against https://github.com/harvesthq/chosen/releases/download/1.0.0/chosen_v1.0.0.zip#*
bower angular#v1.2.0-rc.2       cached git://github.com/angular/bower-angular.git#1.2.0-rc.2
bower angular#v1.2.0-rc.2     validate 1.2.0-rc.2 against git://github.com/angular/bower-angular.git#v1.2.0-rc.2
bower jquery#~2.0.3             cached git://github.com/components/jquery.git#2.0.3
bower jquery#~2.0.3           validate 2.0.3 against git://github.com/components/jquery.git#~2.0.3
bower bootstrap#~3.0.0          cached git://github.com/twbs/bootstrap.git#3.0.2
bower bootstrap#~3.0.0        validate 3.0.2 against git://github.com/twbs/bootstrap.git#~3.0.0
bower jquery#>= 1.9.0           cached git://github.com/components/jquery.git#2.0.3
bower jquery#>= 1.9.0         validate 2.0.3 against git://github.com/components/jquery.git#>= 1.9.0
bower chosen.jquery#*              new version for https://github.com/harvesthq/chosen/releases/download/1.0.0/chosen_v1.0.0.zip#*
bower chosen.jquery#*          resolve https://github.com/harvesthq/chosen/releases/download/1.0.0/chosen_v1.0.0.zip#*
bower chosen.jquery#*         download https://github.com/harvesthq/chosen/releases/download/1.0.0/chosen_v1.0.0.zip
bower chosen.jquery#*          extract chosen_v1.0.0.zip
bower chosen.jquery#*           ENOENT ENOENT, open '/var/folders/nb/m18105410nz_xkx4qkd98h_c0000gn/T/wilkerlucio/bower/chosen.jquery-46279-SZy2v5/docsupport/'

Stack trace:
Error: ENOENT, open '/var/folders/nb/m18105410nz_xkx4qkd98h_c0000gn/T/wilkerlucio/bower/chosen.jquery-46279-SZy2v5/docsupport/'

Console trace:
Trace
    at StandardRenderer.error (/usr/local/lib/node_modules/bower/lib/renderers/StandardRenderer.js:74:17)
    at Logger.updateNotifier.packageName (/usr/local/lib/node_modules/bower/bin/bower:109:18)
    at Logger.EventEmitter.emit (events.js:95:17)
    at Logger.emit (/usr/local/lib/node_modules/bower/node_modules/bower-logger/lib/Logger.js:29:39)
    at /usr/local/lib/node_modules/bower/lib/commands/install.js:27:16
    at _rejected (/usr/local/lib/node_modules/bower/node_modules/q/q.js:808:24)
    at /usr/local/lib/node_modules/bower/node_modules/q/q.js:834:30
    at Promise.when (/usr/local/lib/node_modules/bower/node_modules/q/q.js:1079:31)
    at Promise.promise.promiseDispatch (/usr/local/lib/node_modules/bower/node_modules/q/q.js:752:41)
    at /usr/local/lib/node_modules/bower/node_modules/q/q.js:574:44

System info:
Bower version: 1.2.8
Node version: 0.10.21
OS: Darwin 13.0.0 x64

Related to #53 and #46

For the component.json to have any future it's needs a spec. It doesn't have to be verbose, just what properties it should support and how those should be validated.

15 March 2013 Draft specification - https://docs.google.com/document/d/1APq7oA9tNao1UYWyOm8dKqlRP2blVkROYLZ2fLIjtWc/

The objective of this issue is that people can give some feedback so we can converge towards a solution and an implementation.

Follow up of: #105 and #8

People often find bugs on their dependencies and the typical thing to do is to fork it, fix it, make a PR and use the fork until its accepted (or discarded :P). This workflow does not directly integrates with bower because the fork would have to contain a new tag with the fixes. The new tag is a must because bower always uses tags and only fallbacks to commits when the repo has no tags at all.

So:

• How can users target a specific commit?
• How can users tell bower to always fetch the latest commit, and discard the versions/tags
• How can users specify a branch while installing?
• How can users mix this together (e.g.: target X branch and the last commit of it)

One question that arises.. how will the prune/conflict/most suitable version of a shared dependency work out if targeting specific commits/latest commits?

//cc @fat @maccman @addyosmani @sindresorhus @aeosynth @kirkstrobeck

bower-config is using "mout": "^1.0.0", https://github.com/bower/bower/blob/master/packages/bower-config/package.json#L16

Upgrade Recommendation 1.2.4

Additional Info https://github.com/advisories/GHSA-vvv8-xw5f-3f88 https://github.com/advisories/GHSA-pc58-wgmc-hfjr

There are small typos in:

• test/renderers/JsonRenderer.js
• test/renderers/StandardRenderer.js

Fixes:

• Should read ignored rather than ingored.
• Should read carets rather than carrets.

Semi-automated pull request generated by https://github.com/timgates42/meticulous/blob/master/docs/NOTE.md

Duplicates the change in https://github.com/bower/bower/pull/2617, but uses a dedicated feature branch.

Fixes this security advisory: https://github.com/advisories/GHSA-xvch-5gv4-984h Closes https://github.com/bower/bower/issues/2616

Fixes this security advisory: https://github.com/advisories/GHSA-xvch-5gv4-984h

I reviewed the commits between minimist versions and didn't see anything that looked like it would cause compatibility issues with the one place this dependency is used here, but I did not test exhaustively that the upgrade did not break things.

bower-config package currently uses minimist ^0.2.1 which has a Prototype Pollution vulnerability

minimist 1.2.6 addresses this vulnerability

Additional information: NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-7598 Vulnerability: https://snyk.io/vuln/npm%3Aminimist