infusionsoft / bower-locker Goto Github PK

From : #5 (comment)

What we need also that is after locking the file to write pre install script to be executed before installing new packages, so that it'll automate the process of:

unlock bower file.
continue the installation of the new package.
lock the bower file again.

If a Bower dependency is downloaded via http, it is saved to .bower.json within that folder. If the link is later updated to git in the bower-locker.bower.json file, bower-locker will instead use the original value saved in .bower.json. Thus continuing to use the http repo link.

Would be nice if bower-locker could read the bower config .bowerrc file and find there bower_components directory variable.

{
  "directory": "vendor/bower_components"
}

Right now it throws an error because the components path is hardcoded.

env: node\r: No such file or directory

Hey,

great work on the locker. im getting this error on "bower install"

bower ENORESTARGET URL sources can't resolve targets

i have replaced all "https://" with "git://" in bower.json and removed bower_components dir but still no luck. Can you help?

Cheers.

The lock read only the bower_components/ folder, but it's possible configure other folder to receive the packages in the configuration file.

Firstly, thank-you so much for this project. I cannot overstate this enough.

When I have a dependency that is a relative path on my filesystem, bower-locker converts that resolution to an absolute path followed by #undefined. This results in ENORESTARGET File system sources can't resolve targets on a new bower install.

I expect bower-locker to ignore dependencies that are relative paths.

Hi @MaKleSoft,
This is a great tool, but the first time I'm using and I faced an error, I had this in my bower.json file's devDependencies property:
"devDependencies": { "sinon": "http://sinonjs.org/releases/sinon-1.12.1.js", .... }
So bower-locker failed because that in the .bower.json file of this package there will be no _resolution property.
I had to open the source code and do some fixes and did some changes too, please correct me if this is not a good way to go:

1. Replaced the old way of setting dependency version value to git URL and the release number with setting only the release number as it's enough to be able to install a packages.
2. Added a check for commit variable as it may not exists for some packages.
3. Added a check that if release number (extracted from .bower.json of the package) is not valid version number (using semver npm library to check) then set the original value from the old bower.json file we read.
4. If package exists in both dependencies and devDependencies then fix the release number for both (the old way was to delete devDependencies now we don't).

It's working for me now, don't know if it'll break with some other special cases.
Here's my fork: https://github.com/AbdoDabbas/bower-locker

Swiper 2.7.6 seems to be differently used by bower-files, Angular.js (1) and others when it is locked down. It looks like there is a different commit hash used for 2.7.6?

With the normal setup it works (unlock).