Should bower_components be gitignored?

Would it be good practice to keep only the bower.json file and gitignore the whole bower_components directory?


The official Bower page stated:

N.B. If you aren't authoring a package that is intended to be consumed by others (e.g., you're building a web app), you should always check installed packages into source control.

Make sure to check out the link in the quote, it discusses some pro and cons. The main pro it mentions is that checking them in ensures that your dependencies are always available, as long as your repository is available. No matter what happens to Bower, GitHub or whatever else would be needed otherwise.

The .gitignore file in a newly generated Yeoman AngularJS project has bower_components (and node_modules) listed to be ignored (if you don't know Yeoman it is a very reputable web scaffolding tool for modern webapps, so that's good enough for me!):



There's a time & a place for both approaches. For Yeoman it's appropriate to rely on bower.json because it's a tool in a toolchain and needs to stay living and breathing with the bower ecosystem. For a deployable web app, it's generally good practice to commit dependencies and maintain more control.

Here's an good article I like that discusses this.

If you're using Grunt and Node with Bower it makes sense to put bower_components in your .gitignore because when you run grunt serve or grunt build it takes care of the dependencies for you, I'm sure that's why in Yeoman they add it to the .gitignore

The Yeoman generator pre-filled the .gitignore file with bower_components, but it also pre-filled with other directories I would think would be needed for a final app (like www) so I did some research.

I discovered that www/index.html is a minified version of the app/index.html. The app directory and its contents (including bower_components) contains the source files needed for the output directory (www). You commit source directories into source-control (i.e. git) but not generated files (i.e. www). Package managers like bower and npm are meant to be used during the build/generation phase and their artifacts are not meant to be checked into source-control.

Ultimately, the source that you check into git is the bare minimum configuration needed to build the rest of project for development or deployment purposes.

It is good to ignore /bower_components dir and check in only bower.json and bower-locker.bower.json file if you create lock file using bower-locker written by Shawn Lonas.

Before bower-locker created, there was disadvantage caused by an issue of bower not having shrinkwrap capability but it can be mitigated by the above library.

Run following commands to achieve it:

npm install bower-locker -g


yarn global add bower-locker

then generate lock file based on existing bower.json file by runing:

bower-locker lock

The original bower.json file will be re-named to bower-locker.bower.json

Need Your Help

Select DISTINCT individual columns in django?

django django-models distinct django-queryset django-orm

I'm curious if there's any way to do a query in Django that's not a "SELECT * FROM..." underneath. I'm trying to do a "SELECT DISTINCT columnName FROM ..." instead.

Why can't I use the Name attribute on UserControl in the same assembly?

wpf xaml user-controls

When I created a WPF UserControl and tried to use it, I got the following compiler error: