Gathering detailed insights and metrics for gulp-bower-normalize
Gathering detailed insights and metrics for gulp-bower-normalize
Normalize bower files so checked in structure is consistent.
Installations
npm install gulp-bower-normalizeDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Node Version
16.13.2
NPM Version
8.1.2
Releases
6
Languages
1
JavaScript
JavaScript (100%)
Developer
cthrax
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
46 Stars
49 Commits
11 Forks
3 Watchers
3 Branches
6 Contributors
Updated on Sep 21, 2024
Maintainers
1
Package Meta Information
Latest Version
1.1.3
Package Id
gulp-bower-normalize@1.1.3
Unpacked Size
28.33 kB
Size
6.84 kB
File Count
16
NPM Version
8.1.2
Node Version
16.13.2
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
4
Dev Dependencies
6
gulp-bower-normalize 
Use rules in the bower.json or implicit rules to normalize the files being copied out of bower_components so that a consistent and clean version of the bower dependencies can be checked into the repo. This is intended to work with main-bower-files.
INSTALL
npm install --save-dev gulp-bower-normalize
USAGE
Designed to work with main-bower-files as so:
1gulp.task('default', function() { 2 var bower = require('main-bower-files'); 3 var bowerNormalizer = require('gulp-bower-normalize'); 4 return gulp.src(bower(), {base: './bower_components'}) 5 .pipe(bowerNormalizer({bowerJson: './bower.json'})) 6 .pipe(gulp.dest('./bower_dependencies/')) 7});
bower.json
1{ 2 name and otherstuff 3 "dependencies": { 4 "dependency1": "~1.0.1" 5 "dependency2": "~1.0.1" 6 "dependency3": "~1.0.1" 7 "dependency4": "~1.0.1" 8 }, 9 "overrides": { 10 // Muli allows one normalize definition to span multiple dependencies 11 // NOTE: This is first one in wins for the multi list and will always 12 // defer to the overrides. 13 "normalizeMulti": [ 14 { 15 "dependencies": ["dependency1", "dependency2"], 16 "normalize": { 17 "img": ["*.jpeg", "*.png", "*.jpg"], 18 "font": ["*.ttf", "*.woff2"] 19 } 20 }, 21 { 22 "dependencies": ["dependency2", "dependency3"], 23 "normalize": { 24 // Note since dependency3 defines js, it won't get this definition 25 "js": ["*.js", "*.less"], 26 } 27 }, 28 { 29 "dependencies": ["dependency2"], 30 "normalize": { 31 // Note since dependency2 already had js defined by the multi, it won't get this definition 32 "js": ["*.*"], 33 } 34 } 35 ], 36 // Implicitly normalizes this file by file extension 'dependency1/js/some.js' 37 "dependency1": { 38 "main": "some.js" 39 }, 40 // Implicitly organized into 'dependency2/js/some.js' 'dependency2/js/some.js' 41 "dependency2": { 42 "main": ["some.js", "some.css"] 43 }, 44 // Explicitly organized into 'dependency3/js/some.js', 'dependency3/css/some.ext', 'dependency3/css/some.css' 45 "dependency3": { 46 "main": ["some.js", "some.ext", "some.css"], 47 "normalize": { 48 "js": "*.js", 49 "css": ["*.ext", "*.css"] 50 } 51 } // dependency4 is implicitly organized into 'dependency4/<ext>/<file> 52 } 53}
Note: Comments are not valid JSON, so if you're copying this, you'll need to remove them.
API
bowerNormalize(options)
options.basePath
Type: string
Default: process.cwd()
Path to search for the bower.json file in.
options.bowerJson
Type: string
Default: ./bower.json
Path to bower.json that overrides will come from. This should be relative to options.BasePath.
options.flatten
Type: boolean
Default: false
Option to remove the component level folders. This would turn /lib/jquery/js/jquery.js into /lib/js/jquery.js.
Note: If your components have files with the same name then only one of them will be included in the results.
options.typeTop
Type: boolean
Default: false
Option to put the type folder on top of the hierarchy. This would turn /lib/jquery/js/jquery.js into /lib/js/jquery/jquery.js.
options.checkPath
Type: boolean
Default: false
This option allows a multi-level path on the normalization destination. This allows matching similar to the following:
"dependency7": {
"main": ["some.js", "some/other.js"],
"normalize": {
"js": "*.js",
"js/some": "**/some/*.js"
}
}
Note: This will not work in conjunction with the flatten option.
Frequently Asked Questions
Unexpected folder normalization
Be aware of your JSON keys of the normalize property of your bower.json.
Only unique JSON keys could be parsed correctly into your expected destination folder structure.
Example
This could lead to unexpected normalization
"normalize": {
".": "**/*.scss",
".": "**/*.js"
}
The right expression should be
"normalize": {
".": ["**/*.scss", "**/*.js"]
}
License
MIT © Myles Bostwick
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm-publish-github-packages.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/cthrax/gulp-bower-normalize/npm-publish-github-packages.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm-publish-github-packages.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/cthrax/gulp-bower-normalize/npm-publish-github-packages.yml/master?enable=pin
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 1 out of 1 npmCommand dependencies pinned
Reason
Found 5/19 approved changesets -- score normalized to 2
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/npm-publish-github-packages.yml:1
- Info: no jobLevel write permissions found
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 16 are checked with a SAST tool
Reason
14 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
- Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h
- Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-qrpm-p2h7-hrv2
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
Score
2.9
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More