Checking in Bower dependencies

I’ve seen a few places recommending that the bower_components folder should be checked in to your version control system. This is wrong, it will just add unnecessary bloat to your repo and risk your dependencies going stale. The only good reason I think of is to avoid having to run bower install all the time but if your developing a Node app there is no need. I can think of some bad reasons as well, like changing the code in the Bower managed dependencies. Least said about that the better.

I’ve talked before about the NPM lifecycle scripts before, well these can be used to integrate Bower. When you run npm install to install your NPM dependencies you can hook in to it and call out to Bower.

"scripts": {
    "prepublish": "node_modules/.bin/bower install"

I recommend giving the NPM docs a read. It’s important to understand the possible impact of the different hooks. When you want to run in the install phase it’s recommended to use the prepublish hook instead of any of the actual install hooks. For the above code snipet to work you will also need to ensure Bower is listed as an NPM dependency in the package.json file. If not then the Bower executable will not be available when the script tries to call it and you shouldn’t rely on Bower being available globally. This is also how it’s recommended to setup your apps for deployment to Cloud Foundry. The Cloud Foundry build pack for NodeJS will call npm install --production while staging the application. No need to commit your Bower dependencies when deploying to the cloud either.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.