Automic VaultAutomic Vault

brew

Install bower with Homebrew, apk, chocolatey, pacman

Package manager for the web. Version 1.8.14 via Homebrew; verified from local package data.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install bower

local Homebrew formula metadata

overview

Package summary

Package manager for the web

Commands and aliases

  • bower

history

Project history and usage

Bower was one of the defining front-end package managers of the early 2010s: a Git-backed, browser-asset-oriented tool built before npm, Yarn, webpack, Vite, and modern bundlers absorbed most client-side dependency management.

Project history

The official About page says Bower was created at Twitter by @fat and @maccman and released as part of Twitter's open source effort in 2012. The public GitHub repository was created in September 2012 and describes the project as a package manager for the web.

Bower's design targeted front-end assets rather than Node modules. The README and homepage emphasize a generic, unopinionated solution, no shared system-wide dependencies, a flat dependency tree, Git-based package resolution, and package-agnostic components containing JavaScript, CSS, fonts, images, or other web assets.

Adoption history

Bower became widely used by front-end projects that wanted predictable browser dependency installation before the npm ecosystem fully embraced front-end packages. Its registry, `bower.json`, `.bowerrc`, and `bower_components/` directory became common project artifacts.

By 2017, the official Bower site and blog were already recommending Yarn and build tools for new front-end projects. The migration blog explains that Yarn 1.x could install many Bower packages but not resolve Bower dependencies directly, leading to compatibility helpers such as `bower-away` for legacy projects.

How it is used

Users installed Bower globally with npm, then ran commands such as `bower install`, `bower search`, `bower info`, `bower update`, and `bower register`. Dependencies were recorded in `bower.json`, installed into `bower_components/`, and controlled with `.bowerrc` settings.

Bower intentionally did not concatenate, minify, or bundle code; it installed the requested versions and left integration to tools such as Grunt, gulp, RequireJS, webpack, or later build systems.

Why package nerds care

Bower matters because it captures a transitional moment in JavaScript packaging: browser packages still often lived as Git repositories with dist files, npm was not yet the universal front-end registry, and flat dependency graphs looked attractive for avoiding duplicate browser payloads.

Its decline is equally instructive. The official recommendation to use Yarn and bundlers for new projects marks the shift from asset-package managers toward npm-centered dependency graphs, lockfiles, checksums, and integrated build pipelines.

Timeline

  • 2012: Created at Twitter and released as part of Twitter's open source effort.
  • 2012: Public GitHub repository created.
  • 2014: GitHub Releases include the 1.x release line.
  • 2017: Official Bower blog published migration guidance away from Bower.
  • 2020s: Maintained mainly for legacy projects while the site recommends Yarn and modern build tools for new work.

Related projects

  • npm is the package manager whose registry and package format eventually absorbed much front-end package distribution.
  • Yarn is the replacement recommended by the official Bower site for many new or migrated front-end projects.
  • webpack, Vite, Parcel, Grunt, gulp, and RequireJS are related build or module tools that either complemented Bower or replaced the workflow around it.

security posture

Risk level: orange

infrastructure mutation or orchestration signal.

Risk classifier

orange risk · medium confidence · infrastructure

Why

  • infrastructure mutation or orchestration signal

Signals

  • text:package manager

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 10 platform targets.
  • Installs with 1 runtime dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
.bowerrc~/.bowerrc/.bowerrc

executables

Installed executables

CommandKindExposureNote
bowercliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version1.8.14
manager updated
local dataok
upstreamnot checked
latest detectednot detected

https://bower.io/

  • infoNo package-manager update timestamp was available.low confidence
  • infoRelease/tag comparison is only available for GitHub repositories.https://bower.io/none confidence

install metadata

Package metadata

Package keybrew:bower
Version1.8.14
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/bower
Homepagehttps://bower.io/
Repositoryhttps://github.com/bower/bower
Upstream docshttps://bower.io/docs/api
LicenseMIT
Source archivehttps://registry.npmjs.org/bower/-/bower-1.8.14.tgz
Dependenciesnode
Bottleavailable (on arm64_linux, arm64_monterey, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, monterey, sonoma, ventura, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namebower
Version Scheme0
Revision0
Conflicts With
  • bower-mail
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

apk95%

bower 1.1.1-r1

curses frontend for the Notmuch email system

https://github.com/wangp/bower

sudo apk add bower
  • License: GPL-3.0-or-later
  • Architecture: x86_64
  • Source Package: bower
  • 1 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Bower
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: bower from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz
apk95%

bower-doc 1.1.1-r1

curses frontend for the Notmuch email system (documentation)

https://github.com/wangp/bower

sudo apk add bower-doc
  • License: GPL-3.0-or-later
  • Architecture: x86_64
  • Source Package: bower
  • normalized package name match
  • Matched by: Bower
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: bower-doc from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz
pacman95%

bower 1.8.14-3

A package manager for the web

https://bower.io/

sudo pacman -S bower
  • License: MIT
  • Architecture: any
  • 3 dependencies
  • normalized package name match
  • Matched by: Bower
Arch Linux sync databases · geo.mirror.pkgbuild.com · Arch Linux sync databases: bower from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz
Chocolatey95%

bower

choco install bower
  • normalized package name match
  • Matched by: Bower
Chocolatey community package catalog · community.chocolatey.org · Chocolatey community package catalog: bower from http://community.chocolatey.org/api/v2/Packages?$filter=IsLatestVersion&$select=Id&$top=1000&$skiptoken='9.1916','tektoncd-cli'

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment