Merge branch 'master' into update-request

Update year to 2017

.appveyor.yml

@@ -0,0 +1,46 @@
+# http://www.appveyor.com/docs/appveyor-yml
+
+# Set build version format here instead of in the admin panel.
+version: "{build}"
+
+# Fix line endings in Windows. (runs before repo cloning)
+init:
+  - git config --global core.autocrlf input
+
+# Test against these versions of Node.js.
+environment:
+  matrix:
+    - nodejs_version: "0.10"
+    - nodejs_version: "0.12"
+    - nodejs_version: "4"
+    - nodejs_version: "6"
+    - nodejs_version: "8"
+    - nodejs_version: "9"
+
+# Finish on first failed build
+matrix:
+  fast_finish: true
+
+# Install node, display versions, install dependencies
+install:
+  - ps: Install-Product node 8
+  - node --version && npm --version
+  - git --version && svn --version
+  - npm install -g yarn grunt
+  - yarn
+  - ps: Install-Product node $env:nodejs_version
+
+# Post-install test scripts.
+test_script:
+  - cmd: npm run ci
+
+# Make clone much faster
+shallow_clone: true
+
+# Disable Visual Studio build and deploy
+build: off
+deploy: off
+
+# Cache node modules, and refresh if package.json changes
+cache:
+  - "%LOCALAPPDATA%\\Yarn"

.editorconfig

@@ -13,3 +13,6 @@ trim_trailing_whitespace = false
 
 [**.std]
 insert_final_newline = false
+
+[{package,bower}.json]
+indent_size = 2

.eslintrc

@@ -0,0 +1,52 @@
+{
+  "env": {
+    "node": true,
+    "mocha": true
+  },
+  "rules": {
+    "no-bitwise": 0,
+    "curly": 0,
+    "eqeqeq": 0,
+    "guard-for-in": 0,
+    "no-use-before-define": 0,
+    "no-caller": 2,
+    "no-new": 2,
+    "no-plusplus": 0,
+    "no-undef": 2,
+    "no-unused-vars": 0,
+    "strict": 0,
+    "semi": 0,
+    "comma-spacing": 2,
+    "quote-props": [2, "consistent", { "keywords": true }],
+    "quotes": [2, "single", "avoid-escape"],
+    "indent": [2, 4],
+    "no-cond-assign": [ 2, "except-parens" ],
+    "no-debugger": 2,
+    "no-dupe-args": 2,
+    "no-dupe-keys": 2,
+    "no-duplicate-case": 2,
+    "no-unreachable": 2,
+    "valid-typeof": 2,
+    "no-fallthrough": 2,
+    "no-ex-assign": 2,
+    "no-eq-null": 0,
+    "no-eval": 0,
+    "no-unused-expressions": 0,
+    "block-scoped-var": 0,
+    "no-iterator": 0,
+    "no-loop-func": 2,
+    "no-script-url": 0,
+    "no-shadow": 0,
+    "no-new-func": 2,
+    "no-new-wrappers": 2,
+    "no-invalid-this": 0,
+    "space-before-blocks": [2, "always"],
+    "space-before-function-paren": [2, {"anonymous": "always", "named": "never"}],
+    "space-infix-ops": 2,
+    "keyword-spacing": 2,
+    "new-parens": 2,
+    "no-multiple-empty-lines": [2, { max: 2}],
+    "eol-last": 2,
+    "no-trailing-spaces": 2
+  }
+}

.github/ISSUE_TEMPLATE.md

@@ -0,0 +1,44 @@
+<!--
+
+If you are reporting a new issue, make sure that we do not have any duplicates.
+You can ensure this by searching the issue list for this repository.
+
+You are welcome to open issues to discuss important general topics concerning Bower.
+However for support questions, please consider using http://stackoverflow.com or
+asking for help in our Discord channel: https://discordapp.com/invite/0fFM7QF0KpZaDeN9
+
+# BUG REPORT
+
+Use the commands below to provide key information to reproduce:
+You do NOT have to include this information if this is a FEATURE REQUEST OR DISCUSSION
+
+For more information about reporting bugs, see:
+https://github.com/bower/bower/wiki/Report-a-Bug
+
+-->
+
+**Output of `bower -v && npm -v && node -v`:**
+
+```
+(paste your output here)
+```
+
+**Additional environment details (proxy, private registry, etc.):**
+
+
+
+**Steps to reproduce the issue:**
+
+1.
+2.
+3.
+
+**Describe the results you received:**
+
+
+
+**Describe the results you expected:**
+
+
+
+**Additional information:**

.gitignore

@@ -1,12 +1,14 @@
 /node_modules
 /npm-debug.log
 
-/test/assets/temp
-/test/assets/temp2
-/test/assets/temp-resolve-cache
 /test/assets/package-*/
+/test/assets/temp-*/
 /test/reports
+/test/tmp/
 
 /bower.json
 /component.json
 /bower_components
+/test/sample
+!/test/sample/bower.json
+/npm-shrinkwrap.json

.travis.yml

@@ -1,6 +1,43 @@
+sudo: false
+
 language: node_js
+
+# Use node 8 for build
 node_js:
-  - "0.10"
-  - "0.8"
-before_script:
-  - npm install grunt-cli -g
+  - "8"
+
+# Then test with specific node version
+env:
+  - TEST_NODE_VERSION="0.10"
+  - TEST_NODE_VERSION="0.12"
+  - TEST_NODE_VERSION="4"
+  - TEST_NODE_VERSION="6"
+  - TEST_NODE_VERSION="8"
+  - TEST_NODE_VERSION="9"
+
+before_install:
+  - node --version
+  - curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version 1.5.1
+  - export PATH=$HOME/.yarn/bin:$PATH
+
+cache:
+  yarn: true
+
+install:
+  - yarn
+  - nvm install $TEST_NODE_VERSION
+  - npm install -g grunt
+
+os:
+  - osx
+  - linux
+
+matrix:
+  fast_finish: true
+  allow_failures:
+    - os: osx
+
+script:
+  - nvm use $TEST_NODE_VERSION
+  - node --version && npm --version && git --version && svn --version | head -n 1
+  - grunt travis

CHANGELOG.md

@@ -1,5 +1,339 @@
 # Changelog
 
+## 1.8.0 - 2016-11-07
+
+- Download tar archives from GitHub when possible (#2263)
+  - Change default shorthand resolver for github from `git://` to `https://`
+- Fix ssl handling by not setting GIT_SSL_NO_VERIFY=false (#2361)
+- Allow for removing components with url instead of name (#2368)
+- Show in warning message location of malformed bower.json (#2357)
+- Improve handling of non-semver versions in git resolver (#2316)
+- Fix handling of cached releases pluginResolverFactory (#2356)
+- Allow to type the entire version when conflict occured (#2243)
+- Allow `owner/reponame` shorthand for registering components (#2248)
+- Allow single-char repo names and package names (#2249)
+- Make `bower version` no longer honor `version` in bower.json (#2232)
+- Add `postinstall` hook (#2252)
+- Allow for `@` instead of `#` for `install` and `info` commands (#2322)
+- Upgrade all bundled modules
+
+## 1.7.9 - 2016-04-05
+
+- Show warnings for invalid bower.json fields
+- Update bower-json
+  - Less strict validation on package name (allow spaces, slashes, and "@")
+
+## 1.7.8 - 2016-04-04
+
+- Don't ask for git credentials in non-interactive session, fixes #956 #1009
+- Prevent swallowing exceptions with programmatic api, fixes #2187
+- Update graceful-fs to 4.x in all dependences, fixes nodejs/node#5213
+- Resolve pluggable resolvers using cwd and fallback to global modules, fixes #1919
+- Upgrade handlebars to 4.0.5, closes #2195
+- Replace all % chatacters in defined scripts, instead of only first one, fixes #2174
+- Update opn package to fix issues with "bower open" command on Windows
+- Update bower-config
+  - Do not interpolate environment variables in script hooks, fixes bower/config#47
+- Update bower-json
+  - Validate package name more strictly and allow only latin letters, dots, dashes and underscores
+- Add support for "save" and "save-exact" in .bowerrc, #2161
+
+## 1.7.7 - 2016-01-27
+
+Revert locations of all files while still packaging `node_modules`.
+
+It's because people are depending on internals of bower, like
+`bower/lib/renderers/StandardRenderer`. We want to preserve this
+implicit contract, but we discourage it. The only official way
+to use bower programmatically is through `require('bower')`.
+
+## 1.7.6 - 2016-01-27
+
+- Revert location of "bin/bower" as developers are using it directly ([#2157](https://github.com/bower/bower/issues/2157))
+  Note: Correctly, you should use an alias created in `npm bin --global`.
+
+## 1.7.5 - 2016-01-26
+
+- Remove analytics from Bower, fixes ([#2150](https://github.com/bower/bower/pull/2150))
+- Default to ^ operator on `bower install --save` ([#2145](https://github.com/bower/bower/pull/2145))
+- Support absolute path in .bowerrc directory option ([#2130](https://github.com/bower/bower/pull/2130))
+- Display user's name upon `bower login` command ([#2133](https://github.com/bower/bower/pull/2133))
+- Decompress gzip files ([#2092](https://github.com/bower/bower/pull/2092))
+- Prevent name clashes in package extraction ([#2102](https://github.com/bower/bower/pull/2102))
+- When strictSsl is false, set GIT_SSL_NO_VERIFY=true ([#2129](https://github.com/bower/bower/issues/2129))
+- Distribute bower with npm@3 for better Windows support ([#2146](https://github.com/bower/bower/issues/2146))
+- Update request to 2.67.0 and fs-write-stream-atomic to 1.0.8
+- Documentation improvements
+
+## 1.7.4 - 2016-01-21
+
+Unpublished because of issue with npm distribution:
+https://github.com/npm/npm/issues/11227
+
+## 1.7.3 - 2016-01-20
+
+Unpublished because of issue with npm distribution:
+https://github.com/npm/npm/issues/11227
+
+## 1.7.2 - 2015-12-31
+
+- Lock "fs-write-stream-atomic" to 1.0.5
+
+## 1.7.1 - 2015-12-11
+
+- Rollback "Add `bower update --save` functionality", it causes issues and needs more testing
+- Fix backward-compatibility of `bower search --json` ([#2066](https://github.com/bower/bower/issues/2066))
+- Ignore prerelease versions from `bower info` output
+- Update update-notifier to 0.6.0
+- Better formatting of help messages (https://github.com/bower/bower/commit/de3e1089da80f47ea3667c5ab80d301cddfd8c3e)
+- Add help menu for update `--save` and `update --save-dev` (https://github.com/bower/bower/commit/612aaa88eb4d4b268b2d8665c338ac086af3a5b0)
+
+## 1.7.0 - 2015-12-07
+
+- Add `bower update --save` functionality ([#2035](https://github.com/bower/bower/issues/2035))
+- `bower search` shows help message when no package name is specified ([#2066](https://github.com/bower/bower/issues/2066))
+- Update only those packages that are explicitly requested by the user. Related Issues
+  - [#256](https://github.com/bower/bower/issues/256)
+  - [#924](https://github.com/bower/bower/issues/924)
+  - [#1770](https://github.com/bower/bower/issues/1770)
+- Allow for @ in username for SVN on windows ([#1650](https://github.com/bower/bower/issues/1650))
+- Update bower config
+  - Loads the .bowerrc file from the cwd specified on the command line
+  - Allow the use of environment variables in .bowerrc ([#41](https://github.com/bower/config/issues/41))
+  - Allow for array notation in ENV variables ([#44](https://github.com/bower/config/issues/44))
+
+## 1.6.9 - 2015-12-04
+
+- Change git version of fs-write-stream-atomic back to npm version ([#2079](https://github.com/bower/bower/issues/2079))
+
+## 1.6.8 - 2015-11-27
+
+- Use fs-write-stream-atomic for downloads
+- Improved downloader that properly cleans after itself
+- Fix shallow host detection ([#2040](https://github.com/bower/bower/pull/2040))
+- Upgrade to ([bower-config#1.2.3](https://github.com/bower/config/releases/tag/1.2.3))
+  - Properly restore env variables if they are undefined at the beginning
+  - Properly handle `default` setting for config.ca
+  - Display proper error if .bowerrc is a directory instead of file
+
+## 1.6.7 - 2015-11-26
+
+- Bundless all the dependencies again
+
+## 1.6.6 - 2015-11-25
+
+- Fixes regression with the published npm version
+
+## 1.6.5 - 2015-10-24
+
+- Updates to tests and documentation
+- Fixes passing options when requesting downloads
+
+## 1.6.4 - 2015-10-24
+
+- Fix ignoring dependencies on multiple install run ([#1970](https://github.com/bower/bower/pull/1970))
+- Use --non-interactive when running svn client ([#1969](https://github.com/bower/bower/pull/1969))
+- Fix downloading of URLs ending with slash ([#1956](https://github.com/bower/bower/pull/1956))
+- Add user-agent field for downloads by Bower ([#1960](https://github.com/bower/bower/pull/1960))
+
+## 1.6.3 - 2015-10-16
+
+Fixes regression issues introduced with 1.6.2, specifically:
+
+- Allow for bower_components to be a symlink
+- Allow setting custom registry in .bowerrc
+
+## 1.6.2 - 2015-10-15
+
+Fix dependency issues of 1.6.1. First published release of 1.6.x.
+
+## 1.6.1 - 2015-10-15
+
+Fix dependency issues of 1.6.0. Reverted release.
+
+## 1.6.0 - 2015-10-15
+
+- Shrinkwrap all dependencies and add them to bundledDependencies ([#1948](https://github.com/bower/bower/pull/1948))
+- Allow for ignoring of child dependencies ([#1394](https://github.com/bower/bower/pull/1394))
+- Allow passing `--config.resolvers` through CLI ([#1922](https://github.com/bower/bower/pull/1922))
+- Use defaults values from package.json if it exists (bower init) ([#1731](https://github.com/bower/bower/issues/1731))
+- Properly use cerificates set in .bowerrc ([#1869](https://github.com/bower/bower/pull/1869))
+- Include package name when version conflict occurs ([#1917](https://github.com/bower/bower/pull/1917))
+- Add timeout for permission check ([yeoman/insight#35](https://github.com/yeoman/insight/pull/35))
+- Close file-handles when possible. Prevents all sorts of permission issues on Windows ([0bb1536](https://github.com/bower/bower/commit/0bb1536c9972e13f3be06bea9a8619632966c664))
+- Prevent ENOENT error on Windows when in VM environment ([isaacs/chmodr#8](https://github.com/isaacs/chmodr/pull/8))
+
+Reverted release.
+
+## 1.5.4 - 2015-11-24
+
+- [fix] Lock lru-cache dependency to 2.7.0
+
+## 1.5.3 - 2015-09-24
+
+- Revert auto sorting of bower dependencies, fixes ([#1897](https://github.com/bower/bower/issues/1897))
+- Fix --save-exact feature for github endpoints, fixes ([#1925](https://github.com/bower/bower/issues/1925))
+- Fix `bower init` to support private flag again ([#1819](https://github.com/bower/bower/pull/1819))
+- Bump insight dependency to support prompt timeout ([#1102](https://github.com/bower/bower/issues/1102))
+
+## 1.5.2 - 2015-08-25
+
+- Revert update semver version from 2.x to 5.x, fixes ([#1896](https://github.com/bower/bower/issues/1896))
+- Make bower commands work from subdirectories, fixes ([#1893](https://github.com/bower/bower/issues/1893))
+- Put auto shallow cloning for git behind a flag, fixes ([#1764](https://github.com/bower/bower/issues/1764))
+
+## 1.5.1 - 2015-08-24
+
+- If cwd provided explicitly, force using it, fixes #1866
+
+## 1.5.0 - 2015-08-24
+
+- Pluggable Resolvers! http://bower.io/docs/pluggable-resolvers/
+- Update semver version from 2.x to 5.x ([#1852](https://github.com/bower/bower/issues/1852))
+- Auto-sort dependencies alphabetically ([#1381](https://github.com/bower/bower/issues/1381))
+- Make bower commands work from subdirectories ([#1866](https://github.com/bower/bower/issues/1866))
+- No longer prefer installing bower as global module ([#1865](https://github.com/bower/bower/issues/1865))
+
+## 1.4.2 - 2015-11-24
+
+- [fix] Lock lru-cache dependency to 2.7.0
+
+## 1.4.1 - 2015-04-01
+
+- [fix] Reading .bowerrc upwards directory tree ([#1763](https://github.com/bower/bower/issues/1763))
+- [fix] Update bower-registry-client so it uses the same bower-config as bower
+
+## 1.4.0 - 2015-03-30
+
+- Add login and unregister commands ([#1719](https://github.com/bower/bower/issues/1719))
+- Automatically detecting smart Git hosts ([#1628](https://github.com/bower/bower/issues/1628))
+- [bower/config#23] Allow npm config variables ([#1711](https://github.com/bower/bower/issues/1711))
+- [bower/config#24] Merge .bowerrc files upwards directory tree ([#1689](https://github.com/bower/bower/issues/1689))
+- Better homedir detection (514eb8f)
+- Add --save-exact flag ([#1654](https://github.com/bower/bower/issues/1654))
+- Ensure extracted files are readable (tar-fs) ([#1548](https://github.com/bower/bower/issues/1548))
+- The version command in the programmatic API now returns the new version ([#1755](https://github.com/bower/bower/issues/1755))
+- Some minor fixes: #1639, #1620, #1576, #1557, 962a565, a464f5a
+- Improved Windows support (AppVeyor CI, tests actually passing on Windows)
+- OSX testing enabled on TravisCI
+
+It also includes improved test coverage (~60% -> ~85%) and many refactors.
+
+## 1.3.12 - 2014-09-28
+
+- [stability] Fix versions for unstable dependencies ([#1532](https://github.com/bower/bower/pull/1532))
+- [fix] Update tar-fs to support old tar format ([#1537](https://github.com/bower/bower/issues/1537))
+- [fix] Make analytics work again ([#1529](https://github.com/bower/bower/pull/1529))
+- [fix] Always disable analytics for non-interactive mode ([#1529](https://github.com/bower/bower/pull/1529))
+- [fix] Bower init can create private packages again ([#1522](https://github.com/bower/bower/issues/1522))
+- [fix] Show again missing newline for bower search output ([#1538](https://github.com/bower/bower/issues/1538))
+
+## 1.3.11 - 2014-09-17
+
+- [fix] Restore install missing dependencies on update ([1519](https://github.com/bower/bower/pull/1519))
+
+## 1.3.10 - 2014-09-13
+
+- [fix] Back down concurrency from 50 to 5 ([#1483](https://github.com/bower/bower/pull/1483))
+- [fix] Read .bowerrc from specified cwd ([#1301](https://github.com/bower/bower/pull/1301))
+- [fix] Disable shallow clones except those from GitHub ([#1393](https://github.com/bower/bower/pull/1393))
+- [fix] Expose bower version ([#1478](https://github.com/bower/bower/pull/1478))
+- [fix] Bump dependencies, including "request" ([#1467](https://github.com/bower/bower/pull/1467))
+- [fix] Prevent an error when piping bower output to head ([#1508](https://github.com/bower/bower/pull/1508))
+- [fix] Disable removing unnecessary resolutions ([#1061](https://github.com/bower/bower/pull/1061))
+- [fix] Display the output of hooks again ([#1484](https://github.com/bower/bower/issues/1484))
+- [fix] analytics: true in .bowerrc prevents user prompt ([#1470](https://github.com/bower/bower/pull/1470))
+- [perf] Use `tar-fs` instead of `tar` for faster TAR extraction ([#1490](https://github.com/bower/bower/pull/1490))
+
+## 1.3.9 - 2014-08-06
+
+- [fix] Handle `tmp` sometimes returning an array ([#1434](https://github.com/bower/bower/pull/1434))
+
+## 1.3.8 - 2014-7-11
+
+- [fix] Lock down `tmp` package dep ([#1403](https://github.com/bower/bower/pull/1403), [#1407](https://github.com/bower/bower/pull/1407))
+
+## 1.3.7 - 2014-07-04
+
+- [fix] callstack error when processing installed packages with circular dependencies ([#1349](https://github.com/bower/bower/issues/1349))
+- [fix] Prevent bower list --paths` failing with TypeError ([#1383](https://github.com/bower/bower/issues/1383))
+- "bower install" fails if there's no bower.json in current directory ([#922](https://github.com/bower/bower/issues/922))
+
+## 1.3.6 - 2014-07-02
+
+- [fix] Make --force always re-run installation ([#931](https://github.com/bower/bower/issues/931))
+- [fix] Disable caching for local resources ([#1356](https://github.com/bower/bower/issues/1356))
+- [fix] Emit errors instead throwing them when using bower.commands API ([#1297](https://github.com/bower/bower/issues/1297))
+- [fix] Main files and bower.json are never ignored ([#547](https://github.com/bower/bower/issues/547))
+- [fix] Check if pkgMeta is undefined during uninstall command ([#1329](https://github.com/bower/bower/issues/1329))
+- [fix] Make custom tmp dir and ignores play well with each other ([#1299](https://github.com/bower/bower/issues/1299))
+- Warn users when installing package with missing properties ([#694](https://github.com/bower/bower/issues/694))
+
+
+## 1.3.5 - 2014-06-06
+- Search compatible versions in fetching packages ([#1147](https://github.com/bower/bower/issues/1147))
+
+## 1.3.4 - 2014-06-02
+
+- Resolve a situation in which the install process gets into an infinite loop ([#1169](https://github.com/bower/bower/issues/1169))
+- Improved CLI output for conflicts ([#1284](https://github.com/bower/bower/issues/1284))
+- Changed `bower version` to mirror the tag format of `npm version` ([#1278](https://github.com/bower/bower/issues/1278))
+- Allow short commit SHAs to be used ([#990](https://github.com/bower/bower/issues/990))
+
+## 1.3.3 - 2014-04-24
+
+- Do not cache moving targets like branches ([#1242](https://github.com/bower/bower/issues/1242))
+- Suppress output if --quiet option is specified ([#1124](https://github.com/bower/bower/pull/1124))
+- Use "svn export" for efficiency ([#1224](https://github.com/bower/bower/pull/1224))
+- Prevent loading insights and analytics on CI ([#1221](https://github.com/bower/bower/issues/1221))
+- Make "bower list" respect custom components directory ([#1237](https://github.com/bower/bower/issues/1237))
+- Improve non-interactive loading performance 2x ([#1238](https://github.com/bower/bower/issues/1238))
+- Load commands only on demand, improving performance ([#1232](https://github.com/bower/bower/pull/1232))
+
+## 1.3.2 - 2014-04-05
+
+- Added yui moduleType [PR #1129](https://github.com/bower/bower/pull/1129)
+- Fixes for concurrency issues [PR #1211](https://github.com/bower/bower/pull/1211)
+- `link` now installs package dependencies [PR #891](https://github.com/bower/bower/pull/891)
+- Improved conflict installation message [Commit](https://github.com/bower/bower/commit/bea533acf87903d4b411bfbaa7df93f852ef46a3)
+- Add --production switch to "prune" command [PR #1168](https://github.com/bower/bower/pull/1168)
+
+
+## 1.3.1 - 2014-03-10
+
+- No longer ask for permission to gather analytics when running on in a CI environment.
+
+
+## 1.3.0 - 2014-03-10
+
+- **Removed support for node 0.8.** It may still work but we will no longer fix bugs for older versions of node.
+- Add **Bower Insight** for opt-in analytics integration to help improve tool and gain insight on community trends
+  - Old overview of [Insight](https://github.com/yeoman/yeoman/wiki/Insight), [Issue #260](https://github.com/bower/bower/issues/260)
+  - Reporting to GA. Public Dashboard is in progress.
+  - [Turn off interactive mode](https://github.com/bower/bower/issues/1162) if you run Bower in a CI environment
+- Add `moduleType` property to bower init ([#934](https://github.com/bower/bower/pull/934))
+- Fix prune command to log only after cleanup is completed ([#1023](https://github.com/bower/bower/issues/1023))
+- Fix git resolver to ignore pre-release versions ([#1017](https://github.com/bower/bower/issues/1017))
+- Fix shorthand flag for `save` option on `uninstall` command ([#1031](https://github.com/bower/bower/pull/1031))
+- Add `bower version` command ([#961](https://github.com/bower/bower/pull/961))
+- Add .bowerrc option to use `--save` by default when using `bower install` command ([#1074](https://github.com/bower/bower/pull/1074))
+- Fix git resolver caching ([#1083](https://github.com/bower/bower/issues/1083))
+- Fix reading versions from cache directory ([#1076](https://github.com/bower/bower/pull/1076))
+- Add svn support ([#1055](https://github.com/bower/bower/pull/1055))
+- Allow circular dependencies to be installed ([#1104](https://github.com/bower/bower/pull/1104))
+- Add scripts/hooks support ([#718](https://github.com/bower/bower/pull/718))
+
+_NOTE_: It's advisable that users use `--config.interactive=false` on automated scripts.
+
+
+## 1.2.8 - 2013-12-02
+- Fix absolute paths ending with / not going through the FsResolver, ([#898](https://github.com/bower/bower/issues/898))
+- Allow query string parameters in package URLs
+- Swapped 'unzip' module for 'decompress-zip', and some other small unzipping fixes([#873](https://github.com/bower/bower/issues/873), [#896](https://github.com/bower/bower/issues/896))
+- Allow the root-check to be overridden when calling bower programmatically.
+- Fixed some bugs relating to packages with a very large dependency tree
+- Fix a bug caused by a recent change to semver
+
 
 ## 1.2.7 - 2013-09-29
 
@@ -79,7 +413,7 @@ _NOTE_: It's advisable that users run `bower cache clean`.
 - Ignore `component.json` if it looks like a component(1) file ([#556](https://github.com/bower/bower/issues/556))
 - Fix multi-user usage on bower when it creates temporary directories to hold some files
 - Fix prompting causing an invalid JSON output when running commands with `--json`
-- When running Bower commands programmatically, prompting is now disabled by default (see the updated progammatic [usage](https://github.com/bower/bower#programmatic-api) for more info)
+- When running Bower commands programmatically, prompting is now disabled by default (see the updated programmatic [usage](https://github.com/bower/bower#programmatic-api) for more info)
 - Other minor improvements and fixes
 
 Fix for `#788` requires installed components to be re-installed.
@@ -141,7 +475,7 @@ Fix for `#788` requires installed components to be re-installed.
 - Fix `Bower` not working when calling `.bat`/`.cmd` commands on Windows; it affected people using `Git portable` ([#626](https://github.com/bower/bower/issues/626))
 - Fix `bower list --paths` not resolving all files to absolute paths when the `main` property contained multiple files ([660](https://github.com/bower/bower/issues/660))
 - Fix `Bower` renaming `bower.json` and `component.json` files to `index.json` when it was the only file in the folder ([#674](https://github.com/bower/bower/issues/674))
-- Ignore symlinks when copying/extracting since they are not portable, specially accross different hard-drives ([#665](https://github.com/bower/bower/issues/665))
+- Ignore symlinks when copying/extracting since they are not portable, specially across different hard-drives ([#665](https://github.com/bower/bower/issues/665))
 - Local file/dir endpoints are now exclusively referenced by an absolute path or relative path starting with `.` ([#666](https://github.com/bower/bower/issues/666))
 - Linked packages `bower.json` files are now parsed, making `bower list` account linked packages dependencies ([#659](https://github.com/bower/bower/issues/659))
 - Bower now fails to run with sudo unless `--allow-root` is passed ([#498](https://github.com/bower/bower/issues/498))
@@ -154,7 +488,7 @@ Fix for `#788` requires installed components to be re-installed.
 ## 1.0.0 - 2013-07-23
 
 Total rewrite of bower.
-The list bellow highlights the most important stuff.   
+The list bellow highlights the most important stuff.
 For a complete list of changes that this rewrite and release brings please read: https://github.com/bower/bower/wiki/Rewrite-state
 
 
@@ -177,7 +511,7 @@ Non-backwards compatible changes:
 - `--map` and `--sources` from the list command were removed, use `--json` instead
 - Programmatic usage changed, specially the commands interface
 
-Users upgrading from `bower-canary` and `bower@~0.x.x` should do a `bower cache clean`.   
+Users upgrading from `bower-canary` and `bower@~0.x.x` should do a `bower cache clean`.
 Additionally you may remove the `~/.bower` folder manually since it's no longer used.
 On Windows the folder is located in `AppData/bower`.
 
@@ -305,7 +639,7 @@ _NOTE_: The `components` folder will still be used if already created, making it
 
 ## 0.6.1 - 2012-11-22
 - Fix uninstall when the project component.json has no deps saved ([#153](https://github.com/bower/bower/issues/153))
-- Fix uncaught errors when using file writter (they are now caught and reported)
+- Fix uncaught errors when using file writer (they are now caught and reported)
 - Fix temporary directories not being deleted when an exception occurs ([#153](https://github.com/bower/bower/issues/140))
 
 ## 0.6.0 - 2012-11-21

CONTRIBUTING.md

@@ -1,13 +1,26 @@
 # Contributing to Bower
 
-Please take a moment to review this document in order to make the contribution
-process easy and effective for everyone involved.
+Bower is a large community project with many different developers contributing at all levels to the project. We're **actively** looking for more contributors right now. If you're interested in becoming a Bower maintainer or supporting in any way, please fill the following form: http://goo.gl/forms/P1ndzCNoiG. There is more information about [contributing](https://github.com/bower/bower/wiki/Contributor-Guidelines) in the Wiki.
 
-Following these guidelines helps to communicate that you respect the time of
-the developers managing and developing this open source project. In return,
-they should reciprocate that respect in addressing your issue, assessing
-changes, and helping you finalize your pull requests.
+<a name="bugs"></a>
+## 🐛 [Bug reports](https://github.com/bower/bower/wiki/Report-a-Bug)
 
+## Casual Involvement
+
+* Improve the bower.io site ([tickets](https://github.com/bower/bower.github.io/issues))
+* Comment on issues and drive to resolution
+
+## High-impact Involvement
+
+* Maintaining the bower client.
+  * Read [Architecture doc](https://github.com/bower/bower/wiki/Rewrite-architecture)
+  * Triage, close, fix and resolve [issues](https://github.com/bower/bower/issues)
+
+## Team Meetings
+
+We communicate through a channel on Discord https://discord.gg/0fFM7QF0KpZRh2cY 
+
+If you'd like to attend the meetings, please fill the [support form](http://goo.gl/forms/P1ndzCNoiG), and you'll get an invite.
 
 ## Using the issue tracker
 
@@ -16,57 +29,15 @@ The issue tracker is the preferred channel for [bug reports](#bugs),
 requests](#pull-requests), but please respect the following restrictions:
 
 * Please **do not** use the issue tracker for personal support requests. Use
-  [Stack Overflow](http://stackoverflow.com/questions/tagged/bower), our
-  [Mailing List](http://groups.google.com/group/twitter-bower)
+  [Stack Overflow](http://stackoverflow.com/questions/tagged/bower),
+  [Discord Channel](https://discordapp.com/channels/119103197720739842/123728452816732160),
+  [Mailing List](http://groups.google.com/group/twitter-bower),
   (twitter-bower@googlegroups.com), or
   [#bower](http://webchat.freenode.net/?channels=bower) on Freenode.
 
 * Please **do not** derail or troll issues. Keep the discussion on topic and
   respect the opinions of others.
 
-
-<a name="bugs"></a>
-## Bug reports
-
-A bug is a _demonstrable problem_ that is caused by the code in the repository.
-Good bug reports are extremely helpful - thank you!
-
-Guidelines for bug reports:
-
-1. **Use the GitHub issue search** &mdash; check if the issue has already been
-   reported.
-
-2. **Check if the issue has been fixed** &mdash; try to reproduce it using the
-   latest `master` or development branch in the repository.
-
-3. **Isolate the problem** &mdash; ideally create a [reduced test
-   case](http://css-tricks.com/6263-reduced-test-cases/).
-
-A good bug report shouldn't leave others needing to chase you up for more
-information. Please try to be as detailed as possible in your report. What is
-your environment? What steps will reproduce the issue? What OS experiences the
-problem? What would you expect to be the outcome? All these details will help
-people to fix any potential bugs.
-
-Example:
-
-> Short and descriptive example bug report title
->
-> A summary of the issue and the browser/OS environment in which it occurs. If
-> suitable, include the steps required to reproduce the bug.
->
-> 1. This is the first step
-> 2. This is the second step
-> 3. Further steps, etc.
->
-> `<url>` - a link to the reduced test case
->
-> Any other information you want to share that is relevant to the issue being
-> reported. This might include the lines of code that you have identified as
-> causing the bug, and potential solutions (and your opinions on their
-> merits).
-
-
 <a name="features"></a>
 ## Feature requests
 
@@ -150,6 +121,8 @@ included in the project:
    force push to your remote feature branch. You may also be asked to squash
    commits.
 
+10. If you are asked to squash your commits, then please use `git rebase -i master`. It will ask you to pick your commits - pick the major commits and squash the rest.
+
 **IMPORTANT**: By submitting a patch, you agree to license your work under the
 same license as that used by the project.
 

Gruntfile.js

@@ -1,17 +1,40 @@
+'use strict';
+
+var tmp = require('tmp');
+var childProcess = require('child_process');
+var arraydiff = require('arr-diff');
+var fs = require('fs');
+var wrench = require('wrench');
+var inquirer = require('inquirer');
+var path = require('path');
+
 module.exports = function (grunt) {
+    require('load-grunt-tasks')(grunt);
+
     grunt.initConfig({
-        jshint: {
+        eslint: {
             options: {
-                jshintrc: '.jshintrc'
+                fix: true
             },
-            files: ['Gruntfile.js', 'bin/*', 'lib/**/*.js', 'test/**/*.js', '!test/assets/**/*', '!test/reports/**/*']
+            files: [
+                'Gruntfile.js',
+                'bin/*',
+                'lib/**/*.js',
+                'test/**/*.js',
+                '!test/assets/**/*',
+                '!test/reports/**/*',
+                '!test/sample/**/*',
+                '!test/tmp/**/*'
+            ]
         },
         simplemocha: {
             options: {
                 reporter: 'spec',
-                timeout: '5000'
+                timeout: '15000'
+            },
+            full: {
+                src: ['test/test.js']
             },
-            full: { src: ['test/test.js'] },
             short: {
                 options: {
                     reporter: 'dot'
@@ -20,29 +43,171 @@ module.exports = function (grunt) {
             }
         },
         exec: {
-            assets: {
-                command: 'node test/packages.js'
+            'assets': {
+                command: 'node test/packages.js && node test/packages-svn.js'
             },
             'assets-force': {
-                command: 'node test/packages.js --force'
+                command: 'node test/packages.js --force && node test/packages-svn.js --force'
             },
-            cover: {
-                command: 'node node_modules/istanbul/lib/cli.js cover --dir ./test/reports node_modules/mocha/bin/_mocha -- -R dot test/test.js'
+            'cover': {
+                command: 'node node_modules/istanbul/lib/cli.js cover --dir ./test/reports node_modules/mocha/bin/_mocha -- --timeout 30000 -R dot test/test.js'
+            },
+            'coveralls': {
+                command: 'npm run coveralls < test/reports/lcov.info',
+                exitCodes: [0, 1, 2, 3] // Alow for failure for coverage report
             }
         },
         watch: {
-            files: ['<%= jshint.files %>'],
-            tasks: ['jshint', 'simplemocha:short']
+            files: ['<%= eslint.files %>'],
+            tasks: ['eslint', 'simplemocha:short']
         }
     });
 
-    grunt.loadNpmTasks('grunt-contrib-jshint');
-    grunt.loadNpmTasks('grunt-contrib-watch');
-    grunt.loadNpmTasks('grunt-simple-mocha');
-    grunt.loadNpmTasks('grunt-exec');
-
     grunt.registerTask('assets', ['exec:assets-force']);
-    grunt.registerTask('test', ['jshint', 'exec:assets', 'simplemocha:full']);
+    grunt.registerTask('test', ['eslint', 'exec:assets', 'simplemocha:full']);
     grunt.registerTask('cover', 'exec:cover');
+    grunt.registerTask('travis', ['eslint', 'exec:assets', 'exec:cover', 'exec:coveralls']);
     grunt.registerTask('default', 'test');
+
+    grunt.task.registerTask('publish', 'Perform final checks and publish Bower', function () {
+        var npmVersion = JSON.parse(childProcess.execSync('npm version --json').toString()).npm.split('.');
+        var npmMajor = parseInt(npmVersion[0], 10);
+        var npmMinor = parseInt(npmVersion[1], 10);
+
+        var jsonPackage = require('./package');
+
+        if (npmMajor !== 3 || npmMinor < 5) {
+            grunt.log.writeln('You need to use at least npm@3.5 to publish bower.');
+            grunt.log.writeln('It is because npm 2.x produces too long paths that Windows does not handle.');
+            grunt.log.writeln('Please upgrade it: npm install -g npm');
+            process.exit(1);
+        }
+
+        var version = jsonPackage.version;
+        var changelog = fs.readFileSync('./CHANGELOG.md');
+
+        if (changelog.indexOf('## ' + version) === -1) {
+            grunt.log.writeln('Please add changelog.md entry for this bower version (' + version + ')');
+
+            var lastRelease = childProcess.execSync('git tag | tail -1').toString().trim();
+
+            grunt.log.writeln('Commits since last release (' + lastRelease + '): \n');
+
+            grunt.log.writeln(childProcess.execSync('git log --oneline ' + lastRelease + '..').toString());
+
+            process.exit(1);
+        }
+
+        if (childProcess.execSync('git rev-parse --abbrev-ref HEAD').toString().trim() !== 'master') {
+            grunt.log.writeln('You need to release bower from the "master" branch');
+
+            process.exit(1);
+        }
+
+        if (process.env.SKIP_TESTS !== '1') {
+            grunt.log.writeln('Reinstalling dependencies...');
+            childProcess.execSync('rm -rf node_modules && npm install', { stdio: [0, 1, 2] });
+
+            grunt.log.writeln('Running test suite...');
+            childProcess.execSync('grunt test', { stdio: [0, 1, 2] });
+        }
+
+        var dir = tmp.dirSync().name;
+
+        wrench.copyDirSyncRecursive(__dirname, dir, {
+            forceDelete: true,
+            include: function (path) {
+                return !path.match(/node_modules|\.git|test/);
+            }
+        });
+
+        grunt.log.writeln('Installing production dependencies...');
+        childProcess.execSync('npm install --production --silent', { cwd: dir, stdio: [0, 1, 2] });
+
+        delete jsonPackage.dependencies;
+        delete jsonPackage.devDependencies;
+        delete jsonPackage.scripts;
+
+        fs.writeFileSync(path.resolve(dir, 'package.json'), JSON.stringify(jsonPackage, null, '  ') + '\n');
+
+
+        grunt.log.writeln('Moving node_modules to lib directory...');
+
+        wrench.copyDirSyncRecursive(path.resolve(dir, 'node_modules'), path.resolve(dir, 'lib', 'node_modules'));
+        wrench.rmdirSyncRecursive(path.resolve(dir, 'node_modules'));
+
+        grunt.log.writeln('Testing bower on sample project...');
+
+        childProcess.execSync(
+            'cd test/sample && rm -rf bower_components && ' + dir + '/bin/bower install --force', { stdio: [0, 1, 2] }
+        );
+
+        var expectedPackages = (
+            'SHA-1 ace-builds almond angular angular-animate angular-bootstrap angular-charts angular-contenteditable ' +
+            'angular-deckgrid angular-fullscreen angular-gravatar angular-hotkeys angular-local-storage angular-marked ' +
+            'angular-moment angular-sanitize angular-touch angular-ui-router angular-ui-sortable ' +
+            'angulartics asEvented bootstrap coffee-script d3 es6-shim font-awesome howler jquery ' +
+            'jquery-ui jquery-waypoints js-beautify lodash lz-string marked moment ng-file-upload peerjs ' +
+            'requirejs restangular slimScroll slimScrollHorizontal venturocket-angular-slider'
+        ).split(' ');
+
+        var installedPackages = fs.readdirSync('./test/sample/bower_components');
+
+        var installedDiff = arraydiff(expectedPackages, installedPackages);
+
+        if (installedDiff.length > 0) {
+            grunt.log.writeln('ERROR. Some packages were not installed by bower: ');
+            grunt.log.writeln(installedDiff.join(', '));
+
+            process.exit(1);
+        }
+
+        grunt.log.writeln('\nBower production bundle installed in:');
+        grunt.log.writeln(dir + '\n');
+
+        var questions = [
+            {
+                type: 'confirm',
+                name: 'review',
+                message: 'Did you review all the changes with "git diff"?',
+                default: false
+            },
+            {
+                type: 'confirm',
+                name: 'changelog',
+                message: 'Are you sure the CHANGELOG.md contains all changes?',
+                default: false
+            },
+            {
+                type: 'confirm',
+                name: 'tests',
+                message: 'Are you sure all tests are passing on Travis and Appveyor?',
+                default: false
+            },
+            {
+                type: 'confirm',
+                name: 'publish',
+                message: 'Are you SURE you want to publish ' + jsonPackage.name + '@' + jsonPackage.version + '?',
+                default: false
+            }
+        ];
+
+        var done = this.async();
+
+        inquirer.prompt(questions, function (answers) {
+            if (!answers.review || !answers.changelog || !answers.tests || !answers.publish) {
+                grunt.log.writeln('Please publish bower after you fix this issue');
+
+                process.exit(1);
+            }
+
+            grunt.log.writeln('\nPlease remember to tag this relese, and add a release on Github!');
+            grunt.log.writeln('\nAlso, please remember to test published Bower one more time!');
+            grunt.log.writeln('\nPublishing Bower...');
+
+            childProcess.execSync('npm publish --tag beta', { cwd: dir, stdio: [0, 1, 2] });
+
+            done();
+        });
+    });
 };

LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2012 Twitter and other contributors
+Copyright (c) 2013-present Twitter and other contributors
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of
 this software and associated documentation files (the "Software"), to deal in

README.md

@@ -1,357 +1,200 @@
-# BOWER [![Build Status](https://secure.travis-ci.org/bower/bower.png?branch=master)](http://travis-ci.org/bower/bower)
+# Bower - A package manager for the web
 
-Bower is a package manager for the web. It offers a generic, unopinionated
-solution to the problem of **front-end package management**, while exposing the
-package dependency model via an API that can be consumed by a more opinionated
-build stack. There are no system wide dependencies, no dependencies are shared
-between different apps, and the dependency tree is flat.
+[![Backers on Open Collective](https://opencollective.com/bower/backers/badge.svg)](#backers)
+[![Sponsors on Open Collective](https://opencollective.com/bower/sponsors/badge.svg)](#sponsors)
 
-Bower runs over Git, and is package-agnostic. A packaged component can be made
-up of any type of asset, and use any type of transport (e.g., AMD, CommonJS,
-etc.).
+> ..psst! While Bower is maintained, we recommend [yarn](https://yarnpkg.com/) and [webpack](https://webpack.js.org/) for new front-end projects!
 
-[View all packages available through Bower's registry](http://sindresorhus.com/bower-components/).
+[![Unix CI](https://img.shields.io/travis/bower/bower/master.svg?maxAge=2592000)](https://travis-ci.org/bower/bower)
+[![Windows CI](https://img.shields.io/appveyor/ci/bower/bower/master.svg)](https://ci.appveyor.com/project/bower/bower)
+[![Coverage Status](https://img.shields.io/coveralls/bower/bower.svg)](https://coveralls.io/r/bower/bower?branch=master)
+[![Discord chat](https://img.shields.io/badge/discord-join%20chat%20%E2%86%92-brightgreen.svg?style=flat)](https://discord.gg/0fFM7QF0KpZRh2cY)
 
+<img align="right" height="300" src="http://bower.io/img/bower-logo.png">
 
-## Installing Bower
+---
 
-Bower depends on [Node](http://nodejs.org/) and [npm](http://npmjs.org/). It's
-installed globally using npm:
+Bower offers a generic, unopinionated solution to the problem of **front-end package management**, while exposing the package dependency model via an API that can be consumed by a more opinionated build stack. There are no system wide dependencies, no dependencies are shared between different apps, and the dependency tree is flat.
 
-```
-npm install -g bower
+Bower runs over Git, and is package-agnostic. A packaged component can be made up of any type of asset, and use any type of transport (e.g., AMD, CommonJS, etc.).
+
+**View complete docs on [bower.io](http://bower.io)**
+
+[View all packages available through Bower's registry](http://bower.io/search/).
+
+## Install
+
+```sh
+$ npm install -g bower
 ```
 
-Also make sure that [git](http://git-scm.com/) is installed as some bower
+Bower depends on [Node.js](http://nodejs.org/) and [npm](http://npmjs.org/). Also make sure that [git](http://git-scm.com/) is installed as some bower
 packages require it to be fetched and installed.
 
 
 ## Usage
 
-Much more information is available via `bower help` once it's installed. This
-is just enough to get you started.
-
-#### Warning
-
-On `prezto` or `oh-my-zsh`, do not forget to `alias bower='noglob bower'` or `bower install jquery\#1.9.1`
-
-#### Running commands with sudo
-
-Bower is a user command, there is no need to execute it with superuser permissions.
-However, if you still want to run commands with sudo, use `--allow-root` option.
+See complete command line reference at [bower.io/docs/api/](http://bower.io/docs/api/)
 
 ### Installing packages and dependencies
 
-Bower offers several ways to install packages:
+```sh
+# install dependencies listed in bower.json
+$ bower install
 
+# install a package and add it to bower.json
+$ bower install <package> --save
+
+# install specific version of a package and add it to bower.json
+$ bower install <package>#<version> --save
 ```
-# Using the dependencies listed in the current directory's bower.json
-bower install
-# Using a local or remote package
-bower install <package>
-# Using a specific version of a package
-bower install <package>#<version>
-# Using a different name and a specific version of a package
-bower install <name>=<package>#<version>
-```
-
-Where `<package>` can be any one of the following:
-
-* A name that maps to a package registered with Bower, e.g, `jquery`. ‡
-* A remote Git endpoint, e.g., `git://github.com/someone/some-package.git`. Can be
-  public or private. ‡
-* A local endpoint, i.e., a folder that's a Git repository. ‡
-* A shorthand endpoint, e.g., `someone/some-package` (defaults to GitHub). ‡
-* A URL to a file, including `zip` and `tar` files. Its contents will be
-  extracted.
-
-‡ These types of `<package>` might have versions available. You can specify a
-[semver](http://semver.org/) compatible version to fetch a specific release, and lock the
-package to that version. You can also use ranges to specify a range of versions.
-
-All package contents are installed in the `bower_components` directory by default.
-You should **never** directly modify the contents of this directory.
-
-Using `bower list` will show all the packages that are installed locally.
-
-**N.B.** If you aren't authoring a package that is intended to be consumed by
-others (e.g., you're building a web app), you should always check installed
-packages into source control.
-
-### Finding packages
-
-To search for packages registered with Bower:
-
-```
-bower search [<name>]
-```
-
-Using just `bower search` will list all packages in the registry.
 
 ### Using packages
 
-The easiest approach is to use Bower statically, just reference the package's
-installed components manually using a `script` tag:
+We discourage using bower components statically for performance and security reasons (if component has an `upload.php` file that is not ignored, that can be easily exploited to do malicious stuff).
 
-```html
-<script src="/bower_components/jquery/index.js"></script>
-```
-
-For more complex projects, you'll probably want to concatenate your scripts or
-use a module loader. Bower is just a package manager, but there are plenty of
-other tools -- such as [Sprockets](https://github.com/sstephenson/sprockets)
-and [RequireJS](http://requirejs.org/) -- that will help you do this.
-
-### Registering packages
-
-To register a new package:
-
-* There **must** be a valid manifest JSON in the current working directory.
-* Your package should use [semver](http://semver.org/) Git tags.
-* Your package **must** be available at a Git endpoint (e.g., GitHub); remember
-  to push your Git tags!
-
-Then use the following command:
-
-```
-bower register <my-package-name> <git-endpoint>
-```
-
-The Bower registry does not have authentication or user management at this point
-in time. It's on a first come, first served basis. Think of it like a URL
-shortener. Now anyone can run `bower install <my-package-name>`, and get your
-library installed.
-
-There is no direct way to unregister a package yet. For now, you can [request a
-package be unregistered](https://github.com/bower/bower/issues/120).
+The best approach is to process components installed by bower with build tool (like [Grunt](http://gruntjs.com/) or [gulp](http://gulpjs.com/)), and serve them concatenated or using a module loader (like [RequireJS](http://requirejs.org/)).
 
 ### Uninstalling packages
 
 To uninstall a locally installed package:
 
-```
-bower uninstall <package-name>
+```sh
+$ bower uninstall <package-name>
 ```
 
+### prezto and oh-my-zsh users
 
-## Configuration
+On `prezto` or `oh-my-zsh`, do not forget to `alias bower='noglob bower'` or `bower install jquery\#1.9.1`
 
-Bower can be configured using JSON in a `.bowerrc` file.
+### Never run Bower with sudo
 
-The current spec can be read
-[here](https://docs.google.com/document/d/1APq7oA9tNao1UYWyOm8dKqlRP2blVkROYLZ2fLIjtWc/edit#heading=h.4pzytc1f9j8k)
-in the `Configuration` section.
+Bower is a user command; there is no need to execute it with superuser permissions.
 
-
-## Defining a package
-
-You must create a `bower.json` in your project's root, and specify all of its
-dependencies. This is similar to Node's `package.json`, or Ruby's `Gemfile`,
-and is useful for locking down a project's dependencies.
-
-*NOTE:* In versions of Bower before 0.9.0 the package metadata file was called
-`component.json` rather than `bower.json`. This has changed to avoid a name
-clash with another tool. You can still use `component.json` for now but it is
-deprecated and the automatic fallback is likely to be removed in an upcoming
-release.
-
-You can interactively create a `bower.json` with the following command:
-
-```
-bower init
-```
-
-The `bower.json` defines several options:
-
-* `name` (required): The name of your package.
-* `version`: A semantic version number (see [semver](http://semver.org/)).
-* `main` [string|array]: The primary endpoints of your package.
-* `ignore` [array]: An array of paths not needed in production that you want
-  Bower to ignore when installing your package.
-* `dependencies` [hash]: Packages your package depends upon in production.
-* `devDependencies` [hash]: Development dependencies.
-* `private` [boolean]: Set to true if you want to keep the package private and 
-  do not want to register the package in future.
-
-```json
-{
-  "name": "my-project",
-  "version": "1.0.0",
-  "main": "path/to/main.css",
-  "ignore": [
-    ".jshintrc",
-    "**/*.txt"
-  ],
-  "dependencies": {
-    "<name>": "<version>",
-    "<name>": "<folder>",
-    "<name>": "<package>"
-  },
-  "devDependencies": {
-    "<test-framework-name>": "<version>"
-  }
-}
-```
-
-
-## Consuming a package
-
-Bower also makes available a source mapping. This can be used by build tools to
-easily consume Bower packages.
-
-If you pass the `--paths` option to Bower's `list` command, you will get a
-simple path-to-name mapping:
-
-```json
-{
-  "backbone": "bower_components/backbone/index.js",
-  "jquery": "bower_components/jquery/index.js",
-  "underscore": "bower_components/underscore/index.js"
-}
-```
-
-Alternatively, every command supports the `--json` option that makes bower
-output JSON. Command result is outputted to `stdout` and error/logs to
-`stderr`.
-
-
-## Programmatic API
-
-Bower provides a powerful, programmatic API. All commands can be accessed
-through the `bower.commands` object.
-
-```js
-var bower = require('bower');
-
-bower.commands
-.install(['jquery'], { save: true }, { /* custom config */ })
-.on('end', function (installed) {
-    console.log(installed);
-});
-
-bower.commands
-.search('jquery', {})
-.on('end', function (results) {
-    console.log(results);
-});
-```
-
-Commands emit four types of events: `log`, `prompt`, `end`, `error`.
-
-* `log` is emitted to report the state/progress of the command.
-* `prompt` is emitted whenever the user needs to be prompted.
-* `error` will only be emitted if something goes wrong.
-* `end` is emitted when the command successfully ends.
-
-For a better of idea how this works, you may want to check out [our bin
-file](https://github.com/bower/bower/blob/master/bin/bower).
-
-When using bower programmatically, prompting is disabled by default. Though you can enable it when calling commands with `interactive: true` in the config.
-This requires you to listen for the `prompt` event and handle the prompting yourself. The easiest way is to use the [inquirer](https://npmjs.org/package/inquirer) npm module like so:
-
-```js
-var inquirer =  require('inquirer');
-
-bower.commands
-.install(['jquery'], { save: true }, { interactive: true })
-// ..
-.on('prompt', function (prompts, callback) {
-    inquirer.prompt(prompts, callback);
-});
-```
-
-
-## Completion (experimental)
-
-_NOTE_: Completion is still not implemented for the 1.0.0 release
-
-Bower now has an experimental `completion` command that is based on, and works
-similarly to the [npm completion](https://npmjs.org/doc/completion.html). It is
-not available for Windows users.
-
-This command will output a Bash / ZSH script to put into your `~/.bashrc`,
-`~/.bash_profile`, or `~/.zshrc` file.
-
-```
-bower completion >> ~/.bash_profile
-```
-
-
-## A note for Windows users
+### Windows users
 
 To use Bower on Windows, you must install
-[msysgit](http://code.google.com/p/msysgit/) correctly. Be sure to check the
-option shown below:
+[Git for Windows](http://git-for-windows.github.io/) correctly. Be sure to check the
+options shown below:
 
-![msysgit](http://f.cl.ly/items/2V2O3i1p3R2F1r2v0a12/mysgit.png)
+<img src="https://cloud.githubusercontent.com/assets/10702007/10532690/d2e8991a-7386-11e5-9a57-613c7f92e84e.png" width="534" height="418" alt="Git for Windows" />
+
+<img src="https://cloud.githubusercontent.com/assets/10702007/10532694/dbe8857a-7386-11e5-9bd0-367e97644403.png" width="534" height="418" alt="Git for Windows" />
 
 Note that if you use TortoiseGit and if Bower keeps asking for your SSH
 password, you should add the following environment variable: `GIT_SSH -
 C:\Program Files\TortoiseGit\bin\TortoisePlink.exe`. Adjust the `TortoisePlink`
 path if needed.
 
+### Ubuntu users
 
-## Contact
+To use Bower on Ubuntu, you might need to link `nodejs` executable to `node`:
 
-Have a question?
+```
+sudo ln -s /usr/bin/nodejs /usr/bin/node
+```
 
+## Configuration
+
+Bower can be configured using JSON in a `.bowerrc` file. Read over available options at [bower.io/docs/config](http://bower.io/docs/config).
+
+
+## Support
+
+* [Discord chat](https://discord.gg/0fFM7QF0KpZRh2cY)
 * [StackOverflow](http://stackoverflow.com/questions/tagged/bower)
 * [Mailinglist](http://groups.google.com/group/twitter-bower) - twitter-bower@googlegroups.com
-* [\#bower](http://webchat.freenode.net/?channels=bower) on Freenode
 
+## Contributing
 
-## Contributing to this project
+We welcome [contributions](https://github.com/bower/bower/graphs/contributors) of all kinds from anyone. Please take a moment to review the [guidelines for contributing](CONTRIBUTING.md).
 
-Anyone and everyone is welcome to contribute. Please take a moment to
-review the [guidelines for contributing](CONTRIBUTING.md).
-
-* [Bug reports](CONTRIBUTING.md#bugs)
+* [Bug reports](https://github.com/bower/bower/wiki/Report-a-Bug)
 * [Feature requests](CONTRIBUTING.md#features)
 * [Pull requests](CONTRIBUTING.md#pull-requests)
 
 
-## Authors
+Note that on Windows for tests to pass you need to configure Git before cloning:
 
-* [@fat](https://github.com/fat)
-* [@maccman](https://github.com/maccman)
-* [@satazor](https://github.com/satazor)
+```
+git config --global core.autocrlf input
+```
 
-Thanks for assistance and contributions:
 
-[@addyosmani](https://github.com/addyosmani),
-[@angus-c](https://github.com/angus-c),
-[@borismus](https://github.com/borismus),
-[@carsonmcdonald](https://github.com/carsonmcdonald),
-[@chriseppstein](https://github.com/chriseppstein),
-[@danwrong](https://github.com/danwrong),
-[@davidmaxwaterman](https://github.com/davidmaxwaterman),
-[@desandro](https://github.com/desandro),
-[@hemanth](https://github.com/hemanth),
-[@isaacs](https://github.com/isaacs),
-[@josh](https://github.com/josh),
-[@jrburke](https://github.com/jrburke),
-[@marcelombc](https://github.com/marcelombc),
-[@marcooliveira](https://github.com/marcooliveira),
-[@mklabs](https://github.com/mklabs),
-[@MrDHat](https://github.com/MrDHat),
-[@necolas](https://github.com/necolas),
-[@paulirish](https://github.com/paulirish),
-[@richo](https://github.com/richo),
-[@rvagg](https://github.com/rvagg),
-[@sindresorhus](https://github.com/sindresorhus),
-[@SlexAxton](https://github.com/SlexAxton),
-[@sstephenson](https://github.com/sstephenson),
-[@svnlto](https://github.com/svnlto),
-[@tomdale](https://github.com/tomdale),
-[@uzquiano](https://github.com/uzquiano),
-[@visionmedia](https://github.com/visionmedia),
-[@wagenet](https://github.com/wagenet),
-[@wibblymat](https://github.com/wibblymat),
-[@wycats](https://github.com/wycats)
+## Backers
+
+Support us with a monthly donation and help us continue our activities. [[Become a backer](https://opencollective.com/bower#backer)]
+
+<a href="https://opencollective.com/bower/backer/0/website" target="_blank"><img src="https://opencollective.com/bower/backer/0/avatar.svg"></a>
+<a href="https://opencollective.com/bower/backer/1/website" target="_blank"><img src="https://opencollective.com/bower/backer/1/avatar.svg"></a>
+<a href="https://opencollective.com/bower/backer/2/website" target="_blank"><img src="https://opencollective.com/bower/backer/2/avatar.svg"></a>
+<a href="https://opencollective.com/bower/backer/3/website" target="_blank"><img src="https://opencollective.com/bower/backer/3/avatar.svg"></a>
+<a href="https://opencollective.com/bower/backer/4/website" target="_blank"><img src="https://opencollective.com/bower/backer/4/avatar.svg"></a>
+<a href="https://opencollective.com/bower/backer/5/website" target="_blank"><img src="https://opencollective.com/bower/backer/5/avatar.svg"></a>
+<a href="https://opencollective.com/bower/backer/6/website" target="_blank"><img src="https://opencollective.com/bower/backer/6/avatar.svg"></a>
+<a href="https://opencollective.com/bower/backer/7/website" target="_blank"><img src="https://opencollective.com/bower/backer/7/avatar.svg"></a>
+<a href="https://opencollective.com/bower/backer/8/website" target="_blank"><img src="https://opencollective.com/bower/backer/8/avatar.svg"></a>
+<a href="https://opencollective.com/bower/backer/9/website" target="_blank"><img src="https://opencollective.com/bower/backer/9/avatar.svg"></a>
+<a href="https://opencollective.com/bower/backer/10/website" target="_blank"><img src="https://opencollective.com/bower/backer/10/avatar.svg"></a>
+<a href="https://opencollective.com/bower/backer/11/website" target="_blank"><img src="https://opencollective.com/bower/backer/11/avatar.svg"></a>
+<a href="https://opencollective.com/bower/backer/12/website" target="_blank"><img src="https://opencollective.com/bower/backer/12/avatar.svg"></a>
+<a href="https://opencollective.com/bower/backer/13/website" target="_blank"><img src="https://opencollective.com/bower/backer/13/avatar.svg"></a>
+<a href="https://opencollective.com/bower/backer/14/website" target="_blank"><img src="https://opencollective.com/bower/backer/14/avatar.svg"></a>
+<a href="https://opencollective.com/bower/backer/15/website" target="_blank"><img src="https://opencollective.com/bower/backer/15/avatar.svg"></a>
+<a href="https://opencollective.com/bower/backer/16/website" target="_blank"><img src="https://opencollective.com/bower/backer/16/avatar.svg"></a>
+<a href="https://opencollective.com/bower/backer/17/website" target="_blank"><img src="https://opencollective.com/bower/backer/17/avatar.svg"></a>
+<a href="https://opencollective.com/bower/backer/18/website" target="_blank"><img src="https://opencollective.com/bower/backer/18/avatar.svg"></a>
+<a href="https://opencollective.com/bower/backer/19/website" target="_blank"><img src="https://opencollective.com/bower/backer/19/avatar.svg"></a>
+<a href="https://opencollective.com/bower/backer/20/website" target="_blank"><img src="https://opencollective.com/bower/backer/20/avatar.svg"></a>
+<a href="https://opencollective.com/bower/backer/21/website" target="_blank"><img src="https://opencollective.com/bower/backer/21/avatar.svg"></a>
+<a href="https://opencollective.com/bower/backer/22/website" target="_blank"><img src="https://opencollective.com/bower/backer/22/avatar.svg"></a>
+<a href="https://opencollective.com/bower/backer/23/website" target="_blank"><img src="https://opencollective.com/bower/backer/23/avatar.svg"></a>
+<a href="https://opencollective.com/bower/backer/24/website" target="_blank"><img src="https://opencollective.com/bower/backer/24/avatar.svg"></a>
+<a href="https://opencollective.com/bower/backer/25/website" target="_blank"><img src="https://opencollective.com/bower/backer/25/avatar.svg"></a>
+<a href="https://opencollective.com/bower/backer/26/website" target="_blank"><img src="https://opencollective.com/bower/backer/26/avatar.svg"></a>
+<a href="https://opencollective.com/bower/backer/27/website" target="_blank"><img src="https://opencollective.com/bower/backer/27/avatar.svg"></a>
+<a href="https://opencollective.com/bower/backer/28/website" target="_blank"><img src="https://opencollective.com/bower/backer/28/avatar.svg"></a>
+<a href="https://opencollective.com/bower/backer/29/website" target="_blank"><img src="https://opencollective.com/bower/backer/29/avatar.svg"></a>
+
+
+## Sponsors
+
+Become a sponsor and get your logo on our README on Github with a link to your site. [[Become a sponsor](https://opencollective.com/bower#sponsor)]
+
+<a href="https://opencollective.com/bower/sponsor/0/website" target="_blank"><img src="https://opencollective.com/bower/sponsor/0/avatar.svg"></a>
+<a href="https://opencollective.com/bower/sponsor/1/website" target="_blank"><img src="https://opencollective.com/bower/sponsor/1/avatar.svg"></a>
+<a href="https://opencollective.com/bower/sponsor/2/website" target="_blank"><img src="https://opencollective.com/bower/sponsor/2/avatar.svg"></a>
+<a href="https://opencollective.com/bower/sponsor/3/website" target="_blank"><img src="https://opencollective.com/bower/sponsor/3/avatar.svg"></a>
+<a href="https://opencollective.com/bower/sponsor/4/website" target="_blank"><img src="https://opencollective.com/bower/sponsor/4/avatar.svg"></a>
+<a href="https://opencollective.com/bower/sponsor/5/website" target="_blank"><img src="https://opencollective.com/bower/sponsor/5/avatar.svg"></a>
+<a href="https://opencollective.com/bower/sponsor/6/website" target="_blank"><img src="https://opencollective.com/bower/sponsor/6/avatar.svg"></a>
+<a href="https://opencollective.com/bower/sponsor/7/website" target="_blank"><img src="https://opencollective.com/bower/sponsor/7/avatar.svg"></a>
+<a href="https://opencollective.com/bower/sponsor/8/website" target="_blank"><img src="https://opencollective.com/bower/sponsor/8/avatar.svg"></a>
+<a href="https://opencollective.com/bower/sponsor/9/website" target="_blank"><img src="https://opencollective.com/bower/sponsor/9/avatar.svg"></a>
+<a href="https://opencollective.com/bower/sponsor/10/website" target="_blank"><img src="https://opencollective.com/bower/sponsor/10/avatar.svg"></a>
+<a href="https://opencollective.com/bower/sponsor/11/website" target="_blank"><img src="https://opencollective.com/bower/sponsor/11/avatar.svg"></a>
+<a href="https://opencollective.com/bower/sponsor/12/website" target="_blank"><img src="https://opencollective.com/bower/sponsor/12/avatar.svg"></a>
+<a href="https://opencollective.com/bower/sponsor/13/website" target="_blank"><img src="https://opencollective.com/bower/sponsor/13/avatar.svg"></a>
+<a href="https://opencollective.com/bower/sponsor/14/website" target="_blank"><img src="https://opencollective.com/bower/sponsor/14/avatar.svg"></a>
+<a href="https://opencollective.com/bower/sponsor/15/website" target="_blank"><img src="https://opencollective.com/bower/sponsor/15/avatar.svg"></a>
+<a href="https://opencollective.com/bower/sponsor/16/website" target="_blank"><img src="https://opencollective.com/bower/sponsor/16/avatar.svg"></a>
+<a href="https://opencollective.com/bower/sponsor/17/website" target="_blank"><img src="https://opencollective.com/bower/sponsor/17/avatar.svg"></a>
+<a href="https://opencollective.com/bower/sponsor/18/website" target="_blank"><img src="https://opencollective.com/bower/sponsor/18/avatar.svg"></a>
+<a href="https://opencollective.com/bower/sponsor/19/website" target="_blank"><img src="https://opencollective.com/bower/sponsor/19/avatar.svg"></a>
+<a href="https://opencollective.com/bower/sponsor/20/website" target="_blank"><img src="https://opencollective.com/bower/sponsor/20/avatar.svg"></a>
+<a href="https://opencollective.com/bower/sponsor/21/website" target="_blank"><img src="https://opencollective.com/bower/sponsor/21/avatar.svg"></a>
+<a href="https://opencollective.com/bower/sponsor/22/website" target="_blank"><img src="https://opencollective.com/bower/sponsor/22/avatar.svg"></a>
+<a href="https://opencollective.com/bower/sponsor/23/website" target="_blank"><img src="https://opencollective.com/bower/sponsor/23/avatar.svg"></a>
+<a href="https://opencollective.com/bower/sponsor/24/website" target="_blank"><img src="https://opencollective.com/bower/sponsor/24/avatar.svg"></a>
+<a href="https://opencollective.com/bower/sponsor/25/website" target="_blank"><img src="https://opencollective.com/bower/sponsor/25/avatar.svg"></a>
+<a href="https://opencollective.com/bower/sponsor/26/website" target="_blank"><img src="https://opencollective.com/bower/sponsor/26/avatar.svg"></a>
+<a href="https://opencollective.com/bower/sponsor/27/website" target="_blank"><img src="https://opencollective.com/bower/sponsor/27/avatar.svg"></a>
+<a href="https://opencollective.com/bower/sponsor/28/website" target="_blank"><img src="https://opencollective.com/bower/sponsor/28/avatar.svg"></a>
+<a href="https://opencollective.com/bower/sponsor/29/website" target="_blank"><img src="https://opencollective.com/bower/sponsor/29/avatar.svg"></a>
 
 
 ## License
 
-Copyright 2012 Twitter, Inc.
+Copyright (c) 2012-present Twitter and [other contributors](https://github.com/bower/bower/graphs/contributors)
 
 Licensed under the MIT License

bin/bower

@@ -1,143 +1,3 @@
 #!/usr/bin/env node
 
-process.bin = process.title = 'bower';
-
-var path = require('path');
-var mout = require('mout');
-var updateNotifier = require('update-notifier');
-var Logger = require('bower-logger');
-var osenv = require('osenv');
-var bower = require('../lib');
-var pkg = require(path.join(__dirname, '..', 'package.json'));
-var cli = require('../lib/util/cli');
-var rootCheck = require('../lib/util/rootCheck');
-var analytics = require('../lib/util/analytics');
-
-// --------
-
-var options;
-var renderer;
-var loglevel;
-var command;
-var commandFunc;
-var logger;
-var notifier;
-var levels = Logger.LEVELS;
-
-options = cli.readOptions({
-    version: { type: Boolean, shorthand: 'v' },
-    help: { type: Boolean, shorthand: 'h' },
-    'allow-root': { type: Boolean }
-});
-
-// Handle print of version
-if (options.version) {
-    process.stdout.write(pkg.version + '\n');
-    process.exit();
-}
-
-// Root check
-rootCheck(options, bower.config);
-
-// Set loglevel
-if (bower.config.silent) {
-    loglevel = levels.error;
-} else if (bower.config.verbose) {
-    loglevel = -Infinity;
-} else if (bower.config.quiet) {
-    loglevel = levels.warn;
-} else {
-    loglevel = levels[bower.config.loglevel] || levels.info;
-}
-
-// Get the command to execute
-while (options.argv.remain.length) {
-    command = options.argv.remain.join(' ');
-
-    // Alias lookup
-    if (bower.abbreviations[command]) {
-        command = bower.abbreviations[command].replace(/\s/g, '.');
-        break;
-    }
-
-    command = command.replace(/s/g, '.');
-
-    // Direct lookup
-    if (mout.object.has(bower.commands, command)) {
-        break;
-    }
-
-    options.argv.remain.pop();
-}
-
-// Ask for Insights on first run.
-analytics.setup().then(function () {
-    // Execute the command
-    commandFunc = command && mout.object.get(bower.commands, command);
-    command = command && command.replace(/\./g, ' ');
-
-    // If no command was specified, show bower help
-    // Do the same if the command is unknown
-    if (!commandFunc) {
-        logger = bower.commands.help();
-        command = 'help';
-    // If the user requested help, show the command's help
-    // Do the same if the actual command is a group of other commands (e.g.: cache)
-    } else if (options.help || !commandFunc.line) {
-        logger = bower.commands.help(command);
-        command = 'help';
-    // Call the line method
-    } else {
-        logger = commandFunc.line(process.argv);
-
-        // If the method failed to interpret the process arguments
-        // show the command help
-        if (!logger) {
-            logger = bower.commands.help(command);
-            command = 'help';
-        }
-    }
-
-    // Get the renderer and configure it with the executed command
-    renderer = cli.getRenderer(command, logger.json, bower.config);
-
-    logger
-    .on('end', function (data) {
-        if (!bower.config.silent) {
-            renderer.end(data);
-        }
-    })
-    .on('error', function (err)  {
-        if (levels.error >= loglevel) {
-            renderer.error(err);
-        }
-
-        process.exit(1);
-    })
-    .on('log', function (log) {
-        if (levels[log.level] >= loglevel) {
-            renderer.log(log);
-        }
-    })
-    .on('prompt', function (prompt, callback) {
-        renderer.prompt(prompt)
-        .then(function (answer) {
-            callback(answer);
-        });
-    });
-
-    // Warn if HOME is not SET
-    if (!osenv.home()) {
-        logger.warn('no-home', 'HOME not set, user configuration will not be loaded');
-    }
-
-    // Check for newer version of Bower
-    notifier = updateNotifier({
-        packageName: pkg.name,
-        packageVersion: pkg.version
-    });
-
-    if (notifier.update && levels.info >= loglevel) {
-        renderer.updateNotice(notifier.update);
-    }
-});
+require('../lib/bin/bower');

lib/bin/bower.js

@@ -0,0 +1,145 @@
+process.bin = process.title = 'bower';
+
+var Q = require('q');
+var mout = require('mout');
+var Logger = require('bower-logger');
+var userHome = require('user-home');
+var bower = require('../');
+var version = require('../version');
+var cli = require('../util/cli');
+var rootCheck = require('../util/rootCheck');
+
+var options;
+var renderer;
+var loglevel;
+var command;
+var commandFunc;
+var logger;
+var levels = Logger.LEVELS;
+
+options = cli.readOptions({
+    'version': { type: Boolean, shorthand: 'v' },
+    'help': { type: Boolean, shorthand: 'h' },
+    'allow-root': { type: Boolean }
+});
+
+// Handle print of version
+if (options.version) {
+    process.stdout.write(version + '\n');
+    process.exit();
+}
+
+// Root check
+rootCheck(options, bower.config);
+
+// Set loglevel
+if (bower.config.silent) {
+    loglevel = levels.error;
+} else if (bower.config.verbose) {
+    loglevel = -Infinity;
+    Q.longStackSupport = true;
+} else if (bower.config.quiet) {
+    loglevel = levels.warn;
+} else {
+    loglevel = levels[bower.config.loglevel] || levels.info;
+}
+
+// Get the command to execute
+while (options.argv.remain.length) {
+    command = options.argv.remain.join(' ');
+
+    // Alias lookup
+    if (bower.abbreviations[command]) {
+        command = bower.abbreviations[command].replace(/\s/g, '.');
+        break;
+    }
+
+    command = command.replace(/\s/g, '.');
+
+    // Direct lookup
+    if (mout.object.has(bower.commands, command)) {
+        break;
+    }
+
+    options.argv.remain.pop();
+}
+
+// Execute the command
+commandFunc = command && mout.object.get(bower.commands, command);
+command = command && command.replace(/\./g, ' ');
+
+// If no command was specified, show bower help
+// Do the same if the command is unknown
+if (!commandFunc) {
+    logger = bower.commands.help();
+    command = 'help';
+// If the user requested help, show the command's help
+// Do the same if the actual command is a group of other commands (e.g.: cache)
+} else if (options.help || !commandFunc.line) {
+    logger = bower.commands.help(command);
+    command = 'help';
+// Call the line method
+} else {
+    logger = commandFunc.line(process.argv);
+
+    // If the method failed to interpret the process arguments
+    // show the command help
+    if (!logger) {
+        logger = bower.commands.help(command);
+        command = 'help';
+    }
+}
+
+// Get the renderer and configure it with the executed command
+renderer = cli.getRenderer(command, logger.json, bower.config);
+
+function handleLogger(logger, renderer) {
+    logger
+    .on('end', function (data) {
+        if (!bower.config.silent && !bower.config.quiet) {
+            renderer.end(data);
+        }
+    })
+    .on('error', function (err)  {
+        if (command !== 'help' && (err.code === 'EREADOPTIONS' || err.code === 'EINVFORMAT')) {
+            logger = bower.commands.help(command);
+            renderer = cli.getRenderer('help', logger.json, bower.config);
+            handleLogger(logger, renderer);
+        } else {
+            if (levels.error >= loglevel) {
+                renderer.error(err);
+            }
+
+            process.exit(1);
+        }
+    })
+    .on('log', function (log) {
+        if (levels[log.level] >= loglevel) {
+            renderer.log(log);
+        }
+    })
+    .on('prompt', function (prompt, callback) {
+        renderer.prompt(prompt)
+        .then(function (answer) {
+            callback(answer);
+        });
+    });
+}
+
+handleLogger(logger, renderer);
+
+// Warn if HOME is not SET
+if (!userHome) {
+    logger.warn('no-home', 'HOME environment variable not set. User config will not be loaded.');
+}
+
+if (bower.config.interactive) {
+    var updateNotifier = require('update-notifier');
+
+    // Check for newer version of Bower
+    var notifier = updateNotifier({ pkg: { name: 'bower', version: version } });
+
+    if (notifier.update && levels.info >= loglevel) {
+        notifier.notify();
+    }
+}

lib/commands/cache/clean.js

@@ -1,22 +1,19 @@
-var fs = require('graceful-fs');
+var fs = require('../../util/fs');
 var path = require('path');
 var mout = require('mout');
 var Q = require('q');
-var rimraf = require('rimraf');
-var Logger = require('bower-logger');
+var rimraf = require('../../util/rimraf');
 var endpointParser = require('bower-endpoint-parser');
 var PackageRepository = require('../../core/PackageRepository');
 var semver = require('../../util/semver');
-var cli = require('../../util/cli');
 var defaultConfig = require('../../config');
 
-function clean(endpoints, options, config) {
-    var logger = new Logger();
+function clean(logger, endpoints, options, config) {
     var decEndpoints;
     var names;
 
     options = options || {};
-    config = mout.object.deepFillIn(config || {}, defaultConfig);
+    config = defaultConfig(config);
 
     // If endpoints is an empty array, null them
     if (endpoints && !endpoints.length) {
@@ -33,21 +30,13 @@ function clean(endpoints, options, config) {
         });
     }
 
-    Q.all([
+    return Q.all([
         clearPackages(decEndpoints, config, logger),
-        clearLinks(names, config, logger),
-        !names ? clearCompletion(config, logger) : null
+        clearLinks(names, config, logger)
     ])
     .spread(function (entries) {
         return entries;
-    })
-    .done(function (entries) {
-        logger.emit('end', entries);
-    }, function (error) {
-        logger.emit('error', error);
     });
-
-    return logger;
 }
 
 function clearPackages(decEndpoints, config, logger) {
@@ -181,37 +170,16 @@ function clearLinks(names, config, logger) {
     });
 }
 
-function clearCompletion(config, logger) {
-    var dir = config.storage.completion;
-
-    return Q.nfcall(fs.stat, dir)
-    .then(function () {
-        return Q.nfcall(rimraf, dir)
-        .then(function () {
-            logger.info('deleted', 'Completion cache', {
-                file: dir
-            });
-        });
-    }, function (error) {
-        if (error.code !== 'ENOENT') {
-            throw error;
-        }
-    });
-}
-
 // -------------------
 
-clean.line = function (argv) {
-    var options = clean.options(argv);
-    return clean(options.argv.remain.slice(2), options);
-};
+clean.readOptions = function (argv) {
+    var cli = require('../../util/cli');
+    var options = cli.readOptions(argv);
+    var endpoints = options.argv.remain.slice(2);
 
-clean.options = function (argv) {
-    return cli.readOptions(argv);
-};
+    delete options.argv;
 
-clean.completion = function () {
-    // TODO:
+    return [endpoints, options];
 };
 
 module.exports = clean;

lib/commands/cache/index.js

@@ -1,4 +0,0 @@
-module.exports = {
-    clean: require('./clean'),
-    list: require('./list')
-};

lib/commands/cache/list.js

@@ -1,14 +1,11 @@
 var mout = require('mout');
-var Logger = require('bower-logger');
 var PackageRepository = require('../../core/PackageRepository');
-var cli = require('../../util/cli');
 var defaultConfig = require('../../config');
 
-function list(packages, options, config) {
+function list(logger, packages, options, config) {
     var repository;
-    var logger = new Logger();
 
-    config = mout.object.deepFillIn(config || {}, defaultConfig);
+    config = defaultConfig(config);
     repository = new PackageRepository(config, logger);
 
     // If packages is an empty array, null them
@@ -16,7 +13,7 @@ function list(packages, options, config) {
         packages = null;
     }
 
-    repository.list()
+    return repository.list()
     .then(function (entries) {
         if (packages) {
             // Filter entries according to the specified packages
@@ -28,29 +25,19 @@ function list(packages, options, config) {
         }
 
         return entries;
-    })
-    .done(function (entries) {
-        logger.emit('end', entries);
-    }, function (error) {
-        logger.emit('error', error);
     });
-
-    return logger;
 }
 
 // -------------------
 
-list.line = function (argv) {
-    var options = list.options(argv);
-    return list(options.argv.remain.slice(2), options);
-};
+list.readOptions = function (argv) {
+    var cli = require('../../util/cli');
+    var options = cli.readOptions(argv);
+    var packages = options.argv.remain.slice(2);
 
-list.options = function (argv) {
-    return cli.readOptions(argv);
-};
+    delete options.argv;
 
-list.completion = function () {
-    // TODO:
+    return [packages, options];
 };
 
 module.exports = list;

lib/commands/completion.js

@@ -1,31 +0,0 @@
-var Logger = require('bower-logger');
-var cli = require('../util/cli');
-
-function completion(config) {
-    var logger = new Logger();
-
-    process.nextTick(function () {
-        logger.emit('end');
-    });
-
-    return logger;
-}
-
-// -------------------
-
-completion.line = function (argv) {
-    var options = completion.options(argv);
-    var name = options.argv.remain[1];
-
-    return completion(name);
-};
-
-completion.options = function (argv) {
-    return cli.readOptions(argv);
-};
-
-completion.completion = function () {
-    // TODO:
-};
-
-module.exports = completion;

lib/commands/help.js

@@ -1,52 +1,39 @@
+var Q = require('q');
 var path = require('path');
-var fs = require('graceful-fs');
-var Logger = require('bower-logger');
-var cli = require('../util/cli');
+var fs = require('../util/fs');
 var createError = require('../util/createError');
 
-function help(name) {
+function help(logger, name, config) {
     var json;
-    var logger = new Logger();
 
     if (name) {
-        json = path.resolve(__dirname, '../../templates/json/help-' + name.replace(/\s+/g, '/') + '.json');
+        json = path.resolve(__dirname, '../templates/json/help-' + name.replace(/\s+/g, '/') + '.json');
     } else {
-        json = path.resolve(__dirname, '../../templates/json/help.json');
+        json = path.resolve(__dirname, '../templates/json/help.json');
     }
 
-    fs.exists(json, function (exists) {
+    return Q.promise(function (resolve) {
+        fs.exists(json, resolve);
+    })
+    .then(function (exists) {
         if (!exists) {
-            return logger.emit('error', createError('Unknown command: ' + name, 'EUNKOWNCMD', {
+            throw createError('Unknown command: ' + name, 'EUNKNOWNCMD', {
                 command: name
-            }));
+            });
         }
 
-        try {
-            json = require(json);
-        } catch (error) {
-            return logger.emit('error', error);
-        }
-
-        logger.emit('end', json);
+        return require(json);
     });
-
-    return logger;
 }
 
 // -------------------
 
-help.line = function (argv) {
-    var options = help.options(argv);
+help.readOptions = function (argv) {
+    var cli = require('../util/cli');
+    var options = cli.readOptions(argv);
+    var name = options.argv.remain.slice(1).join(' ');
 
-    return help(options.argv.remain.slice(1).join(' '));
-};
-
-help.options = function (argv) {
-    return cli.readOptions(argv);
-};
-
-help.completion = function () {
-    // TODO
+    return [name];
 };
 
 module.exports = help;

lib/commands/home.js

@@ -1,19 +1,15 @@
-var mout = require('mout');
-var Logger = require('bower-logger');
 var Project = require('../core/Project');
-var open = require('open');
+var open = require('opn');
 var endpointParser = require('bower-endpoint-parser');
-var cli = require('../util/cli');
 var createError = require('../util/createError');
 var defaultConfig = require('../config');
 
-function home(name, config) {
+function home(logger, name, config) {
     var project;
     var promise;
     var decEndpoint;
-    var logger = new Logger();
 
-    config = mout.object.deepFillIn(config || {}, defaultConfig);
+    config = defaultConfig(config);
     project = new Project(config, logger);
 
     // Get the package meta
@@ -31,46 +27,32 @@ function home(name, config) {
     } else {
         decEndpoint = endpointParser.decompose(name);
         promise = project.getPackageRepository().fetch(decEndpoint)
-        .spread(function (canonicalDir, pkgMeta) {
+        .spread(function (canonicalDir, pkgMeta) {
             return pkgMeta;
         });
     }
 
     // Get homepage and open it
-    promise.then(function (pkgMeta) {
+    return promise.then(function (pkgMeta) {
         var homepage = pkgMeta.homepage;
 
         if (!homepage) {
             throw createError('No homepage set for ' + pkgMeta.name, 'ENOHOME');
         }
 
-        open(homepage);
+        open(homepage, { wait: false });
         return homepage;
-    })
-    .done(function (homepage) {
-        logger.emit('end', homepage);
-    }, function (error) {
-        logger.emit('error', error);
     });
-
-    return logger;
 }
 
 // -------------------
 
-home.line = function (argv) {
-    var options = home.options(argv);
+home.readOptions = function (argv) {
+    var cli = require('../util/cli');
+    var options = cli.readOptions(argv);
     var name = options.argv.remain[1];
 
-    return home(name);
-};
-
-home.options = function (argv) {
-    return cli.readOptions(argv);
-};
-
-home.completion = function () {
-    // TODO:
+    return [name];
 };
 
 module.exports = home;

lib/commands/index.js

@@ -1,17 +1,81 @@
+var Q = require('q');
+var Logger = require('bower-logger');
+var config = require('../config');
+
+/**
+ * Require commands only when called.
+ *
+ * Running `commandFactory(id)` is equivalent to `require(id)`. Both calls return
+ * a command function. The difference is that `cmd = commandFactory()` and `cmd()`
+ * return as soon as possible and load and execute the command asynchronously.
+ */
+function commandFactory(id) {
+    function runApi() {
+        var command = require(id);
+        var commandArgs = [].slice.call(arguments);
+
+        return withLogger(function (logger) {
+            commandArgs.unshift(logger);
+
+            return command.apply(undefined, commandArgs);
+        });
+    }
+
+    function runFromArgv(argv) {
+        var commandArgs;
+        var command = require(id);
+
+        commandArgs = command.readOptions(argv);
+
+        return withLogger(function (logger) {
+            commandArgs.unshift(logger);
+
+            return command.apply(undefined, commandArgs);
+        });
+    }
+
+    function withLogger(func) {
+        var logger = new Logger();
+
+        Q.try(func, logger)
+        .done(function () {
+            config.restore();
+            var args = [].slice.call(arguments);
+            args.unshift('end');
+            logger.emit.apply(logger, args);
+        }, function (error) {
+            config.restore();
+            logger.emit('error', error);
+        });
+
+        return logger;
+    }
+
+    runApi.line = runFromArgv;
+
+    return runApi;
+}
+
+
 module.exports = {
-    cache: require('./cache'),
-    completion: require('./completion'),
-    help: require('./help'),
-    home: require('./home'),
-    info: require('./info'),
-    init: require('./init'),
-    install: require('./install'),
-    link: require('./link'),
-    list: require('./list'),
-    lookup: require('./lookup'),
-    prune: require('./prune'),
-    register: require('./register'),
-    search: require('./search'),
-    update: require('./update'),
-    uninstall: require('./uninstall')
+    cache: {
+        clean: commandFactory('./cache/clean'),
+        list: commandFactory('./cache/list'),
+    },
+    help: commandFactory('./help'),
+    home: commandFactory('./home'),
+    info: commandFactory('./info'),
+    init: commandFactory('./init'),
+    install: commandFactory('./install'),
+    link: commandFactory('./link'),
+    list: commandFactory('./list'),
+    login: commandFactory('./login'),
+    lookup: commandFactory('./lookup'),
+    prune: commandFactory('./prune'),
+    register: commandFactory('./register'),
+    search: commandFactory('./search'),
+    update: commandFactory('./update'),
+    uninstall: commandFactory('./uninstall'),
+    unregister: commandFactory('./unregister'),
+    version: commandFactory('./version')
 };

lib/commands/info.js

@@ -1,85 +1,70 @@
 var mout = require('mout');
 var Q = require('q');
-var Logger = require('bower-logger');
 var endpointParser = require('bower-endpoint-parser');
 var PackageRepository = require('../core/PackageRepository');
-var cli = require('../util/cli');
-var Tracker = require('../util/analytics').Tracker;
 var defaultConfig = require('../config');
 
-function info(endpoint, property, config) {
+function info(logger, endpoint, property, config) {
+    if (!endpoint) {
+        return;
+    }
+
+    // handle @ as version divider
+    var splitParts = endpoint.split('/');
+    splitParts[splitParts.length - 1] = splitParts[splitParts.length - 1].replace('@', '#');
+    endpoint = splitParts.join('/');
+
+
     var repository;
     var decEndpoint;
-    var tracker;
-    var logger = new Logger();
 
-    config = mout.object.deepFillIn(config || {}, defaultConfig);
+    config = defaultConfig(config);
     repository = new PackageRepository(config, logger);
-    tracker = new Tracker(config);
 
     decEndpoint = endpointParser.decompose(endpoint);
-    tracker.trackDecomposedEndpoints('info', [decEndpoint]);
 
-    Q.all([
+    return Q.all([
         getPkgMeta(repository, decEndpoint, property),
         decEndpoint.target === '*' && !property ? repository.versions(decEndpoint.source) : null
     ])
-    .spread(function (pkgMeta, versions) {
-        if (versions) {
-            return {
-                name: decEndpoint.source,
-                versions: versions,
-                latest: pkgMeta
-            };
-        }
+        .spread(function (pkgMeta, versions) {
+            if (versions) {
+                return {
+                    name: decEndpoint.source,
+                    versions: versions,
+                    latest: pkgMeta
+                };
+            }
 
-        return pkgMeta;
-    })
-    .done(function (result) {
-        logger.emit('end', result);
-    }, function (error) {
-        logger.emit('error', error);
-    });
-
-    return logger;
+            return pkgMeta;
+        });
 }
 
 function getPkgMeta(repository, decEndpoint, property) {
     return repository.fetch(decEndpoint)
-    .spread(function (canonicalDir, pkgMeta) {
-        pkgMeta = mout.object.filter(pkgMeta, function (value, key) {
-            return key.charAt(0) !== '_';
+        .spread(function (canonicalDir, pkgMeta) {
+            pkgMeta = mout.object.filter(pkgMeta, function (value, key) {
+                return key.charAt(0) !== '_';
+            });
+
+            // Retrieve specific property
+            if (property) {
+                pkgMeta = mout.object.get(pkgMeta, property);
+            }
+
+            return pkgMeta;
         });
-
-        // Retrieve specific property
-        if (property) {
-            pkgMeta = mout.object.get(pkgMeta, property);
-        }
-
-        return pkgMeta;
-    });
 }
 
 // -------------------
 
-info.line = function (argv) {
-    var options = info.options(argv);
+info.readOptions = function (argv) {
+    var cli = require('../util/cli');
+    var options = cli.readOptions(argv);
     var pkg = options.argv.remain[1];
     var property = options.argv.remain[2];
 
-    if (!pkg) {
-        return null;
-    }
-
-    return info(pkg, property);
-};
-
-info.options = function (argv) {
-    return cli.readOptions(argv);
-};
-
-info.completion = function () {
-    // TODO:
+    return [pkg, property];
 };
 
 module.exports = info;

lib/commands/init.js

@@ -1,37 +1,36 @@
 var mout = require('mout');
-var fs = require('graceful-fs');
+var fs = require('../util/fs');
 var path = require('path');
 var Q = require('q');
-var Logger = require('bower-logger');
 var endpointParser = require('bower-endpoint-parser');
 var Project = require('../core/Project');
 var defaultConfig = require('../config');
 var GitHubResolver = require('../core/resolvers/GitHubResolver');
-var GitFsResolver = require('../core/resolvers/GitFsResolver');
-var cli = require('../util/cli');
 var cmd = require('../util/cmd');
 var createError = require('../util/createError');
 
-function init(config) {
+function init(logger, config) {
     var project;
-    var logger = new Logger();
 
-    config = mout.object.deepFillIn(config || {}, defaultConfig);
+    config = config || {};
+
+    if (!config.cwd) {
+        config.cwd = process.cwd();
+    }
+
+    config = defaultConfig(config);
 
     // This command requires interactive to be enabled
     if (!config.interactive) {
-        process.nextTick(function () {
-            logger.emit('error', createError('Register requires an interactive shell', 'ENOINT', {
-                details: 'Note that you can manually force an interactive shell with --config.interactive'
-            }));
+        throw createError('Register requires an interactive shell', 'ENOINT', {
+            details: 'Note that you can manually force an interactive shell with --config.interactive'
         });
-        return logger;
     }
 
     project = new Project(config, logger);
 
     // Start with existing JSON details
-    readJson(project, logger)
+    return readJson(project, logger)
     // Fill in defaults
     .then(setDefaults.bind(null, config))
     // Now prompt user to make changes
@@ -41,14 +40,7 @@ function init(config) {
     // Set dependencies based on the response
     .spread(setDependencies.bind(null, project))
     // All done!
-    .spread(saveJson.bind(null, project, logger))
-    .done(function (json) {
-        logger.emit('end', json);
-    }, function (error) {
-        logger.emit('error', error);
-    });
-
-    return logger;
+    .spread(saveJson.bind(null, project, logger));
 }
 
 function readJson(project, logger) {
@@ -65,7 +57,7 @@ function readJson(project, logger) {
 function saveJson(project, logger, json) {
     // Cleanup empty props (null values, empty strings, objects and arrays)
     mout.object.forOwn(json, function (value, key) {
-        if (value == null || mout.lang.isEmpty(value)) {
+        if (!validConfigValue(value)) {
             delete json[key];
         }
     });
@@ -88,6 +80,18 @@ function saveJson(project, logger, json) {
     });
 }
 
+// Test if value is of a type supported by bower.json[0] - Object, Array, String, Boolean - or a Number
+// [0]: https://github.com/bower/bower.json-spec
+function validConfigValue(val) {
+    return (
+        mout.lang.isObject(val)  ||
+        mout.lang.isArray(val)   ||
+        mout.lang.isString(val)  ||
+        mout.lang.isBoolean(val) ||
+        mout.lang.isNumber(val)
+    );
+}
+
 function setDefaults(config, json) {
     var name;
     var promise = Q.resolve();
@@ -97,19 +101,6 @@ function setDefaults(config, json) {
         json.name = path.basename(config.cwd);
     }
 
-    // Version
-    if (!json.version) {
-        // Assume latest semver tag if it's a git repo
-        promise = promise.then(function () {
-            return GitFsResolver.versions(config.cwd)
-            .then(function (versions) {
-                json.version = versions[0] || '0.0.0';
-            }, function () {
-                json.version = '0.0.0';
-            });
-        });
-    }
-
     // Main
     if (!json.main) {
         // Remove '.js' from the end of the package name if it is there
@@ -183,12 +174,6 @@ function promptUser(logger, json) {
             'default': json.name,
             'type': 'input'
         },
-        {
-            'name': 'version',
-            'message': 'version',
-            'default': json.version,
-            'type': 'input'
-        },
         {
             'name': 'description',
             'message': 'description',
@@ -248,7 +233,6 @@ function promptUser(logger, json) {
     return Q.nfcall(logger.prompt.bind(logger), questions)
     .then(function (answers) {
         json.name = answers.name;
-        json.version = answers.version;
         json.description = answers.description;
         json.main = answers.main;
         json.keywords = toArray(answers.keywords);
@@ -322,16 +306,8 @@ function setDependencies(project, json, answers) {
 
 // -------------------
 
-init.line = function () {
-    return init();
-};
-
-init.options = function (argv) {
-    return cli.readOptions(argv);
-};
-
-init.completion = function () {
-    // TODO:
+init.readOptions = function (argv) {
+    return [];
 };
 
 module.exports = init;

lib/commands/install.js

@@ -1,58 +1,51 @@
-var mout = require('mout');
-var Logger = require('bower-logger');
 var endpointParser = require('bower-endpoint-parser');
 var Project = require('../core/Project');
-var cli = require('../util/cli');
-var Tracker = require('../util/analytics').Tracker;
 var defaultConfig = require('../config');
 
-function install(endpoints, options, config) {
+function install(logger, endpoints, options, config) {
     var project;
     var decEndpoints;
-    var tracker;
-    var logger = new Logger();
 
     options = options || {};
-    config = mout.object.deepFillIn(config || {}, defaultConfig);
+    config = defaultConfig(config);
+    if (options.save === undefined) {
+        options.save = config.defaultSave;
+    }
     project = new Project(config, logger);
-    tracker = new Tracker(config);
 
     // Convert endpoints to decomposed endpoints
     endpoints = endpoints || [];
     decEndpoints = endpoints.map(function (endpoint) {
+
+        // handle @ as version divider
+        var splitParts = endpoint.split('/');
+        splitParts[splitParts.length - 1] = splitParts[splitParts.length - 1].replace('@', '#');
+        endpoint = splitParts.join('/');
+
         return endpointParser.decompose(endpoint);
     });
-    tracker.trackDecomposedEndpoints('install', decEndpoints);
 
-    project.install(decEndpoints, options)
-    .done(function (installed) {
-        tracker.trackPackages('installed', installed);
-        logger.emit('end', installed);
-    }, function (error) {
-        logger.emit('error', error);
-    });
-
-    return logger;
+    return project.install(decEndpoints, options, config);
 }
 
 // -------------------
 
-install.line = function (argv) {
-    var options = install.options(argv);
-    return install(options.argv.remain.slice(1), options);
-};
+install.readOptions = function (argv) {
+    var cli = require('../util/cli');
 
-install.options = function (argv) {
-    return cli.readOptions({
-        'force-latest': { type: Boolean, shorthand: 'F'},
-        'production': { type: Boolean, shorthand: 'p' },
-        'save': { type: Boolean, shorthand: 'S' },
-        'save-dev': { type: Boolean, shorthand: 'D' }
+    var options = cli.readOptions({
+        'force-latest': {type: Boolean, shorthand: 'F'},
+        'production': {type: Boolean, shorthand: 'p'},
+        'save': {type: Boolean, shorthand: 'S'},
+        'save-dev': {type: Boolean, shorthand: 'D'},
+        'save-exact': {type: Boolean, shorthand: 'E'}
     }, argv);
-};
 
-install.completion = function () {
-    // TODO:
+    var packages = options.argv.remain.slice(1);
+
+    delete options.argv;
+
+    return [packages, options];
 };
 
 module.exports = install;

lib/commands/link.js

@@ -1,21 +1,26 @@
 var path = require('path');
-var rimraf = require('rimraf');
-var mout = require('mout');
+var rimraf = require('../util/rimraf');
 var Q = require('q');
-var Logger = require('bower-logger');
 var Project = require('../core/Project');
 var createLink = require('../util/createLink');
-var cli = require('../util/cli');
 var defaultConfig = require('../config');
+var relativeToBaseDir = require('../util/relativeToBaseDir');
 
-function linkSelf(config) {
+function link(logger, name, localName, config) {
+    if (name) {
+        return linkTo(logger, name, localName, config);
+    } else {
+        return linkSelf(logger, config);
+    }
+}
+
+function linkSelf(logger, config) {
     var project;
-    var logger = new Logger();
 
-    config = mout.object.deepFillIn(config || {}, defaultConfig);
+    config = defaultConfig(config);
     project = new Project(config, logger);
 
-    project.getJson()
+    return project.getJson()
     .then(function (json) {
         var src = config.cwd;
         var dst = path.join(config.storage.links, json.name);
@@ -32,73 +37,49 @@ function linkSelf(config) {
                 dst: dst
             };
         });
-    })
-    .done(function (result) {
-        logger.emit('end', result);
-    }, function (error) {
-        logger.emit('error', error);
     });
-
-    return logger;
 }
 
-function linkTo(name, localName, config) {
+function linkTo(logger, name, localName, config) {
     var src;
     var dst;
-    var logger = new Logger();
+    var project;
 
-    config = mout.object.deepFillIn(config || {}, defaultConfig);
+    config = defaultConfig(config);
+    project = new Project(config, logger);
 
     localName = localName || name;
     src = path.join(config.storage.links, name);
-    dst = path.join(process.cwd(), config.directory, localName);
+    dst = path.join(relativeToBaseDir(config.cwd)(config.directory), localName);
 
     // Delete destination folder if any
-    Q.nfcall(rimraf, dst)
+    return Q.nfcall(rimraf, dst)
     // Link locally
     .then(function () {
         return createLink(src, dst);
     })
+    // Install linked package deps
     .then(function () {
+        return project.update([localName]);
+    })
+    .then(function (installed) {
         return {
             src: src,
-            dst: dst
+            dst: dst,
+            installed: installed
         };
-    })
-    .done(function (result) {
-        logger.emit('end', result);
-    }, function (error) {
-        logger.emit('error', error);
     });
-
-    return logger;
 }
 
 // -------------------
 
-var link = {
-    linkTo: linkTo,
-    linkSelf: linkSelf
-};
-
-link.line = function (argv) {
-    var options = link.options(argv);
+link.readOptions = function (argv) {
+    var cli = require('../util/cli');
+    var options = cli.readOptions(argv);
     var name = options.argv.remain[1];
     var localName = options.argv.remain[2];
 
-    if (name) {
-        return linkTo(name, localName);
-    }
-
-    return linkSelf();
-};
-
-link.options = function (argv) {
-    return cli.readOptions(argv);
-};
-
-link.completion = function () {
-    // TODO:
+    return [name, localName];
 };
 
 module.exports = link;

lib/commands/list.js

@@ -1,15 +1,12 @@
 var path = require('path');
 var mout = require('mout');
 var Q = require('q');
-var Logger = require('bower-logger');
 var Project = require('../core/Project');
 var semver = require('../util/semver');
-var cli = require('../util/cli');
 var defaultConfig = require('../config');
 
-function list(options, config) {
+function list(logger, options, config) {
     var project;
-    var logger = new Logger();
 
     options = options || {};
 
@@ -18,13 +15,11 @@ function list(options, config) {
         options.relative = true;
     }
 
-    config = mout.object.deepFillIn(config || {}, defaultConfig);
+    config = defaultConfig(config);
     project = new Project(config, logger);
 
-    project.getTree()
+    return project.getTree(options)
     .spread(function (tree, flattened) {
-        var baseDir = path.dirname(path.join(config.cwd, config.directory));
-
         // Relativize paths
         // Also normalize paths on windows
         project.walkTree(tree, function (node) {
@@ -33,7 +28,7 @@ function list(options, config) {
             }
 
             if (options.relative) {
-                node.canonicalDir = path.relative(baseDir, node.canonicalDir);
+                node.canonicalDir = path.relative(config.cwd, node.canonicalDir);
             }
             if (options.paths) {
                 node.canonicalDir = normalize(node.canonicalDir);
@@ -48,7 +43,7 @@ function list(options, config) {
             }
 
             if (options.relative) {
-                node.canonicalDir = path.relative(baseDir, node.canonicalDir);
+                node.canonicalDir = path.relative(config.cwd, node.canonicalDir);
             }
             if (options.paths) {
                 node.canonicalDir = normalize(node.canonicalDir);
@@ -70,16 +65,7 @@ function list(options, config) {
         .then(function () {
             return tree;
         });
-    })
-    .done(function (value) {
-        logger.emit('end', value);
-    }, function (error) {
-        logger.emit('error', error);
     });
-
-    logger.json = !!options.paths;
-
-    return logger;
 }
 
 function checkVersions(project, tree, logger) {
@@ -87,13 +73,15 @@ function checkVersions(project, tree, logger) {
     var nodes = [];
     var repository = project.getPackageRepository();
 
-    // Gather all nodes
+    // Gather all nodes, ignoring linked nodes
     project.walkTree(tree, function (node) {
-        nodes.push(node);
+        if (!node.linked) {
+            nodes.push(node);
+        }
     }, true);
 
     if (nodes.length) {
-        logger.info('check-new', 'Checking for new versions of the project dependencies..');
+        logger.info('check-new', 'Checking for new versions of the project dependencies...');
     }
 
     // Check for new versions for each node
@@ -162,20 +150,17 @@ function normalize(src) {
 
 // -------------------
 
-list.line = function (argv) {
-    var options = list.options(argv);
-    return list(options);
-};
+list.readOptions = function (argv) {
+    var cli = require('../util/cli');
 
-list.options = function (argv) {
-    return cli.readOptions({
+    var options = cli.readOptions({
         'paths': { type: Boolean, shorthand: 'p' },
         'relative': { type: Boolean, shorthand: 'r' }
     }, argv);
-};
 
-list.completion = function () {
-    // TODO:
+    delete options.argv;
+
+    return [options];
 };
 
 module.exports = list;

lib/commands/login.js

@@ -0,0 +1,125 @@
+var Configstore = require('configstore');
+var GitHub = require('github');
+var Q = require('q');
+
+var createError = require('../util/createError');
+var defaultConfig = require('../config');
+
+function login(logger, options, config) {
+    var configstore = new Configstore('bower-github');
+
+    config = defaultConfig(config);
+
+    var promise;
+
+    options = options || {};
+
+    if (options.token) {
+        promise = Q.resolve({ token: options.token });
+    } else {
+        // This command requires interactive to be enabled
+        if (!config.interactive) {
+            logger.emit('error', createError('Login requires an interactive shell', 'ENOINT', {
+                details: 'Note that you can manually force an interactive shell with --config.interactive'
+            }));
+
+            return;
+        }
+
+        var questions = [
+            {
+                'name': 'username',
+                'message': 'Username',
+                'type': 'input',
+                'default': configstore.get('username')
+            },
+            {
+                'name': 'password',
+                'message': 'Password',
+                'type': 'password'
+            }
+        ];
+
+        var github = new GitHub({
+            version: '3.0.0'
+        });
+
+        promise = Q.nfcall(logger.prompt.bind(logger), questions)
+        .then(function (answers) {
+            configstore.set('username', answers.username);
+
+            github.authenticate({
+                type: 'basic',
+                username: answers.username,
+                password: answers.password
+            });
+
+            return Q.ninvoke(github.authorization, 'create', {
+                scopes: ['user', 'repo'],
+                note: 'Bower command line client (' + (new Date()).toISOString() + ')'
+            });
+        });
+    }
+
+    return promise.then(function (result) {
+        configstore.set('accessToken', result.token);
+        logger.info('EAUTH', 'Logged in as ' + configstore.get('username'), {});
+
+        return result;
+    }, function (error) {
+        var message;
+
+        try {
+            message = JSON.parse(error.message).message;
+        } catch (e) {
+            message = 'Authorization failed';
+        }
+
+        var questions = [
+            {
+                'name': 'otpcode',
+                'message': 'Two-Factor Auth Code',
+                'type': 'input'
+            }
+        ];
+
+        if (message === 'Must specify two-factor authentication OTP code.') {
+            return Q.nfcall(logger.prompt.bind(logger), questions)
+            .then(function (answers) {
+                return Q.ninvoke(github.authorization, 'create', {
+                    scopes: ['user', 'repo'],
+                    note: 'Bower command line client (' + (new Date()).toISOString() + ')',
+                    headers: {
+                        'X-GitHub-OTP': answers.otpcode
+                    }
+                });
+            })
+            .then(function (result) {
+                configstore.set('accessToken', result.token);
+                logger.info('EAUTH', 'Logged in as ' + configstore.get('username'), {});
+
+                return result;
+            }, function () {
+                logger.emit('error', createError(message, 'EAUTH'));
+            });
+        } else {
+            logger.emit('error', createError(message, 'EAUTH'));
+        }
+    });
+}
+
+// -------------------
+
+login.readOptions = function (argv) {
+    var cli = require('../util/cli');
+
+    var options = cli.readOptions({
+        token: { type: String, shorthand: 't' },
+    }, argv);
+
+    delete options.argv;
+
+    return [options];
+};
+
+module.exports = login;

lib/commands/lookup.js

@@ -1,56 +1,34 @@
-var mout = require('mout');
 var Q = require('q');
-var Logger = require('bower-logger');
-var RegistryClient = require('bower-registry-client');
-var cli = require('../util/cli');
+var PackageRepository = require('../core/PackageRepository');
 var defaultConfig = require('../config');
 
-function lookup(name, config) {
-    var registryClient;
-    var logger = new Logger();
+function lookup(logger, name, config) {
+    if (!name) {
+        return new Q(null);
+    }
 
-    config = mout.object.deepFillIn(config || {}, defaultConfig);
-    config.cache = config.storage.registry;
+    config = defaultConfig(config);
 
-    registryClient = new RegistryClient(config, logger);
+    var repository = new PackageRepository(config, logger);
+    var registryClient = repository.getRegistryClient();
 
-    Q.nfcall(registryClient.lookup.bind(registryClient), name)
+    return Q.nfcall(registryClient.lookup.bind(registryClient), name)
     .then(function (entry) {
-        // TODO: Handle entry.type.. for now it's only 'alias'
-        //       When we got published packages, this needs to be adjusted
         return !entry ? null : {
             name: name,
-            url: entry && entry.url
+            url: entry.url
         };
-    })
-    .done(function (result) {
-        logger.emit('end', result);
-    }, function (error) {
-        logger.emit('error', error);
     });
-
-    return logger;
 }
 
 // -------------------
 
-lookup.line = function (argv) {
-    var options = lookup.options(argv);
+lookup.readOptions = function (argv) {
+    var cli = require('../util/cli');
+    var options = cli.readOptions(argv);
     var name = options.argv.remain[1];
 
-    if (!name) {
-        return null;
-    }
-
-    return lookup(name);
-};
-
-lookup.options = function (argv) {
-    return cli.readOptions(argv);
-};
-
-lookup.completion = function () {
-    // TODO:
+    return [name];
 };
 
 module.exports = lookup;

lib/commands/prune.js

@@ -1,39 +1,30 @@
 var mout = require('mout');
-var Logger = require('bower-logger');
 var Project = require('../core/Project');
-var cli = require('../util/cli');
 var defaultConfig = require('../config');
 
-function prune(config) {
+function prune(logger, options, config) {
     var project;
-    var logger = new Logger();
 
-    config = mout.object.deepFillIn(config || {}, defaultConfig);
+    options = options || {};
+    config = defaultConfig(config);
     project = new Project(config, logger);
 
-    clean(project)
-    .done(function (removed) {
-        logger.emit('end', removed);
-    }, function (error) {
-        logger.emit('error', error);
-    });
-
-    return logger;
+    return clean(project, options);
 }
 
-function clean(project, removed) {
+function clean(project, options, removed) {
     removed = removed || {};
 
     // Continually call clean until there is no more extraneous
     // dependencies to remove
-    return project.getTree()
+    return project.getTree(options)
     .spread(function (tree, flattened, extraneous) {
         var names = extraneous.map(function (extra) {
             return extra.endpoint.name;
         });
 
         // Uninstall extraneous
-        project.uninstall(names)
+        return project.uninstall(names, options)
         .then(function (uninstalled) {
             // Are we done?
             if (!mout.object.size(uninstalled)) {
@@ -42,23 +33,23 @@ function clean(project, removed) {
 
             // Not yet, recurse!
             mout.object.mixIn(removed, uninstalled);
-            return clean(project, removed);
+            return clean(project, options, removed);
         });
     });
 }
 
 // -------------------
 
-prune.line = function () {
-    return prune();
-};
+prune.readOptions = function (argv) {
+    var cli = require('../util/cli');
 
-prune.options = function (argv) {
-    return cli.readOptions(argv);
-};
+    var options = cli.readOptions({
+        'production': { type: Boolean, shorthand: 'p' },
+    }, argv);
 
-prune.completion = function () {
-    // TODO:
+    delete options.argv;
+
+    return [options];
 };
 
 module.exports = prune;

lib/commands/register.js

@@ -1,137 +1,88 @@
-var mout = require('mout');
 var Q = require('q');
 var chalk = require('chalk');
 var PackageRepository = require('../core/PackageRepository');
-var Logger = require('bower-logger');
-var Config = require('bower-config');
-var Tracker = require('../util/analytics').Tracker;
-var cli = require('../util/cli');
 var createError = require('../util/createError');
 var defaultConfig = require('../config');
-var GitHubResolver = require('../core/resolvers/GitHubResolver');
 
-function register(name, url, config) {
+function register(logger, name, source, config) {
     var repository;
     var registryClient;
-    var tracker;
-    var logger = new Logger();
     var force;
+    var url;
+    var githubSourceRegex = /^\w[\w-]*\/\w[\w-]*$/;
+    var getGithubUrl = function (source) {
+        return 'git@github.com:' + source + '.git';
+    };
 
-    config = mout.object.deepFillIn(config || {}, defaultConfig);
+    config = defaultConfig(config);
     force = config.force;
-    tracker = new Tracker(config);
+
+    name = (name || '').trim();
+    source = (source || '').trim();
+
+    url = source.match(githubSourceRegex) ? getGithubUrl(source) : source;
 
     // Bypass any cache
     config.offline = false;
     config.force = true;
 
-    // Trim name
-    name = name.trim();
-
-    process.nextTick(function () {
-        // Verify name
-        // TODO: Verify with the new spec regexp?
-        if (!name) {
-            return logger.emit('error', createError('Please type a name', 'EINVNAME'));
+    return Q.try(function () {
+        // Verify name and url
+        if (!name || !url) {
+            throw createError('Usage: bower register <name> <url>', 'EINVFORMAT');
         }
 
-        // The public registry only allows git:// endpoints
-        // As such, we attempt to convert URLs as necessary
-        if (config.registry.register === Config.DEFAULT_REGISTRY) {
-            url = convertUrl(url, logger);
-
-            if (!mout.string.startsWith(url, 'git://')) {
-                return logger.emit('error', createError('The registry only accepts URLs starting with git://', 'EINVFORMAT'));
-            }
-        }
-
-        tracker.track('register');
-
         // Attempt to resolve the package referenced by the URL to ensure
         // everything is ok before registering
         repository = new PackageRepository(config, logger);
-        repository.fetch({ name: name, source: url, target: '*' })
-        .spread(function (canonicalDir, pkgMeta) {
-            if (pkgMeta.private) {
-                throw createError('The package you are trying to register is marked as private', 'EPRIV');
-            }
-
-            // If non interactive or user forced, bypass confirmation
-            if (!config.interactive || force) {
-                return true;
-            }
-
-            // Confirm if the user really wants to register
-            return Q.nfcall(logger.prompt.bind(logger), {
-                type: 'confirm',
-                message: 'Registering a package will make it installable via the registry (' +
-                    chalk.cyan.underline(config.registry.register) + '), continue?',
-                default: true
-            });
-        })
-        .then(function (result) {
-            // If user response was negative, abort
-            if (!result) {
-                return;
-            }
-
-            // Register
-            registryClient = repository.getRegistryClient();
-
-            logger.action('register', url, {
-                name: name,
-                url: url
-            });
-
-            return Q.nfcall(registryClient.register.bind(registryClient), name, url);
-        })
-        .done(function (result) {
-            tracker.track('registered');
-            logger.emit('end', result);
-        }, function (error) {
-            logger.emit('error', error);
-        });
-    });
-
-    return logger;
-}
-
-function convertUrl(url, logger) {
-    var pair;
-    var newUrl;
-
-    if (!mout.string.startsWith(url, 'git://')) {
-        // Convert GitHub ssh & https to git://
-        pair = GitHubResolver.getOrgRepoPair(url);
-        if (pair) {
-            newUrl = 'git://github.com/' + pair.org + '/' + pair.repo + '.git';
-            logger.warn('convert', 'Converted ' + url + ' to ' + newUrl);
+        return repository.fetch({ name: name, source: url, target: '*' });
+    })
+    .spread(function (canonicalDir, pkgMeta) {
+        if (pkgMeta.private) {
+            throw createError('The package you are trying to register is marked as private', 'EPRIV');
         }
-    }
 
-    return newUrl || url;
+        // If non interactive or user forced, bypass confirmation
+        if (!config.interactive || force) {
+            return true;
+        }
+
+        // Confirm if the user really wants to register
+        return Q.nfcall(logger.prompt.bind(logger), {
+            type: 'confirm',
+            message: 'Registering a package will make it installable via the registry (' +
+                chalk.cyan.underline(config.registry.register) + '), continue?',
+            default: true
+        });
+    })
+    .then(function (result) {
+        // If user response was negative, abort
+        if (!result) {
+            return;
+        }
+
+        // Register
+        registryClient = repository.getRegistryClient();
+
+        logger.action('register', url, {
+            name: name,
+            url: url
+        });
+
+        return Q.nfcall(registryClient.register.bind(registryClient), name, url);
+    });
 }
 
 // -------------------
 
-register.line = function (argv) {
-    var options = register.options(argv);
+register.readOptions = function (argv) {
+    var cli = require('../util/cli');
+
+    var options = cli.readOptions(argv);
     var name = options.argv.remain[1];
     var url = options.argv.remain[2];
 
-    if (!name || !url) {
-        return null;
-    }
-
-    return register(name, url);
-};
-
-register.options = function (argv) {
-    return cli.readOptions(argv);
-};
-
-register.completion = function () {
-    // TODO:
+    return [name, url];
 };
 
 module.exports = register;

lib/commands/search.js

@@ -1,55 +1,39 @@
-var mout = require('mout');
 var Q = require('q');
-var Logger = require('bower-logger');
-var RegistryClient = require('bower-registry-client');
-var cli = require('../util/cli');
-var Tracker = require('../util/analytics').Tracker;
+var PackageRepository = require('../core/PackageRepository');
 var defaultConfig = require('../config');
+var cli = require('../util/cli');
+var createError = require('../util/createError');
 
-function search(name, config) {
+function search(logger, name, config) {
     var registryClient;
-    var promise;
-    var tracker;
-    var logger = new Logger();
 
-    config = mout.object.deepFillIn(config || {}, defaultConfig);
-    config.cache = config.storage.registry;
+    config = defaultConfig(config);
 
-    registryClient = new RegistryClient(config, logger);
-    tracker = new Tracker(config);
+    var repository = new PackageRepository(config, logger);
+    var registryClient = repository.getRegistryClient();
 
-    // If no name was specified, list all packages
-    if (!name) {
-        promise = Q.nfcall(registryClient.list.bind(registryClient));
-    // Otherwise search it
+    if (name) {
+        return Q.nfcall(registryClient.search.bind(registryClient), name);
     } else {
-        promise = Q.nfcall(registryClient.search.bind(registryClient), name);
+        // List all packages when in interactive mode + json enabled, and
+        // always when in non-interactive mode
+        if (config.interactive && !config.json) {
+            throw createError('no parameter to bower search', 'EREADOPTIONS');
+        }
+
+        return Q.nfcall(registryClient.list.bind(registryClient));
     }
-
-    promise
-    .done(function (results) {
-        tracker.track('searched', name);
-        logger.emit('end', results);
-    }, function (error) {
-        logger.emit('error', error);
-    });
-
-    return logger;
 }
 
 // -------------------
 
-search.line = function (argv) {
-    var options = search.options(argv);
-    return search(options.argv.remain.slice(1).join(' '), options);
-};
+search.readOptions = function (argv) {
+    var options = cli.readOptions(argv);
+    var terms = options.argv.remain.slice(1);
 
-search.options = function (argv) {
-    return cli.readOptions(argv);
-};
+    var name = terms.join(' ');
 
-search.completion = function () {
-    // TODO:
+    return [name];
 };
 
 module.exports = search;

lib/commands/uninstall.js

@@ -1,24 +1,20 @@
 var mout = require('mout');
-var Logger = require('bower-logger');
 var Q = require('q');
 var Project = require('../core/Project');
-var cli = require('../util/cli');
-var Tracker = require('../util/analytics').Tracker;
 var defaultConfig = require('../config');
 
-function uninstall(names, options, config) {
+function uninstall(logger, names, options, config) {
+    if (!names.length) {
+        return new Q();
+    }
+
     var project;
-    var tracker;
-    var logger = new Logger();
 
     options = options || {};
-    config = mout.object.deepFillIn(config || {}, defaultConfig);
+    config = defaultConfig(config);
     project = new Project(config, logger);
-    tracker = new Tracker(config);
 
-    tracker.trackNames('uninstall', names);
-
-    project.getTree()
+    return project.getTree(options)
     .spread(function (tree, flattened) {
         // Uninstall nodes
         return project.uninstall(names, options)
@@ -37,15 +33,7 @@ function uninstall(names, options, config) {
             // Clean them!
             return clean(project, children, uninstalled);
         });
-    })
-    .done(function (uninstalled) {
-        logger.emit('end', uninstalled);
-        tracker.trackNames('uninstalled', Object.keys(uninstalled));
-    }, function (error) {
-        logger.emit('error', error);
     });
-
-    return logger;
 }
 
 function clean(project, names, removed) {
@@ -54,6 +42,7 @@ function clean(project, names, removed) {
     return project.getTree()
     .spread(function (tree, flattened) {
         var nodes = [];
+        var dependantsCounter = {};
 
         // Grab the nodes of each specified name
         mout.object.forOwn(flattened, function (node) {
@@ -62,9 +51,18 @@ function clean(project, names, removed) {
             }
         });
 
-        // Filter out those that have dependants
+        // Walk the down the tree, gathering dependants of the packages
+        project.walkTree(tree, function (node, nodeName) {
+            if (names.indexOf(nodeName) !== -1) {
+                dependantsCounter[nodeName] = dependantsCounter[nodeName] || 0;
+                dependantsCounter[nodeName] += node.nrDependants;
+            }
+        }, true);
+
+
+        // Filter out those that have no dependants
         nodes = nodes.filter(function (node) {
-            return !node.nrDependants;
+            return !dependantsCounter[node.endpoint.name];
         });
 
         // Are we done?
@@ -99,26 +97,19 @@ function clean(project, names, removed) {
 
 // -------------------
 
-uninstall.line = function (argv) {
-    var options = uninstall.options(argv);
-    var names = options.argv.remain.slice(1);
+uninstall.readOptions = function (argv) {
+    var cli = require('../util/cli');
 
-    if (!names.length) {
-        return null;
-    }
-
-    return uninstall(names, options);
-};
-
-uninstall.options = function (argv) {
-    return cli.readOptions({
+    var options = cli.readOptions({
         'save': { type: Boolean, shorthand: 'S' },
         'save-dev': { type: Boolean, shorthand: 'D' }
     }, argv);
-};
 
-uninstall.completion = function () {
-    // TODO:
+    var names = options.argv.remain.slice(1);
+
+    delete options.argv;
+
+    return [names, options];
 };
 
 module.exports = uninstall;

lib/commands/unregister.js

@@ -0,0 +1,79 @@
+var chalk = require('chalk');
+var Q = require('q');
+
+var defaultConfig = require('../config');
+var PackageRepository = require('../core/PackageRepository');
+var createError = require('../util/createError');
+
+function unregister(logger, name, config) {
+
+    if (!name) {
+        return;
+    }
+
+    var repository;
+    var registryClient;
+    var force;
+
+    config = defaultConfig(config);
+    force = config.force;
+
+    // Bypass any cache
+    config.offline = false;
+    config.force = true;
+
+    // Trim name
+    name = name.trim();
+
+    repository = new PackageRepository(config, logger);
+
+    if (!config.accessToken) {
+        return logger.emit('error',
+             createError('Use "bower login" with collaborator credentials', 'EFORBIDDEN')
+        );
+    }
+
+    return Q.resolve()
+    .then(function () {
+        // If non interactive or user forced, bypass confirmation
+        if (!config.interactive || force) {
+            return true;
+        }
+
+        return Q.nfcall(logger.prompt.bind(logger), {
+            type: 'confirm',
+            message: 'You are about to remove component "' + chalk.cyan.underline(name) + '" from the bower registry (' + chalk.cyan.underline(config.registry.register) + '). It is generally considered bad behavior to remove versions of a library that others are depending on. Are you really sure?',
+            default: false
+        });
+    })
+    .then(function (result) {
+        // If user response was negative, abort
+        if (!result) {
+            return;
+        }
+
+        registryClient = repository.getRegistryClient();
+
+        logger.action('unregister', name, { name: name });
+
+        return Q.nfcall(registryClient.unregister.bind(registryClient), name);
+    })
+    .then(function (result) {
+        logger.info('Package unregistered', name);
+
+        return result;
+    });
+}
+
+// -------------------
+
+unregister.readOptions = function (argv) {
+    var cli = require('../util/cli');
+
+    var options = cli.readOptions(argv);
+    var name = options.argv.remain[1];
+
+    return [name];
+};
+
+module.exports = unregister;

lib/commands/update.js

@@ -1,15 +1,11 @@
-var mout = require('mout');
-var Logger = require('bower-logger');
 var Project = require('../core/Project');
-var cli = require('../util/cli');
 var defaultConfig = require('../config');
 
-function update(names, options, config) {
+function update(logger, names, options, config) {
     var project;
-    var logger = new Logger();
 
     options = options || {};
-    config = mout.object.deepFillIn(config || {}, defaultConfig);
+    config = defaultConfig(config);
     project = new Project(config, logger);
 
     // If names is an empty array, null them
@@ -17,32 +13,24 @@ function update(names, options, config) {
         names = null;
     }
 
-    project.update(names, options)
-    .done(function (installed) {
-        logger.emit('end', installed);
-    }, function (error) {
-        logger.emit('error', error);
-    });
-
-    return logger;
+    return project.update(names, options);
 }
 
 // -------------------
 
-update.line = function (argv) {
-    var options = update.options(argv);
-    return update(options.argv.remain.slice(1), options);
-};
+update.readOptions = function (argv) {
+    var cli = require('../util/cli');
 
-update.options = function (argv) {
-    return cli.readOptions({
+    var options = cli.readOptions({
         'force-latest': { type: Boolean, shorthand: 'F' },
         'production': { type: Boolean, shorthand: 'p' }
     }, argv);
-};
 
-update.completion = function () {
-    // TODO:
+    var names = options.argv.remain.slice(1);
+
+    delete options.argv;
+
+    return [names, options];
 };
 
 module.exports = update;

lib/commands/version.js

@@ -0,0 +1,161 @@
+var semver = require('semver');
+var which = require('which');
+var fs = require('../util/fs');
+var path = require('path');
+var Q = require('q');
+var execFile = require('child_process').execFile;
+var defaultConfig = require('../config');
+var createError = require('../util/createError');
+
+function version(logger, versionArg, options, config) {
+    options = options || {};
+
+    config = defaultConfig(config);
+
+    return bump(logger, config, versionArg, options.message);
+}
+
+function bump(logger, config, versionArg, message) {
+    var cwd = config.cwd || process.cwd();
+    var newVersion;
+
+    if (!versionArg) {
+        throw createError('No <version> agrument provided', 'EREADOPTIONS');
+    }
+
+    return driver.check(cwd)
+    .then(function () {
+        return Q.all([driver.versions(cwd), driver.currentVersion(cwd)]);
+    })
+    .spread(function (versions, currentVersion) {
+        currentVersion = currentVersion || '0.0.0';
+
+        if (semver.valid(versionArg)) {
+            newVersion = semver.valid(versionArg);
+        } else {
+            newVersion = semver.inc(currentVersion, versionArg);
+
+            if (!newVersion) {
+                throw createError('Invalid <version> argument: ' + versionArg, 'EINVALIDVERSION', { version: versionArg });
+            }
+        }
+
+        newVersion = (currentVersion[0] === 'v') ? 'v' + newVersion : newVersion;
+
+        if (versions) {
+            versions.forEach(function (version) {
+                if (semver.eq(version, newVersion)) {
+                    throw createError('Version exists: ' + newVersion, 'EVERSIONEXISTS', { versions: versions, newVersion: newVersion });
+                }
+            });
+        }
+
+        return driver.bump(cwd, newVersion, message).then(function () {
+            return {
+                oldVersion: currentVersion,
+                newVersion: newVersion
+            }
+        });
+    })
+    .then(function (result) {
+        logger.info('version', 'Bumped package version from ' + result.oldVersion + ' to ' + result.newVersion, result);
+
+        return result.newVersion;
+    });
+}
+
+var driver = {
+    check: function (cwd) {
+        function checkGit(cwd) {
+            var gitDir = path.join(cwd, '.git');
+            return Q.nfcall(fs.stat, gitDir)
+            .then(function (stat) {
+                if (stat.isDirectory()) {
+                    return checkGitStatus(cwd);
+                }
+                return false;
+            }, function () {
+                //Ignore not found .git directory
+                return false;
+            });
+        }
+
+        function checkGitStatus(cwd) {
+            return Q.nfcall(which, 'git')
+            .fail(function (err) {
+                err.code = 'ENOGIT';
+                throw err;
+            })
+            .then(function () {
+                return Q.nfcall(execFile, 'git', ['status', '--porcelain'], {env: process.env, cwd: cwd});
+            })
+            .then(function (value) {
+                var stdout = value[0];
+                var lines = filterModifiedStatusLines(stdout);
+                if (lines.length) {
+                    throw createError('Version bump requires clean working directory', 'EWORKINGDIRECTORYDIRTY');
+                }
+                return true;
+            });
+        }
+
+        function filterModifiedStatusLines(stdout) {
+            return stdout.trim().split('\n')
+            .filter(function (line) {
+                return line.trim() && !line.match(/^\?\? /);
+            }).map(function (line) {
+                return line.trim();
+            });
+        }
+
+        return checkGit(cwd).then(function (hasGit) {
+            if (!hasGit) {
+                throw createError('Version bump currently supports only git repositories', 'ENOTGITREPOSITORY');
+            }
+        });
+    },
+    versions: function (cwd) {
+        return Q.nfcall(execFile, 'git', ['tag'], {env: process.env, cwd: cwd})
+        .then(function (res) {
+            var versions = res[0]
+            .split(/\r?\n/)
+            .filter(semver.valid);
+
+            return versions;
+        }, function () {
+            return [];
+        });
+    },
+    currentVersion: function (cwd) {
+        return Q.nfcall(execFile, 'git', ['describe', '--abbrev=0', '--tags'], {env: process.env, cwd: cwd})
+        .then(function (res) {
+            var version = res[0]
+            .split(/\r?\n/)
+            .filter(semver.valid)[0];
+
+            return version;
+        }, function () {
+            return undefined;
+        });
+    },
+    bump: function (cwd, tag, message) {
+        message = message || tag;
+        message = message.replace(/%s/g, tag);
+        return Q.nfcall(execFile, 'git', ['commit', '-m', message, '--allow-empty'], {env: process.env, cwd: cwd}) .then(function () {
+            return Q.nfcall(execFile, 'git', ['tag', tag, '-am', message], {env: process.env, cwd: cwd});
+        });
+    }
+}
+
+
+version.readOptions = function (argv) {
+    var cli = require('../util/cli');
+
+    var options = cli.readOptions({
+        'message': { type: String, shorthand: 'm'}
+    }, argv);
+
+    return [options.argv.remain[1], options];
+};
+
+module.exports = version;

lib/config.js

@@ -1,32 +1,63 @@
 var tty = require('tty');
-var mout = require('mout');
-var config = require('bower-config').read();
-var cli = require('./util/cli');
+var object = require('mout').object;
+var bowerConfig = require('bower-config');
+var Configstore = require('configstore');
 
-// Delete the json attribute because it is no longer supported
-// and conflicts with --json
-delete config.json;
+var current;
 
-// If interactive is auto (null), guess its value
-if (config.interactive == null) {
-    config.interactive = process.bin === 'bower' && tty.isatty(1);
+function defaultConfig(config) {
+    config = config || {};
+
+    return readCachedConfig(config.cwd || process.cwd(), config);
 }
 
-// If `analytics` hasn't been explicitly set, we disable
-// it when ran programatically.
-if (config.analytics == null) {
-    config.analytics = config.interactive;
+function readCachedConfig(cwd, overwrites) {
+    current = bowerConfig.create(cwd).load(overwrites);
+
+    var config = current.toObject();
+
+    var configstore = new Configstore('bower-github').all;
+
+    object.mixIn(config, configstore);
+
+    // If interactive is auto (null), guess its value
+    if (config.interactive == null) {
+        config.interactive = (
+            process.bin === 'bower' &&
+            tty.isatty(1) &&
+            !process.env.CI
+        );
+    }
+
+    // Merge common CLI options into the config
+    if (process.bin === 'bower') {
+        var cli = require('./util/cli');
+
+        object.mixIn(config, cli.readOptions({
+            force: { type: Boolean, shorthand: 'f' },
+            offline: { type: Boolean, shorthand: 'o' },
+            verbose: { type: Boolean, shorthand: 'V' },
+            quiet: { type: Boolean, shorthand: 'q' },
+            loglevel: { type: String, shorthand: 'l' },
+            json: { type: Boolean, shorthand: 'j' },
+            silent: { type: Boolean, shorthand: 's' }
+        }));
+    }
+
+    return config;
 }
 
-// Merge common CLI options into the config
-mout.object.mixIn(config, cli.readOptions({
-    force: { type: Boolean, shorthand: 'f' },
-    offline: { type: Boolean, shorthand: 'o' },
-    verbose: { type: Boolean, shorthand: 'V' },
-    quiet: { type: Boolean, shorthand: 'q' },
-    loglevel: { type: String, shorthand: 'l' },
-    json: { type: Boolean, shorthand: 'j' },
-    silent: { type: Boolean, shorthand: 's' }
-}));
+function restoreConfig() {
+    if (current) {
+        current.restore();
+    }
+}
 
-module.exports = config;
+function resetCache() {
+    restoreConfig();
+    current = undefined;
+}
+
+module.exports = defaultConfig;
+module.exports.restore = restoreConfig;
+module.exports.reset = resetCache;

lib/core/Manager.js

@@ -2,13 +2,15 @@ var Q = require('q');
 var mout = require('mout');
 var path = require('path');
 var mkdirp = require('mkdirp');
-var rimraf = require('rimraf');
-var fs = require('graceful-fs');
+var rimraf = require('../util/rimraf');
+var fs = require('../util/fs');
 var endpointParser = require('bower-endpoint-parser');
 var PackageRepository = require('./PackageRepository');
 var semver = require('../util/semver');
 var copy = require('../util/copy');
 var createError = require('../util/createError');
+var scripts = require('./scripts');
+var relativeToBaseDir = require('../util/relativeToBaseDir');
 
 function Manager(config, logger) {
     this._config = config;
@@ -22,11 +24,13 @@ function Manager(config, logger) {
 
 Manager.prototype.configure = function (setup) {
     var targetsHash = {};
-
     this._conflicted = {};
 
-    // Targets
-    this._targets = setup.targets || [];
+    // Targets - ignore those specified in ignoredDependencies
+    this._targets = mout.array.reject(setup.targets || [], function (target) {
+        return mout.array.contains(this._config.ignoredDependencies, target.name );
+    }, this);
+
     this._targets.forEach(function (decEndpoint) {
         decEndpoint.initialName = decEndpoint.name;
         decEndpoint.dependants = mout.object.values(decEndpoint.dependants);
@@ -79,6 +83,17 @@ Manager.prototype.configure = function (setup) {
     return this;
 };
 
+/**
+ * It starts recursive fetching of targets. The flow is as follows:
+ *
+ * 1. this._fetch() that calls:
+ * 2. this._onFetchError() or this._onFetchSuccess() that calls:
+ * 3. this._parseDependencies() that calls for all dependencies:
+ * 4. this._fetch() again.
+ *
+ * Fetching and parsing of dependencies continues until all dependencies are fetched.
+ *
+ */
 Manager.prototype.resolve = function () {
     // If already resolving, error out
     if (this._working) {
@@ -108,8 +123,43 @@ Manager.prototype.resolve = function () {
     }.bind(this));
 };
 
-Manager.prototype.install = function () {
+Manager.prototype.preinstall = function (json) {
+    var that = this;
+    var componentsDir = relativeToBaseDir(this._config.cwd)(this._config.directory);
+
+    // If nothing to install, skip the code bellow
+    if (mout.lang.isEmpty(that._dissected)) {
+        return Q.resolve({});
+    }
+
+    return Q.nfcall(mkdirp, componentsDir)
+    .then(function () {
+        return scripts.preinstall(
+            that._config, that._logger, that._dissected, that._installed, json
+        );
+    });
+};
+
+Manager.prototype.postinstall = function (json) {
+    var that = this;
+    var componentsDir = relativeToBaseDir(this._config.cwd)(this._config.directory);
+
+    // If nothing to install, skip the code bellow
+    if (mout.lang.isEmpty(that._dissected)) {
+        return Q.resolve({});
+    }
+
+    return Q.nfcall(mkdirp, componentsDir)
+    .then(function () {
+        return scripts.postinstall(
+            that._config, that._logger, that._dissected, that._installed, json
+        );
+    });
+};
+
+Manager.prototype.install = function (json) {
     var componentsDir;
+    var componentsDirContents;
     var that = this;
 
     // If already resolving, error out
@@ -122,20 +172,29 @@ Manager.prototype.install = function () {
         return Q.resolve({});
     }
 
-    componentsDir = path.join(this._config.cwd, this._config.directory);
+    componentsDir = relativeToBaseDir(this._config.cwd)(this._config.directory);
     return Q.nfcall(mkdirp, componentsDir)
     .then(function () {
         var promises = [];
+        componentsDirContents = fs.readdirSync(componentsDir);
 
         mout.object.forOwn(that._dissected, function (decEndpoint, name) {
             var promise;
             var dst;
             var release = decEndpoint.pkgMeta._release;
+            var exists = mout.array.contains(componentsDirContents, name);
 
             that._logger.action('install', name + (release ? '#' + release : ''), that.toData(decEndpoint));
 
             dst = path.join(componentsDir, name);
 
+            if (exists && !that._installed[name] && !that._config.force) {
+                // There is a folder in the components directory that has
+                // this name, but it was not installed by bower.
+                that._logger.warn('skipped', name + ' was not installed because there is already a non-bower directory with that name in the components directory (' + path.relative(that._config.cwd, dst) + '). You can force installation with --force.');
+                return;
+            }
+
             // Remove existent and copy canonical dir
             promise = Q.nfcall(rimraf, dst)
             .then(copy.copyDir.bind(copy, decEndpoint.canonicalDir, dst))
@@ -171,13 +230,16 @@ Manager.prototype.install = function () {
         mout.object.forOwn(that._dissected, function (pkg) {
             // Sync dependencies
             mout.object.forOwn(pkg.dependencies, function (dependency, name) {
-                var dissected = this._dissected[name];
-                pkg.dependencies[name] = dissected || dependency;
+                var dissected = this._dissected[name] || (this._resolved[name] ? this._resolved[name][0] : dependency);
+                pkg.dependencies[name] = dissected;
             }, this);
 
             // Sync dependants
             pkg.dependants = pkg.dependants.map(function (dependant) {
-                return this._dissected[dependant.name] || dependant;
+                var name = dependant.name;
+                var dissected = this._dissected[name] || (this._resolved[name] ? this._resolved[name][0] : dependant);
+
+                return dissected;
             }, this);
         }, that);
 
@@ -191,11 +253,13 @@ Manager.prototype.install = function () {
     }.bind(this));
 };
 
-Manager.prototype.toData = function (decEndpoint, extraKeys) {
+Manager.prototype.toData = function (decEndpoint, extraKeys, upperDeps) {
     var names;
     var extra;
 
     var data = {};
+
+    upperDeps = upperDeps || [];
     data.endpoint = mout.object.pick(decEndpoint, ['name', 'source', 'target']);
 
     if (decEndpoint.canonicalDir) {
@@ -218,7 +282,14 @@ Manager.prototype.toData = function (decEndpoint, extraKeys) {
         // by dependency names
         names = Object.keys(decEndpoint.dependencies).sort();
         names.forEach(function (name) {
-            data.dependencies[name] = this.toData(decEndpoint.dependencies[name], extraKeys);
+
+            // Prevent from infinite recursion when installing cyclic
+            // dependencies
+            if (!mout.array.contains(upperDeps, name)) {
+                data.dependencies[name] = this.toData(decEndpoint.dependencies[name],
+                    extraKeys,
+                    upperDeps.concat(decEndpoint.name));
+            }
         }, this);
     }
 
@@ -290,7 +361,7 @@ Manager.prototype._onFetchSuccess = function (decEndpoint, canonicalDir, pkgMeta
     resolved.push(decEndpoint);
 
     // Parse dependencies
-    this._parseDependencies(decEndpoint, pkgMeta, 'dependencies');
+    this._parseDependencies(decEndpoint, pkgMeta);
 
     // Check if there are incompatibilities for this package name
     // If there are, we need to fetch them
@@ -315,7 +386,7 @@ Manager.prototype._onFetchSuccess = function (decEndpoint, canonicalDir, pkgMeta
 
     // If the package is not targetable, flag it
     // It will be needed later so that untargetable endpoints
-    // will not get * converted to ~version
+    // will not get * converted to ^version
     if (!isTargetable) {
         decEndpoint.untargetable = true;
     }
@@ -367,16 +438,32 @@ Manager.prototype._failFast = function () {
     }.bind(this), 20000);
 };
 
-Manager.prototype._parseDependencies = function (decEndpoint, pkgMeta, jsonKey) {
+/**
+ * Parses decEndpoint dependencies and fetches missing ones.
+ *
+ * It fetches all non-yet-fetching dependencies with _fetch.
+ *
+ *
+ * @param {string} pkgMeta Metadata of package to resolve dependencies.
+ */
+Manager.prototype._parseDependencies = function (decEndpoint, pkgMeta) {
+    var pending = [];
+
     decEndpoint.dependencies = decEndpoint.dependencies || {};
 
     // Parse package dependencies
-    mout.object.forOwn(pkgMeta[jsonKey], function (value, key) {
+    mout.object.forOwn(pkgMeta.dependencies, function (value, key) {
         var resolved;
         var fetching;
         var compatible;
         var childDecEndpoint = endpointParser.json2decomposed(key, value);
 
+        // Check if this depdendency should be skipped.
+        if (mout.array.contains(this._config.ignoredDependencies, childDecEndpoint.name)) {
+            this._logger.action('skipped', childDecEndpoint.name, this.toData(decEndpoint));
+            return;
+        }
+
         // Check if a compatible one is already resolved
         // If there's one, we don't need to resolve it twice
         resolved = this._resolved[key];
@@ -423,10 +510,7 @@ Manager.prototype._parseDependencies = function (decEndpoint, pkgMeta, jsonKey)
             }, this);
 
             if (compatible) {
-                compatible.promise
-                .then(function () {
-                    this._parseDependencies(decEndpoint, pkgMeta, jsonKey);
-                }.bind(this));
+                pending.push(compatible.promise);
                 return;
             }
         }
@@ -439,8 +523,28 @@ Manager.prototype._parseDependencies = function (decEndpoint, pkgMeta, jsonKey)
         childDecEndpoint.dependants = [decEndpoint];
         this._fetch(childDecEndpoint);
     }, this);
+
+    if (pending.length > 0) {
+        Q.all(pending)
+        .then(function () {
+            this._parseDependencies(decEndpoint, pkgMeta);
+        }.bind(this));
+    }
 };
 
+/**
+ * After batch of packages has been fetched, the results are stored in _resolved hash.
+ *
+ * {
+ *   packageName: [array, of, decEndpoints]
+ * }
+ *
+ * This method takes all possible decEndpoints and selects only one of them per packageName.
+ *
+ * It stores selected packages in the this._dissected array.
+ *
+ * The _dissected array is used later on by install method to move packages to config.directory.
+ */
 Manager.prototype._dissect = function () {
     var err;
     var componentsDir;
@@ -483,6 +587,17 @@ Manager.prototype._dissect = function () {
                 }
             }
 
+            // If they are equal and one of them is an exact target,
+            // give higher priority
+            if (!result) {
+                if (first.target === first.pkgMeta.version) {
+                    return -1;
+                }
+                if (second.target === second.pkgMeta.version) {
+                    return 1;
+                }
+            }
+
             return result;
         });
 
@@ -491,7 +606,7 @@ Manager.prototype._dissect = function () {
         // If they are not, the resolver is incapable of handling targets
         semvers.forEach(function (decEndpoint) {
             if (decEndpoint.newly && decEndpoint.target === '*' && !decEndpoint.untargetable) {
-                decEndpoint.target = '~' + decEndpoint.pkgMeta.version;
+                decEndpoint.target = '^' + decEndpoint.pkgMeta.version;
                 decEndpoint.originalTarget = '*';
             }
         });
@@ -518,34 +633,46 @@ Manager.prototype._dissect = function () {
                 return;
             }
 
-            this._logger.info('resolution', 'Removed unnecessary ' + name + '#' + resolution + ' resolution', {
+            // Packages that didn't have any conflicts in resolution yet have
+            // "resolution" entry in bower.json are deemed unnecessary
+            //
+            // Probably in future we want to use them for force given resolution, but for now...
+            // See: https://github.com/bower/bower/issues/1362
+            this._logger.warn('extra-resolution', 'Unnecessary resolution: ' + name + '#' + resolution, {
                 name: name,
                 resolution: resolution,
                 action: 'delete'
             });
-
-            delete this._resolutions[name];
         }, this);
 
         // Filter only packages that need to be installed
-        componentsDir = path.resolve(that._config.cwd, that._config.directory);
+        componentsDir = relativeToBaseDir(this._config.cwd)(this._config.directory);
         this._dissected = mout.object.filter(suitables, function (decEndpoint, name) {
             var installedMeta = this._installed[name];
             var dst;
 
-            // Analyse a few props
+            // Skip linked dependencies
+            if (decEndpoint.linked) {
+                return false;
+            }
+
+            // Skip if source is the same as dest
+            // FIXME: Shoudn't we force installation if force flag is used here?
+            dst = path.join(componentsDir, name);
+            if (dst === decEndpoint.canonicalDir) {
+                return false;
+            }
+
+            // We skip installing decEndpoint, if:
+            //   1. We have installed package with the same name
+            //   2. Packages have matching meta fields (needs explanation)
+            //   3. We didn't force the installation
             if (installedMeta &&
                 installedMeta._target === decEndpoint.target &&
                 installedMeta._originalSource === decEndpoint.source &&
                 installedMeta._release === decEndpoint.pkgMeta._release
             ) {
-                return false;
-            }
-
-            // Skip if source is the same as dest
-            dst = path.join(componentsDir, name);
-            if (dst === decEndpoint.canonicalDir) {
-                return false;
+                return this._config.force;
             }
 
             return true;
@@ -560,8 +687,9 @@ Manager.prototype._electSuitable = function (name, semvers, nonSemvers) {
     var unresolvable;
     var dataPicks;
     var save;
-    var choices;
     var picks = [];
+    var versionRegex = /(?:[\d\w]\.){2}[\d\w](?:.)*/;
+    var picksReleases;
 
     // If there are both semver and non-semver, there's no way
     // to figure out the suitable one
@@ -716,15 +844,21 @@ Manager.prototype._electSuitable = function (name, semvers, nonSemvers) {
         picks: dataPicks
     });
 
-    choices = picks.map(function (pick, index) { return index + 1; });
+    picksReleases = picks.map(function (pick) { return pick.pkgMeta._release; });
     return Q.nfcall(this._logger.prompt.bind(this._logger), {
         type: 'input',
-        message: 'Answer:',
+        message: 'Answer',
         validate: function (choice) {
+            var invalidChoice = 'Invalid choice';
+
+            if (choice.match(versionRegex)) {
+                return picksReleases.indexOf(choice) != -1 ? true : invalidChoice;
+            }
+
             choice = Number(mout.string.trim(choice.trim(), '!'));
 
             if (!choice || choice < 1 || choice > picks.length) {
-                return 'Invalid choice';
+                return invalidChoice;
             }
 
             return true;
@@ -736,8 +870,13 @@ Manager.prototype._electSuitable = function (name, semvers, nonSemvers) {
         // Sanitize choice
         choice = choice.trim();
         save = /^!/.test(choice) || /!$/.test(choice);  // Save if prefixed or suffixed with !
-        choice = Number(mout.string.trim(choice, '!'));
-        pick = picks[choice - 1];
+
+        if (choice.match(versionRegex)) {
+            pick = picks[picksReleases.indexOf(choice)];
+        } else {
+            choice = Number(mout.string.trim(choice, '!'));
+            pick = picks[choice - 1];
+        }
 
         // Save resolution
         if (save) {
@@ -766,10 +905,28 @@ Manager.prototype._storeResolution = function (pick) {
     this._resolutions[name] = resolution;
 };
 
+/**
+ * Checks if some endpoint is compatible with already resolved target.
+ *
+ * It is used in two situations:
+ *   * checks if resolved component matches dependency constraint
+ *   * checks if not resolved component matches already fetched component
+ *
+ * If candidate matches already resolved component, it won't be downloaded.
+ *
+ * @param {Endpoint} candidate endpoint
+ * @param {Endpoint} resolved endpoint
+ *
+ * @return {Boolean}
+ */
 Manager.prototype._areCompatible = function (candidate, resolved) {
     var resolvedVersion;
     var highestCandidate;
     var highestResolved;
+    var candidateIsRange = semver.validRange(candidate.target);
+    var resolvedIsRange = semver.validRange(resolved.target);
+    var candidateIsVersion = semver.valid(candidate.target);
+    var resolvedIsVersion = semver.valid(resolved.target);
 
     // Check if targets are equal
     if (candidate.target === resolved.target) {
@@ -777,30 +934,77 @@ Manager.prototype._areCompatible = function (candidate, resolved) {
     }
 
     resolvedVersion = resolved.pkgMeta && resolved.pkgMeta.version;
+    // If there is no pkgMeta, resolvedVersion is downloading now
+    // Check based on target requirements
     if (!resolvedVersion) {
+        // If one of the targets is range and other is version,
+        // check version against the range
+        if (candidateIsVersion && resolvedIsRange) {
+            return semver.satisfies(candidate.target, resolved.target);
+        }
+
+        if (resolvedIsVersion && candidateIsRange) {
+            return semver.satisfies(resolved.target, candidate.target);
+        }
+
+        if (resolvedIsVersion && candidateIsVersion) {
+            return semver.eq(resolved.target, candidate.target);
+        }
+
+        // If both targets are range, check that both have same
+        // higher cap
+        if (resolvedIsRange && candidateIsRange) {
+            highestCandidate =
+                this._getCap(semver.toComparators(candidate.target), 'highest');
+            highestResolved =
+                this._getCap(semver.toComparators(resolved.target), 'highest');
+
+            // This never happens, but you can't be sure without tests
+            if (!highestResolved.version || !highestCandidate.version) {
+                return false;
+            }
+
+            return semver.eq(highestCandidate.version, highestResolved.version) &&
+                highestCandidate.comparator === highestResolved.comparator;
+        }
         return false;
     }
 
     // If target is a version, compare against the resolved version
-    if (semver.valid(candidate.target)) {
+    if (candidateIsVersion) {
         return semver.eq(candidate.target, resolvedVersion);
     }
 
-    // If target is a range, check if the max versions of the range are the same
-    // and if the resolved version satisfies the candidate target
-    if (semver.validRange(candidate.target)) {
-        highestCandidate = this._getCap(semver.toComparators(candidate.target), 'highest');
-        highestResolved = this._getCap(semver.toComparators(resolved.target), 'highest');
-
-        return highestCandidate.version && highestResolved.version &&
-               semver.eq(highestCandidate.version, highestResolved.version) &&
-               highestCandidate.comparator === highestResolved.comparator &&
-               semver.satisfies(resolvedVersion, candidate.target);
+    // If target is a range, check if resolved version satisfies it
+    if (candidateIsRange) {
+        return semver.satisfies(resolvedVersion, candidate.target);
     }
 
     return false;
 };
 
+/**
+ * Gets highest/lowest version from set of comparators.
+ *
+ * The only thing that matters for this function is version number.
+ * Returned comparator is splitted to comparator and version parts.
+ *
+ * It is used to receive lowest / highest bound of toComparators result:
+ * semver.toComparators('~0.1.1') // => [ [ '>=0.1.1-0', '<0.2.0-0' ] ]
+ *
+ * Examples:
+ *
+ * _getCap([['>=2.1.1-0', '<2.2.0-0'], '<3.2.0'], 'highest')
+ * // => { comparator: '<', version: '3.2.0' }
+ *
+ * _getCap([['>=2.1.1-0', '<2.2.0-0'], '<3.2.0'], 'lowest')
+ * // => { comparator: '>=', version: '2.1.1-0' }
+ *
+ * @param {Array.<Array|string>} comparators
+ * @param {string} side, 'highest' (default) or 'lowest'
+ *
+ * @return {{ comparator: string, version: string }}
+ */
 Manager.prototype._getCap = function (comparators, side) {
     var matches;
     var candidate;
@@ -836,6 +1040,23 @@ Manager.prototype._getCap = function (comparators, side) {
     return cap;
 };
 
+/**
+ * Filters out unique endpoints, comparing by name and then source.
+ *
+ * It leaves last matching endpoint.
+ *
+ * Examples:
+ *
+ *  manager._uniquify([
+ *      { name: 'foo', source: 'google.com' },
+ *      { name: 'foo', source: 'facebook.com' }
+ *  ]);
+ *  // => { name: 'foo', source: 'facebook.com' }
+ *
+ * @param {Array.<Endpoint>} decEndpoints
+ * @return {Array.<Endpoint>} Filtered elements of decEndpoints
+ *
+ */
 Manager.prototype._uniquify = function (decEndpoints) {
     var length = decEndpoints.length;
 

lib/core/PackageRepository.js

@@ -1,11 +1,12 @@
 var mout = require('mout');
 var Q = require('q');
-var RegistryClient = require('bower-registry-client');
 var ResolveCache = require('./ResolveCache');
 var resolverFactory = require('./resolverFactory');
 var createError = require('../util/createError');
+var RegistryClient = require('bower-registry-client');
 
 function PackageRepository(config, logger) {
+
     var registryOptions;
 
     this._config = config;
@@ -14,6 +15,7 @@ function PackageRepository(config, logger) {
     // Instantiate the registry
     registryOptions = mout.object.deepMixIn({}, this._config);
     registryOptions.cache = this._config.storage.registry;
+
     this._registryClient = new RegistryClient(registryOptions, logger);
 
     // Instantiate the resolve cache
@@ -38,15 +40,18 @@ PackageRepository.prototype.fetch = function (decEndpoint) {
         that._extendLog(log, info);
     });
 
-    // Get the appropriate resolver
-    return resolverFactory(decEndpoint, this._config, logger, this._registryClient)
+    return this._getResolver(decEndpoint, logger)
     // Decide if we retrieve from the cache or not
     // Also decide if we validate the cached entry or not
     .then(function (resolver) {
         info.resolver = resolver;
         isTargetable = resolver.constructor.isTargetable;
 
-        // If force flag is used, bypass cache
+        if (!resolver.isCacheable()) {
+            return that._resolve(resolver, logger);
+        }
+
+        // If force flag is used, bypass cache, but write to cache anyway
         if (that._config.force) {
             logger.action('resolve', resolver.getSource() + '#' + resolver.getTarget());
             return that._resolve(resolver, logger);
@@ -84,10 +89,10 @@ PackageRepository.prototype.fetch = function (decEndpoint) {
             }
 
             // Otherwise check for new contents
-            logger.action('validate', (pkgMeta._release ? pkgMeta._release + ' against ': '') +
+            logger.action('validate', (pkgMeta._release ? pkgMeta._release + ' against ' : '') +
                                       resolver.getSource() + (resolver.getTarget() ? '#' + resolver.getTarget() : ''));
 
-            return resolver.hasNew(canonicalDir, pkgMeta)
+            return resolver.hasNew(pkgMeta)
             .then(function (hasNew) {
                 // If there are no new contents, resolve to
                 // the cached one
@@ -113,15 +118,15 @@ PackageRepository.prototype.fetch = function (decEndpoint) {
 PackageRepository.prototype.versions = function (source) {
     // Resolve the source using the factory because the
     // source can actually be a registry name
-    return resolverFactory.getConstructor(source, this._config, this._registryClient)
-    .spread(function (ConcreteResolver, source) {
+    return this._getResolver({ source: source })
+    .then(function (resolver) {
         // If offline, resolve using the cached versions
         if (this._config.offline) {
-            return this._resolveCache.versions(source);
+            return this._resolveCache.versions(resolver.getSource());
         }
 
         // Otherwise, fetch remotely
-        return ConcreteResolver.versions(source);
+        return resolver.constructor.versions(resolver.getSource());
     }.bind(this));
 };
 
@@ -164,20 +169,33 @@ PackageRepository.clearRuntimeCache = function () {
 
 // ---------------------
 
+PackageRepository.prototype._getResolver = function (decEndpoint, logger) {
+    logger = logger || this._logger;
+
+    // Get the appropriate resolver
+    return resolverFactory(decEndpoint, { config: this._config, logger: logger }, this._registryClient);
+};
+
 PackageRepository.prototype._resolve = function (resolver, logger) {
+    var that = this;
+
     // Resolve the resolver
     return resolver.resolve()
     // Store in the cache
     .then(function (canonicalDir) {
-        return this._resolveCache.store(canonicalDir, resolver.getPkgMeta());
-    }.bind(this))
+        if (!resolver.isCacheable()) {
+            return canonicalDir;
+        }
+
+        return that._resolveCache.store(canonicalDir, resolver.getPkgMeta());
+    })
     // Resolve promise with canonical dir and package meta
     .then(function (dir) {
         var pkgMeta = resolver.getPkgMeta();
 
         logger.info('resolved', resolver.getSource() + (pkgMeta._release ? '#' + pkgMeta._release : ''));
         return [dir, pkgMeta, resolver.constructor.isTargetable()];
-    }.bind(this));
+    });
 };
 
 PackageRepository.prototype._extendLog = function (log, info) {

lib/core/Project.js

@@ -1,25 +1,22 @@
 var glob = require('glob');
 var path = require('path');
-var fs = require('graceful-fs');
+var fs = require('../util/fs');
 var Q = require('q');
 var mout = require('mout');
-var rimraf = require('rimraf');
+var rimraf = require('../util/rimraf');
 var endpointParser = require('bower-endpoint-parser');
 var Logger = require('bower-logger');
+var md5 = require('md5-hex');
 var Manager = require('./Manager');
-var defaultConfig = require('../config');
 var semver = require('../util/semver');
-var md5 = require('../util/md5');
 var createError = require('../util/createError');
 var readJson = require('../util/readJson');
 var validLink = require('../util/validLink');
+var scripts = require('./scripts');
+var relativeToBaseDir = require('../util/relativeToBaseDir');
 
 function Project(config, logger) {
-    // This is the only architecture component that ensures defaults
-    // on config and logger
-    // The reason behind it is that users can likely use this component
-    // directly if commands do not fulfil their needs
-    this._config = config || defaultConfig;
+    this._config = config;
     this._logger = logger || new Logger();
     this._manager = new Manager(this._config, this._logger);
 
@@ -28,7 +25,7 @@ function Project(config, logger) {
 
 // -----------------
 
-Project.prototype.install = function (decEndpoints, options) {
+Project.prototype.install = function (decEndpoints, options, config) {
     var that = this;
     var targets = [];
     var resolved = {};
@@ -40,27 +37,28 @@ Project.prototype.install = function (decEndpoints, options) {
     }
 
     this._options = options || {};
+    this._config = config || {};
     this._working = true;
 
     // Analyse the project
     return this._analyse()
     .spread(function (json, tree) {
+        // It shows an error when issuing `bower install`
+        // and no bower.json is present in current directory
+        if (!that._jsonFile && decEndpoints.length === 0 ) {
+            throw createError('No bower.json present', 'ENOENT');
+        }
+
         // Recover tree
         that.walkTree(tree, function (node, name) {
-            if (node.missing || node.different) {
-                targets.push(node);
-            } else if (node.incompatible) {
+            if (node.incompatible) {
                 incompatibles.push(node);
+            } else if (node.missing || node.different || that._config.force) {
+                targets.push(node);
             } else {
                 resolved[name] = node;
             }
-
-            // Ignore linked dependencies because it's too complex to parse them
-            // Note that this might change in the future: #673
-            if (node.linked) {
-                return false;
-            }
-        });
+        }, true);
 
         // Add decomposed endpoints as targets
         decEndpoints = decEndpoints || [];
@@ -76,21 +74,33 @@ Project.prototype.install = function (decEndpoints, options) {
         // Bootstrap the process
         return that._bootstrap(targets, resolved, incompatibles);
     })
+    .then(function () {
+        return that._manager.preinstall(that._json);
+    })
+    .then(function () {
+        return that._manager.install(that._json);
+    })
     .then(function (installed) {
         // Handle save and saveDev options
-        if (that._options.save || that._options.saveDev) {
+        if (that._options.save || that._options.saveDev || that._options.saveExact || that._config.save || that._config.saveExact) {
             // Cycle through the specified endpoints
             decEndpoints.forEach(function (decEndpoint) {
                 var jsonEndpoint;
 
                 jsonEndpoint = endpointParser.decomposed2json(decEndpoint);
 
-                if (that._options.save) {
-                    that._json.dependencies = mout.object.mixIn(that._json.dependencies || {}, jsonEndpoint);
+                if (that._options.saveExact || that._config.saveExact) {
+                    if (decEndpoint.name !== decEndpoint.source) {
+                        jsonEndpoint[decEndpoint.name] = decEndpoint.source + '#' + decEndpoint.pkgMeta.version;
+                    } else {
+                        jsonEndpoint[decEndpoint.name] = decEndpoint.pkgMeta.version;
+                    }
                 }
 
                 if (that._options.saveDev) {
                     that._json.devDependencies = mout.object.mixIn(that._json.devDependencies || {}, jsonEndpoint);
+                } else {
+                    that._json.dependencies = mout.object.mixIn(that._json.dependencies || {}, jsonEndpoint);
                 }
             });
         }
@@ -98,7 +108,9 @@ Project.prototype.install = function (decEndpoints, options) {
         // Save JSON, might contain changes to dependencies and resolutions
         return that.saveJson()
         .then(function () {
-            return installed;
+            return that._manager.postinstall(that._json).then(function () {
+                return installed;
+            });
         });
     })
     .fin(function () {
@@ -128,13 +140,14 @@ Project.prototype.update = function (names, options) {
         if (!names) {
             // Mark each root dependency as targets
             that.walkTree(tree, function (node) {
-                // Ignore linked extraneous because
-                // we don't know their real sources
-                if (node.extraneous && node.linked) {
-                    return false;
+                // We don't know the real source of linked packages
+                // Instead we read its dependencies
+                if (node.linked) {
+                    targets.push.apply(targets, mout.object.values(node.dependencies));
+                } else {
+                    targets.push(node);
                 }
 
-                targets.push(node);
                 return false;
             }, true);
         // Otherwise, selectively update the specified ones
@@ -151,14 +164,15 @@ Project.prototype.update = function (names, options) {
 
             // Add packages whose names are specified to be updated
             that.walkTree(tree, function (node, name) {
-                // Ignore linked extraneous because
-                // we don't know their real source
-                if (node.extraneous && node.linked) {
-                    return false;
-                }
-
                 if (names.indexOf(name) !== -1) {
-                    targets.push(node);
+                    // We don't know the real source of linked packages
+                    // Instead we read its dependencies
+                    if (node.linked) {
+                        targets.push.apply(targets, mout.object.values(node.dependencies));
+                    } else {
+                        targets.push(node);
+                    }
+
                     return false;
                 }
             }, true);
@@ -172,22 +186,24 @@ Project.prototype.update = function (names, options) {
                 } else {
                     resolved[name] = node;
                 }
-
-                // Ignore linked dependencies because it's too complex to parse them
-                // Note that this might change in the future: #673
-                if (node.linked) {
-                    return false;
-                }
             }, true);
         }
 
         // Bootstrap the process
         return that._bootstrap(targets, resolved, incompatibles)
+        .then(function () {
+            return that._manager.preinstall(that._json);
+        })
+        .then(function () {
+            return that._manager.install(that._json);
+        })
         .then(function (installed) {
             // Save JSON, might contain changes to resolutions
             return that.saveJson()
             .then(function () {
-                return installed;
+                return that._manager.postinstall(that._json).then(function () {
+                    return installed;
+                });
             });
         });
     })
@@ -197,6 +213,20 @@ Project.prototype.update = function (names, options) {
     });
 };
 
+function resolveUrlNames(names, flattened)
+{
+    for (var i = 0; i < names.length; i++)
+        if (! flattened[names[i]])
+    {
+            var url = names[i].trim().replace(/\/$/, '');
+            var packName;
+            for (packName in flattened)
+                if (! ( !flattened[packName].source))
+                    if (url == flattened[packName].source.trim().replace(/\/$/, ''))
+                        names[i] = packName;
+        }
+}
+
 Project.prototype.uninstall = function (names, options) {
     var that = this;
     var packages = {};
@@ -214,6 +244,7 @@ Project.prototype.uninstall = function (names, options) {
     // Fill in the packages to be uninstalled
     .spread(function (json, tree, flattened) {
         var promise = Q.resolve();
+        resolveUrlNames(names, flattened);
 
         names.forEach(function (name) {
             var decEndpoint = flattened[name];
@@ -306,7 +337,9 @@ Project.prototype.uninstall = function (names, options) {
     });
 };
 
-Project.prototype.getTree = function () {
+Project.prototype.getTree = function (options) {
+    this._options = options || {};
+
     return this._analyse()
     .spread(function (json, tree, flattened) {
         var extraneous = [];
@@ -361,7 +394,7 @@ Project.prototype.walkTree = function (node, fn, onlyOnce) {
 
     while (queue.length) {
         node = queue.shift();
-        result = fn(node, node.name);
+        result = fn(node, node.endpoint ? node.endpoint.name : node.name);
 
         // Abort traversal if result is false
         if (result === false) {
@@ -448,7 +481,6 @@ Project.prototype._analyse = function () {
     .spread(function (json, installed, links) {
         var root;
         var jsonCopy = mout.lang.deepClone(json);
-        var flattened = mout.object.mixIn({}, installed, links);
 
         root = {
             name: json.name,
@@ -459,6 +491,8 @@ Project.prototype._analyse = function () {
             root: true
         };
 
+        mout.object.mixIn(installed, links);
+
         // Mix direct extraneous as dependencies
         // (dependencies installed without --save/--save-dev)
         jsonCopy.dependencies = jsonCopy.dependencies || {};
@@ -468,34 +502,40 @@ Project.prototype._analyse = function () {
             var isSaved = jsonCopy.dependencies[key] || jsonCopy.devDependencies[key];
 
             // The _direct propery is saved by the manager when .newly is specified
-            if (!isSaved && pkgMeta._direct) {
+            // It may happen pkgMeta is undefined if package is uninstalled
+            if (!isSaved && pkgMeta && pkgMeta._direct) {
                 decEndpoint.extraneous = true;
-                jsonCopy.dependencies[key] = (pkgMeta._originalSource || pkgMeta._source) + '#' + pkgMeta._target;
+
+                if (decEndpoint.linked) {
+                    jsonCopy.dependencies[key] = pkgMeta.version || '*';
+                } else {
+                    jsonCopy.dependencies[key] = (pkgMeta._originalSource || pkgMeta._source) + '#' + pkgMeta._target;
+                }
             }
         });
 
         // Restore the original dependencies cross-references,
         // that is, the parent-child relationships
-        this._restoreNode(root, flattened, 'dependencies');
+        this._restoreNode(root, installed, 'dependencies');
         // Do the same for the dev dependencies
         if (!this._options.production) {
-            this._restoreNode(root, flattened, 'devDependencies');
+            this._restoreNode(root, installed, 'devDependencies');
         }
 
         // Restore the rest of the extraneous (not installed directly)
-        mout.object.forOwn(flattened, function (decEndpoint, name) {
+        mout.object.forOwn(installed, function (decEndpoint, name) {
             if (!decEndpoint.dependants) {
                 decEndpoint.extraneous = true;
-                this._restoreNode(decEndpoint, flattened, 'dependencies');
+                this._restoreNode(decEndpoint, installed, 'dependencies');
                 // Note that it has no dependants, just dependencies!
                 root.dependencies[name] = decEndpoint;
             }
         }, this);
 
         // Remove root from the flattened tree
-        delete flattened[json.name];
+        delete installed[json.name];
 
-        return [json, root, flattened];
+        return [json, root, installed];
     }.bind(this));
 };
 
@@ -522,9 +562,7 @@ Project.prototype._bootstrap = function (targets, resolved, incompatibles) {
         if (!mout.object.size(this._json.resolutions)) {
             delete this._json.resolutions;
         }
-    }.bind(this))
-    // Install resolved ones
-    .then(this._manager.install.bind(this._manager));
+    }.bind(this));
 };
 
 Project.prototype._readJson = function () {
@@ -534,9 +572,29 @@ Project.prototype._readJson = function () {
         return Q.resolve(this._json);
     }
 
-    // Read local json
-    return this._json = readJson(this._config.cwd, {
-        assume: { name: path.basename(this._config.cwd) || 'root' }
+    return Q.fcall(function () {
+        // This will throw if package.json does not exist
+        return fs.readFileSync(path.join(that._config.cwd, 'package.json'));
+    })
+    .then(function (buffer) {
+        // If package.json exists, use it's values as defaults
+        var defaults = {}, npm = JSON.parse(buffer.toString());
+
+        defaults.name        = npm.name || path.basename(that._config.cwd) || 'root';
+        defaults.description = npm.description;
+        defaults.main        = npm.main;
+        defaults.authors     = npm.contributors || npm.author;
+        defaults.license     = npm.license;
+        defaults.keywords    = npm.keywords;
+
+        return defaults;
+    })
+    .catch(function (err) {
+        // Most likely no package.json so just set default name
+        return { name: path.basename(that._config.cwd) || 'root' };
+    })
+    .then(function (defaults) {
+        return that._json = readJson(that._config.cwd, { assume: defaults, logger: that._logger });
     })
     .spread(function (json, deprecated, assumed) {
         var jsonStr;
@@ -565,7 +623,7 @@ Project.prototype._readInstalled = function () {
 
     // Gather all folders that are actual packages by
     // looking for the package metadata file
-    componentsDir = path.join(this._config.cwd, this._config.directory);
+    componentsDir = relativeToBaseDir(this._config.cwd)(this._config.directory);
     return this._installed = Q.nfcall(glob, '*/.bower.json', {
         cwd: componentsDir,
         dot: true
@@ -606,7 +664,7 @@ Project.prototype._readLinks = function () {
     var that = this;
 
     // Read directory, looking for links
-    componentsDir = path.join(this._config.cwd, this._config.directory);
+    componentsDir = relativeToBaseDir(this._config.cwd)(this._config.directory);
     return Q.nfcall(fs.readdir, componentsDir)
     .then(function (filenames) {
         var promises;
@@ -677,46 +735,53 @@ Project.prototype._removePackages = function (packages) {
     var that = this;
     var promises = [];
 
-    mout.object.forOwn(packages, function (dir, name) {
-        var promise;
+    return scripts.preuninstall(that._config, that._logger, packages, that._installed, that._json)
+    .then(function () {
 
-        // Delete directory
-        if (!dir) {
-            promise = Q.resolve();
-            that._logger.warn('not-installed', name, {
-                name: name
-            });
-        } else {
-            promise = Q.nfcall(rimraf, dir);
-            that._logger.action('uninstall', name, {
-                name: name,
-                dir: dir
-            });
-        }
+        mout.object.forOwn(packages, function (dir, name) {
+            var promise;
 
-        // Remove from json only if successfully deleted
-        if (that._options.save && that._json.dependencies) {
-            promise = promise
-            .then(function () {
-                delete that._json.dependencies[name];
-            });
-        }
+            // Delete directory
+            if (!dir) {
+                promise = Q.resolve();
+                that._logger.warn('not-installed', '\'' + name + '\'' + ' cannot be uninstalled as it is not currently installed', {
+                    name: name
+                });
+            } else {
+                promise = Q.nfcall(rimraf, dir);
+                that._logger.action('uninstall', name, {
+                    name: name,
+                    dir: dir
+                });
+            }
 
-        if (that._options.saveDev && that._json.devDependencies) {
-            promise = promise
-            .then(function () {
-                delete that._json.devDependencies[name];
-            });
-        }
+            // Remove from json only if successfully deleted
+            if ((that._options.save || that._config.save) && that._json.dependencies) {
+                promise = promise
+                .then(function () {
+                    delete that._json.dependencies[name];
+                });
+            }
 
-        promises.push(promise);
-    });
+            if (that._options.saveDev && that._json.devDependencies) {
+                promise = promise
+                .then(function () {
+                    delete that._json.devDependencies[name];
+                });
+            }
 
-    return Q.all(promises)
-    // Save json
+            promises.push(promise);
+        });
+
+        return Q.all(promises);
+
+    })
     .then(function () {
         return that.saveJson();
     })
+    // Run post-uninstall hook before resolving with removed packages.
+    .then(scripts.postuninstall.bind(
+        null, that._config, that._logger, packages, that._installed, that._json))
     // Resolve with removed packages
     .then(function () {
         return mout.object.filter(packages, function (dir) {
@@ -725,7 +790,7 @@ Project.prototype._removePackages = function (packages) {
     });
 };
 
-Project.prototype._restoreNode = function (node, flattened, jsonKey) {
+Project.prototype._restoreNode = function (node, flattened, jsonKey, processed) {
     var deps;
 
     // Do not restore if the node is missing
@@ -735,10 +800,11 @@ Project.prototype._restoreNode = function (node, flattened, jsonKey) {
 
     node.dependencies = node.dependencies || {};
     node.dependants = node.dependants || {};
+    processed = processed || {};
 
-    // Only process deps that are yet processed
+    // Only process deps that are not yet processed
     deps = mout.object.filter(node.pkgMeta[jsonKey], function (value, key) {
-        return !node.dependencies[key];
+        return !processed[node.name + ':' + key];
     });
 
     mout.object.forOwn(deps, function (value, key) {
@@ -785,15 +851,17 @@ Project.prototype._restoreNode = function (node, flattened, jsonKey) {
 
         // Cross reference
         node.dependencies[key] = restored;
+        processed[node.name + ':' + key] = true;
+
         restored.dependants = restored.dependants || {};
-        restored.dependants[node.name] = node;
+        restored.dependants[node.name] = mout.object.mixIn({}, node);  // We need to clone due to shared objects in the manager!
 
         // Call restore for this dependency
-        this._restoreNode(restored, flattened, 'dependencies');
+        this._restoreNode(restored, flattened, 'dependencies', processed);
 
         // Do the same for the incompatible local package
         if (local && restored !== local) {
-            this._restoreNode(local, flattened, 'dependencies');
+            this._restoreNode(local, flattened, 'dependencies', processed);
         }
     }, this);
 };

lib/core/ResolveCache.js

@@ -1,14 +1,15 @@
-var fs = require('graceful-fs');
+var fs = require('../util/fs');
 var path = require('path');
 var mout = require('mout');
 var Q = require('q');
 var mkdirp = require('mkdirp');
-var rimraf = require('rimraf');
+var rimraf = require('../util/rimraf');
 var LRU = require('lru-cache');
+var lockFile = require('lockfile');
+var md5 = require('md5-hex');
 var semver = require('../util/semver');
 var readJson = require('../util/readJson');
 var copy = require('../util/copy');
-var md5 = require('../util/md5');
 
 function ResolveCache(config) {
     // TODO: Make some config entries, such as:
@@ -18,6 +19,9 @@ function ResolveCache(config) {
     //       - etc..
     this._config = config;
     this._dir = this._config.storage.packages;
+    this._lockDir = this._config.storage.packages;
+
+    mkdirp.sync(this._lockDir);
 
     // Cache is stored/retrieved statically to ensure singularity
     // among instances
@@ -76,7 +80,7 @@ ResolveCache.prototype.retrieve = function (source, target) {
         }
 
         // Resolve with canonical dir and package meta
-        canonicalDir = path.join(dir, version);
+        canonicalDir = path.join(dir, encodeURIComponent(version));
         return that._readPkgMeta(canonicalDir)
         .then(function (pkgMeta) {
             return [canonicalDir, pkgMeta];
@@ -97,6 +101,7 @@ ResolveCache.prototype.store = function (canonicalDir, pkgMeta) {
     var sourceId;
     var release;
     var dir;
+    var pkgLock;
     var promise;
     var that = this;
 
@@ -107,36 +112,41 @@ ResolveCache.prototype.store = function (canonicalDir, pkgMeta) {
         sourceId = md5(pkgMeta._source);
         release = that._getPkgRelease(pkgMeta);
         dir = path.join(that._dir, sourceId, release);
+        pkgLock = path.join(that._lockDir, sourceId + '-' + release + '.lock');
 
-        // Check if directory exists
+        // Check if destination directory exists to prevent issuing lock at all times
         return Q.nfcall(fs.stat, dir)
-        .then(function () {
-            // If it does exists, remove it
-            return Q.nfcall(rimraf, dir);
-        }, function (err) {
-            // If directory does not exists, ensure its basename
-            // is created
-            if (err.code === 'ENOENT') {
-                return Q.nfcall(mkdirp, path.dirname(dir));
-            }
+        .fail(function (err) {
+            var lockParams = { wait: 250, retries: 25, stale: 60000 };
+            return Q.nfcall(lockFile.lock, pkgLock, lockParams).then(function () {
+                // Ensure other process didn't start copying files before lock was created
+                return Q.nfcall(fs.stat, dir)
+                .fail(function (err) {
+                    // If stat fails, it is expected to return ENOENT
+                    if (err.code !== 'ENOENT') {
+                        throw err;
+                    }
 
-            throw err;
-        })
-        // Move the canonical to sourceId/target
-        .then(function () {
-            return Q.nfcall(fs.rename, canonicalDir, dir)
-            .fail(function (err) {
-                // If error is EXDEV it means that we are trying to rename
-                // across different drives, so we copy and remove it instead
-                if (err.code !== 'EXDEV') {
-                    throw err;
-                }
+                    // Create missing directory and copy files there
+                    return Q.nfcall(mkdirp, path.dirname(dir)).then(function () {
+                        return Q.nfcall(fs.rename, canonicalDir, dir)
+                        .fail(function (err) {
+                            // If error is EXDEV it means that we are trying to rename
+                            // across different drives, so we copy and remove it instead
+                            if (err.code !== 'EXDEV') {
+                                throw err;
+                            }
 
-                return copy.copyDir(canonicalDir, dir)
-                .then(function () {
-                    return Q.nfcall(rimraf, canonicalDir);
+                            return copy.copyDir(canonicalDir, dir);
+                        });
+                    });
                 });
+            }).finally(function () {
+                lockFile.unlockSync(pkgLock);
             });
+        }).finally(function () {
+            // Ensure no tmp dir is left on disk.
+            return Q.nfcall(rimraf, canonicalDir);
         });
     })
     .then(function () {
@@ -346,6 +356,7 @@ ResolveCache.prototype._getVersions = function (sourceId) {
     .then(function (versions) {
         // Sort and cache in memory
         that._sortVersions(versions);
+        versions = versions.map(decodeURIComponent);
         that._cache.set(sourceId, versions);
         return [versions, false];
     }, function (err) {

lib/core/resolverFactory.js

@@ -1,146 +1,228 @@
 var Q = require('q');
-var fs = require('graceful-fs');
+var fs = require('../util/fs');
 var path = require('path');
 var mout = require('mout');
 var resolvers = require('./resolvers');
 var createError = require('../util/createError');
+var resolve = require('../util/resolve');
 
-function createInstance(decEndpoint, config, logger, registryClient) {
-    return getConstructor(decEndpoint.source, config, registryClient)
-    .spread(function (ConcreteResolver, source, fromRegistry) {
-        var decEndpointCopy = mout.object.pick(decEndpoint, ['name', 'target']);
+var pluginResolverFactory = require('./resolvers/pluginResolverFactory');
 
-        decEndpointCopy.source = source;
+function createInstance(decEndpoint, options, registryClient) {
+    decEndpoint = mout.object.pick(decEndpoint, ['name', 'target', 'source']);
 
-        // Signal if it was fetched from the registry
-        if (fromRegistry) {
-            decEndpoint.registry = true;
-            // If no name was specified, assume the name from the registry
-            if (!decEndpointCopy.name) {
-                decEndpointCopy.name = decEndpoint.name = decEndpoint.source;
-            }
-        }
+    options.version = require('../version');
 
-        return new ConcreteResolver(decEndpointCopy, config, logger);
+    return getConstructor(decEndpoint, options, registryClient)
+    .spread(function (ConcreteResolver, decEndpoint) {
+        return new ConcreteResolver(decEndpoint, options.config, options.logger);
     });
 }
 
-function getConstructor(source, config, registryClient) {
-    var absolutePath,
-        promise;
+function getConstructor(decEndpoint, options, registryClient) {
+    var source = decEndpoint.source;
+    var config = options.config;
+
+    // Below we try a series of async tests to guess the type of resolver to use
+    // If a step was unable to guess the resolver, it returns undefined
+    // If a step can guess the resolver, it returns with constructor of resolver
+
+    var promise = Q.resolve();
+
+    var addResolver = function (resolverFactory) {
+        promise = promise.then(function (result) {
+            if (result === undefined) {
+                return resolverFactory(decEndpoint, options);
+            } else {
+                return result;
+            }
+        });
+    };
+
+    // Plugin resolvers.
+    //
+    // It requires each resolver defined in config.resolvers and calls
+    // its "match" to check if given resolves supports given decEndpoint
+    addResolver(function () {
+        var selectedResolver;
+        var resolverNames;
+
+        if (Array.isArray(config.resolvers)) {
+            resolverNames = config.resolvers;
+        } else if (!!config.resolvers) {
+            resolverNames = config.resolvers.split(',');
+        } else {
+            resolverNames = [];
+        }
+
+        var resolverPromises = resolverNames.map(function (resolverName) {
+
+
+            var resolver = resolvers[resolverName];
+
+            if (resolver === undefined) {
+                var resolverPath = resolve(resolverName, { cwd: config.cwd });
+
+                if (resolverPath === undefined) {
+                    throw createError('Bower resolver not found: ' + resolverName, 'ENORESOLVER')
+                }
+
+                resolver = pluginResolverFactory(require(resolverPath), options);
+            }
+
+            return function () {
+                if (selectedResolver === undefined) {
+                    var match = resolver.match.bind(resolver);
+
+                    return Q.fcall(match, source).then(function (result) {
+                        if (result) {
+                            return selectedResolver = resolver;
+                        }
+                    });
+                } else {
+                    return selectedResolver;
+                }
+            };
+        });
+
+        return resolverPromises.reduce(Q.when, new Q(undefined)).then(function (resolver) {
+            if (resolver) {
+                return Q.fcall(resolver.locate.bind(resolver), decEndpoint.source).then(function (result) {
+                    if (result && result !== decEndpoint.source) {
+                        decEndpoint.source = result;
+                        decEndpoint.registry = true;
+                        return getConstructor(decEndpoint, options, registryClient);
+                    } else {
+                        return [resolver, decEndpoint];
+                    }
+                });
+            }
+        });
+    });
 
     // Git case: git git+ssh, git+http, git+https
     //           .git at the end (probably ssh shorthand)
     //           git@ at the start
-    if (/^git(\+(ssh|https?))?:\/\//i.test(source) || /\.git\/?$/i.test(source) || /^git@/i.test(source)) {
-        source = source.replace(/^git\+/, '');
-        return Q.fcall(function () {
+    addResolver(function () {
+        if (/^git(\+(ssh|https?))?:\/\//i.test(source) || /\.git\/?$/i.test(source) || /^git@/i.test(source)) {
+            decEndpoint.source = source.replace(/^git\+/, '');
 
             // If it's a GitHub repository, return the specialized resolver
             if (resolvers.GitHub.getOrgRepoPair(source)) {
-                return [resolvers.GitHub, source];
+                return [resolvers.GitHub, decEndpoint];
             }
 
-            return [resolvers.GitRemote, source];
-        });
-    }
+            return [resolvers.GitRemote, decEndpoint];
+        }
+    });
+
+    // SVN case: svn, svn+ssh, svn+http, svn+https, svn+file
+    addResolver(function () {
+        if (/^svn(\+(ssh|https?|file))?:\/\//i.test(source)) {
+            return [resolvers.Svn, decEndpoint];
+        }
+    });
 
     // URL case
-    if (/^https?:\/\//i.exec(source)) {
-        return Q.fcall(function () {
-            return [resolvers.Url, source];
-        });
-    }
+    addResolver(function () {
+        if (/^https?:\/\//i.exec(source)) {
+            return [resolvers.Url, decEndpoint];
+        }
+    });
 
-    // Below we try a series of async tests to guess the type of resolver to use
-    // If a step was unable to guess the resolver, it throws an error
-    // If a step was able to guess the resolver, it resolves with a function
-    // That function returns a promise that will resolve with the concrete type
 
     // If source is ./ or ../ or an absolute path
-    absolutePath = path.resolve(config.cwd, source);
 
-    if (/^\.\.?[\/\\]/.test(source) || /^~\//.test(source) || path.normalize(source) === absolutePath) {
-        promise = Q.nfcall(fs.stat, path.join(absolutePath, '.git'))
-        .then(function (stats) {
-            if (stats.isDirectory()) {
-                return function () {
-                    return Q.resolve([resolvers.GitFs, absolutePath]);
-                };
-            }
+    addResolver(function () {
+        var absolutePath = path.resolve(config.cwd, source);
 
-            throw new Error('Not a Git repository');
-        })
-        // If not, check if source is a valid file/folder
-        .fail(function () {
-            return Q.nfcall(fs.stat, absolutePath)
-            .then(function () {
-                return function () {
-                    return Q.resolve([resolvers.Fs, absolutePath]);
-                };
+        if (/^\.\.?[\/\\]/.test(source) || /^~\//.test(source) ||
+            path.normalize(source).replace(/[\/\\]+$/, '') === absolutePath
+        ) {
+            return Q.nfcall(fs.stat, path.join(absolutePath, '.git'))
+            .then(function (stats) {
+                decEndpoint.source = absolutePath;
+
+                if (stats.isDirectory()) {
+                    return Q.resolve([resolvers.GitFs, decEndpoint]);
+                }
+
+                throw new Error('Not a Git repository');
+            })
+            // If not, check if source is a valid Subversion repository
+            .fail(function () {
+                return Q.nfcall(fs.stat, path.join(absolutePath, '.svn'))
+                .then(function (stats) {
+                    decEndpoint.source = absolutePath;
+
+                    if (stats.isDirectory()) {
+                        return Q.resolve([resolvers.Svn, decEndpoint]);
+                    }
+
+                    throw new Error('Not a Subversion repository');
+                });
+            })
+            // If not, check if source is a valid file/folder
+            .fail(function () {
+                return Q.nfcall(fs.stat, absolutePath)
+                .then(function () {
+                    decEndpoint.source = absolutePath;
+
+                    return Q.resolve([resolvers.Fs, decEndpoint]);
+                });
             });
-        });
-    } else {
-        promise = Q.reject(new Error('Not an absolute or relative file'));
-    }
+        }
+    });
 
-    return promise
     // Check if is a shorthand and expand it
-    .fail(function (err) {
-        var parts;
-
+    addResolver(function () {
         // Skip ssh and/or URL with auth
         if (/[:@]/.test(source)) {
-            throw err;
+            return;
         }
 
         // Ensure exactly only one "/"
-        parts = source.split('/');
+        var parts = source.split('/');
         if (parts.length === 2) {
-            source = mout.string.interpolate(config.shorthandResolver, {
+            decEndpoint.source = mout.string.interpolate(config.shorthandResolver, {
                 shorthand: source,
                 owner: parts[0],
                 package: parts[1]
             });
 
-            return function () {
-                return getConstructor(source, config, registryClient);
-            };
+            return getConstructor(decEndpoint, options, registryClient);
         }
+    });
 
-        throw err;
-    })
     // As last resort, we try the registry
-    .fail(function (err) {
+    addResolver(function () {
         if (!registryClient) {
-            throw err;
+            return;
         }
 
-        return function () {
-            return Q.nfcall(registryClient.lookup.bind(registryClient), source)
-            .then(function (entry) {
-                if (!entry) {
-                    throw createError('Package ' + source + ' not found', 'ENOTFOUND');
-                }
+        return Q.nfcall(registryClient.lookup.bind(registryClient), source)
+        .then(function (entry) {
+            if (!entry) {
+                throw createError('Package ' + source + ' not found', 'ENOTFOUND');
+            }
 
-                // TODO: Handle entry.type.. for now it's only 'alias'
-                //       When we got published packages, this needs to be adjusted
-                source = entry.url;
+            decEndpoint.registry = true;
 
-                return getConstructor(source, config, registryClient)
-                .spread(function (ConcreteResolver, source) {
-                    return [ConcreteResolver, source, true];
-                });
-            });
-        };
-    })
-    // If we got the function, simply call and return
-    .then(function (func) {
-        return func();
-    // Finally throw a meaningful error
-    }, function () {
+            if (!decEndpoint.name) {
+                decEndpoint.name = decEndpoint.source;
+            }
+
+            decEndpoint.source = entry.url;
+
+            return getConstructor(decEndpoint, options);
+        });
+    });
+
+    addResolver(function () {
         throw createError('Could not find appropriate resolver for ' + source, 'ENORESOLVER');
     });
+
+    return promise;
 }
 
 function clearRuntimeCache() {

lib/core/resolvers/FsResolver.js

@@ -1,5 +1,5 @@
 var util = require('util');
-var fs = require('graceful-fs');
+var fs = require('../../util/fs');
 var path = require('path');
 var mout = require('mout');
 var Q = require('q');
@@ -19,6 +19,12 @@ function FsResolver(decEndpoint, config, logger) {
     if (this._target !== '*') {
         throw createError('File system sources can\'t resolve targets', 'ENORESTARGET');
     }
+
+    // If the name was guessed
+    if (this._guessedName) {
+        // Remove extension
+        this._name = this._name.substr(0, this._name.length - path.extname(this._name).length);
+    }
 }
 
 util.inherits(FsResolver, Resolver);

lib/core/resolvers/GitFsResolver.js

@@ -69,7 +69,7 @@ GitFsResolver.refs = function (source) {
 
     // Store the promise to be reused until it resolves
     // to a specific value
-    this._cache.refs.set(source);
+    this._cache.refs.set(source, value);
 
     return value;
 };

lib/core/resolvers/GitHubResolver.js

@@ -1,6 +1,7 @@
 var util = require('util');
 var path = require('path');
 var mout = require('mout');
+var Q = require('q');
 var GitRemoteResolver = require('./GitRemoteResolver');
 var download = require('../../util/download');
 var extract = require('../../util/extract');
@@ -28,13 +29,15 @@ function GitHubResolver(decEndpoint, config, logger) {
         this._source += '.git';
     }
 
-    // Check if it's public
-    this._public = mout.string.startsWith(this._source, 'git://');
-
     // Use https:// rather than git:// if on a proxy
     if (this._config.proxy || this._config.httpsProxy) {
         this._source = this._source.replace('git://', 'https://');
     }
+
+    // Enable shallow clones for GitHub repos
+    this._shallowClone = function () {
+        return Q.resolve(true);
+    };
 }
 
 util.inherits(GitHubResolver, GitRemoteResolver);
@@ -43,14 +46,10 @@ mout.object.mixIn(GitHubResolver, GitRemoteResolver);
 // -----------------
 
 GitHubResolver.prototype._checkout = function () {
-    // Only fully works with public repositories and tags
-    // Could work with https/ssh protocol but not with 100% certainty
-    if (!this._public || !this._resolution.tag) {
-        return GitRemoteResolver.prototype._checkout.call(this);
-    }
-
     var msg;
-    var tarballUrl = 'https://github.com/' + this._org + '/' + this._repo + '/archive/' + this._resolution.tag + '.tar.gz';
+    var name = this._resolution.tag || this._resolution.branch || this._resolution.commit;
+    var tarballUrl = 'https://github.com/' + this._org + '/' + this._repo + '/archive/' + name + '.tar.gz';
+
     var file = path.join(this._tempDir, 'archive.tar.gz');
     var reqHeaders = {};
     var that = this;
@@ -66,7 +65,7 @@ GitHubResolver.prototype._checkout = function () {
 
     // Download tarball
     return download(tarballUrl, file, {
-        proxy: this._config.httpsProxy,
+        ca: this._config.ca.default,
         strictSSL: this._config.strictSsl,
         timeout: this._config.timeout,
         headers: reqHeaders
@@ -115,7 +114,6 @@ GitHubResolver.prototype._checkout = function () {
 
         return that._cleanTempDir()
         .then(GitRemoteResolver.prototype._checkout.bind(that));
-
     });
 };
 

lib/core/resolvers/GitRemoteResolver.js

@@ -19,12 +19,17 @@ function GitRemoteResolver(decEndpoint, config, logger) {
         this._name = this._name.slice(0, -4);
     }
 
-    // Get the host of this source
+    // Get the remote of this source
     if (!/:\/\//.test(this._source)) {
-        this._host = url.parse('ssh://' + this._source).host;
+        this._remote = url.parse('ssh://' + this._source);
     } else {
-        this._host = url.parse(this._source).host;
+        this._remote = url.parse(this._source);
     }
+    
+    this._host = this._remote.host;
+
+    // Verify whether the server supports shallow cloning
+    this._shallowClone = this._supportsShallowCloning;
 }
 
 util.inherits(GitRemoteResolver, GitResolver);
@@ -112,34 +117,36 @@ GitRemoteResolver.prototype._fastClone = function (resolution) {
     branch = resolution.tag || resolution.branch;
     args = ['clone',  this._source, '-b', branch, '--progress', '.'];
 
-    // If the host does not support shallow clones, we don't use --depth=1
-    if (!GitRemoteResolver._noShallow.get(this._host)) {
-        args.push('--depth', 1);
-    }
-
-    return cmd('git', args, { cwd: this._tempDir })
-    .spread(function (stdout, stderr) {
-        // Only after 1.7.10 --branch accepts tags
-        // Detect those cases and inform the user to update git otherwise it's
-        // a lot slower than newer versions
-        if (!/branch .+? not found/i.test(stderr)) {
-            return;
+    return this._shallowClone().then(function (shallowCloningSupported) {
+        // If the host does not support shallow clones, we don't use --depth=1
+        if (shallowCloningSupported && !GitRemoteResolver._noShallow.get(that._host)) {
+            args.push('--depth', 1);
         }
 
-        that._logger.warn('old-git', 'It seems you are using an old version of git, it will be slower and propitious to errors!');
-        return cmd('git', ['checkout', resolution.commit], { cwd: that._tempDir });
-    }, function (err) {
-        // Some git servers do not support shallow clones
-        // When that happens, we mark this host and try again
-        if (!GitRemoteResolver._noShallow.has(that._source) &&
-            err.details &&
-            /(rpc failed|shallow)/i.test(err.details)
-        ) {
-            GitRemoteResolver._noShallow.set(that._host, true);
-            return that._fastClone(resolution);
-        }
+        return cmd('git', args, { cwd: that._tempDir })
+        .spread(function (stdout, stderr) {
+            // Only after 1.7.10 --branch accepts tags
+            // Detect those cases and inform the user to update git otherwise it's
+            // a lot slower than newer versions
+            if (!/branch .+? not found/i.test(stderr)) {
+                return;
+            }
 
-        throw err;
+            that._logger.warn('old-git', 'It seems you are using an old version of git, it will be slower and propitious to errors!');
+            return cmd('git', ['checkout', resolution.commit], { cwd: that._tempDir });
+        }, function (err) {
+            // Some git servers do not support shallow clones
+            // When that happens, we mark this host and try again
+            if (!GitRemoteResolver._noShallow.has(that._source) &&
+                err.details &&
+                /(rpc failed|shallow|--depth)/i.test(err.details)
+                ) {
+                GitRemoteResolver._noShallow.set(that._host, true);
+                return that._fastClone(resolution);
+            }
+
+            throw err;
+        });
     });
 };
 
@@ -157,6 +164,79 @@ GitRemoteResolver.prototype._suggestProxyWorkaround = function (err) {
     }
 };
 
+// Verifies whether the server supports shallow cloning.
+// This is done according to the rules found in the following links:
+// * https://github.com/dimitri/el-get/pull/1921/files
+// * http://stackoverflow.com/questions/9270488/is-it-possible-to-detect-whether-a-http-git-remote-is-smart-or-dumb
+//
+// Summary of the rules:
+// * Protocols like ssh or git always support shallow cloning
+// * HTTP-based protocols can be verified by sending a HEAD or GET request to the URI (appended to the URL of the Git repo):
+//       /info/refs?service=git-upload-pack
+// * If the server responds with a 'Content-Type' header of 'application/x-git-upload-pack-advertisement',
+//      the server supports shallow cloning ("smart server")
+// * If the server responds with a different content type, the server does not support shallow cloning ("dumb server")
+// * Instead of doing the HEAD or GET request using an HTTP client, we're letting Git and Curl do the heavy lifting.
+//      Calling Git with the GIT_CURL_VERBOSE=2 env variable will provide the Git and Curl output, which includes
+//      the content type. This has the advantage that Git will take care of using stored credentials and any additional
+//      negotiation that needs to take place.
+//
+// The above should cover most cases, including BitBucket.
+GitRemoteResolver.prototype._supportsShallowCloning = function () {
+    var value = true;
+
+    // Verify that the remote could be parsed and that a protocol is set
+    // This case is unlikely, but let's still cover it.
+    if (this._remote == null || this._remote.protocol == null) {
+        return Q.resolve(false);
+    }
+
+
+    if (!this._host || !this._config.shallowCloneHosts || this._config.shallowCloneHosts.indexOf(this._host) === -1) {
+        return Q.resolve(false);
+    }
+
+    // Check for protocol - the remote check for hosts supporting shallow cloning is only required for
+    // HTTP or HTTPS, not for Git or SSH.
+    // Also check for hosts that have been checked in a previous request and have been found to support
+    // shallow cloning.
+    if (mout.string.startsWith(this._remote.protocol, 'http')
+            && !GitRemoteResolver._canShallow.get(this._host)) {
+        // Provide GIT_CURL_VERBOSE=2 environment variable to capture curl output.
+        // Calling ls-remote includes a call to the git-upload-pack service, which returns the content type in the response.
+        var processEnv = mout.object.merge(process.env, { 'GIT_CURL_VERBOSE': '2' });
+
+        value = cmd('git', ['ls-remote', '--heads', this._source], {
+            env: processEnv
+        })
+        .spread(function (stdout, stderr) {
+            // Check stderr for content-type, ignore stdout
+            var isSmartServer;
+
+            // If the content type is 'x-git', then the server supports shallow cloning
+            isSmartServer = mout.string.contains(stderr,
+                'Content-Type: application/x-git-upload-pack-advertisement');
+
+            this._logger.debug('detect-smart-git', 'Smart Git host detected: ' + isSmartServer);
+
+            if (isSmartServer) {
+                // Cache this host
+                GitRemoteResolver._canShallow.set(this._host, true);
+            }
+
+            return isSmartServer;
+        }.bind(this));
+    }
+    else {
+        // One of the following cases:
+        // * A non-HTTP/HTTPS protocol
+        // * A host that has been checked before and that supports shallow cloning
+        return Q.resolve(true);
+    }
+
+    return value;
+};
+
 // ------------------------------
 
 // Grab refs remotely
@@ -187,7 +267,7 @@ GitRemoteResolver.refs = function (source) {
 
     // Store the promise to be reused until it resolves
     // to a specific value
-    this._cache.refs.set(source);
+    this._cache.refs.set(source, value);
 
     return value;
 };
@@ -195,4 +275,7 @@ GitRemoteResolver.refs = function (source) {
 // Store hosts that do not support shallow clones here
 GitRemoteResolver._noShallow = new LRU({ max: 50, maxAge: 5 * 60 * 1000 });
 
+// Store hosts that support shallow clones here
+GitRemoteResolver._canShallow = new LRU({ max: 50, maxAge: 5 * 60 * 1000 });
+
 module.exports = GitRemoteResolver;

lib/core/resolvers/GitResolver.js

@@ -1,8 +1,7 @@
 var util = require('util');
 var path = require('path');
 var Q = require('q');
-var chmodr = require('chmodr');
-var rimraf = require('rimraf');
+var rimraf = require('../../util/rimraf');
 var mkdirp = require('mkdirp');
 var which = require('which');
 var LRU = require('lru-cache');
@@ -10,7 +9,6 @@ var mout = require('mout');
 var Resolver = require('./Resolver');
 var semver = require('../../util/semver');
 var createError = require('../../util/createError');
-var defaultConfig = require('../../config');
 
 var hasGit;
 
@@ -22,13 +20,25 @@ try {
     hasGit = false;
 }
 
-// Set template dir to the empty directory so that user templates are not run
-// This environment variable is not multiple config aware but it's not documented
-// anyway
-mkdirp.sync(defaultConfig.storage.empty);
-process.env.GIT_TEMPLATE_DIR = defaultConfig.storage.empty;
-
 function GitResolver(decEndpoint, config, logger) {
+    // Set template dir to the empty directory so that user templates are not run
+    // This environment variable is not multiple config aware but it's not documented
+    // anyway
+    mkdirp.sync(config.storage.empty);
+    process.env.GIT_TEMPLATE_DIR = config.storage.empty;
+
+    if (!config.strictSsl) {
+        process.env.GIT_SSL_NO_VERIFY = 'true';
+    }
+
+    if (!config.interactive) {
+        process.env.GIT_TERMINAL_PROMPT = '0';
+
+        if (!process.env.SSH_ASKPASS) {
+            process.env.SSH_ASKPASS = 'echo';
+        }
+    }
+
     Resolver.call(this, decEndpoint, config, logger);
 
     if (!hasGit) {
@@ -41,7 +51,7 @@ mout.object.mixIn(GitResolver, Resolver);
 
 // -----------------
 
-GitResolver.prototype._hasNew = function (canonicalDir, pkgMeta) {
+GitResolver.prototype._hasNew = function (pkgMeta) {
     var oldResolution = pkgMeta._resolution || {};
 
     return this._findResolution()
@@ -111,8 +121,6 @@ GitResolver.prototype._findResolution = function (target) {
                 version,
                 index;
 
-            versionsArr = versions.map(function (obj) { return obj.version; });
-
             // If there are no tags and target is *,
             // fallback to the latest commit on master
             if (!versions.length && target === '*') {
@@ -145,7 +153,7 @@ GitResolver.prototype._findResolution = function (target) {
                 throw createError('No tag found that was able to satisfy ' + target, 'ENORESTARGET', {
                     details: !versions.length ?
                         'No versions found in ' + that._source :
-                        'Available versions: ' + versions.map(function (version) { return version.version; }).join(', ')
+                        'Available versions in ' + that._source + ': ' + versions.map(function (version) { return version.version; }).join(', ')
                 });
             });
         });
@@ -165,6 +173,18 @@ GitResolver.prototype._findResolution = function (target) {
             return that._resolution = { type: 'branch', branch: target, commit: branches[target] };
         }
 
+        if ((/^[a-f0-9]{4,40}$/).test(target)) {
+            if (target.length < 12) {
+                that._logger.warn(
+                    'short-sha',
+                    'Consider using longer commit SHA to avoid conflicts'
+                );
+            }
+
+            that._resolution = { type: 'commit', commit: target };
+            return that._resolution;
+        }
+
         branches = Object.keys(branches);
         tags = Object.keys(tags);
 
@@ -184,23 +204,7 @@ GitResolver.prototype._findResolution = function (target) {
 GitResolver.prototype._cleanup = function () {
     var gitFolder = path.join(this._tempDir, '.git');
 
-    // Remove the .git folder
-    // Note that on windows, we need to chmod to 0777 before due to a bug in git
-    // See: https://github.com/isaacs/rimraf/issues/19
-    if (process.platform === 'win32') {
-        return Q.nfcall(chmodr, gitFolder, 0777)
-        .then(function () {
-            return Q.nfcall(rimraf, gitFolder);
-        }, function (err) {
-            // If .git does not exist, chmodr returns ENOENT
-            // so, we ignore that error code
-            if (err.code !== 'ENOENT') {
-                throw err;
-            }
-        });
-    } else {
-        return Q.nfcall(rimraf, gitFolder);
-    }
+    return Q.nfcall(rimraf, gitFolder);
 };
 
 GitResolver.prototype._savePkgMeta = function (meta) {
@@ -210,7 +214,7 @@ GitResolver.prototype._savePkgMeta = function (meta) {
         version = semver.clean(this._resolution.tag);
 
         // Warn if the package meta version is different than the resolved one
-        if (typeof meta.version === 'string' && semver.neq(meta.version, version)) {
+        if (typeof meta.version === 'string' && semver.valid(meta.version) && semver.neq(meta.version, version)) {
             this._logger.warn('mismatch', 'Version declared in the json (' + meta.version + ') is different than the resolved one (' + version + ')', {
                 resolution: this._resolution,
                 pkgMeta: meta
@@ -302,15 +306,13 @@ GitResolver.tags = function (source) {
 
     value = this.refs(source)
     .then(function (refs) {
-        var tags = [];
+        var tags = {};
 
         // For each line in the refs, match only the tags
         refs.forEach(function (line) {
             var match = line.match(/^([a-f0-9]{40})\s+refs\/tags\/(\S+)/);
-            var tag;
 
             if (match && !mout.string.endsWith(match[2], '^{}')) {
-                tag = match[2];
                 tags[match[2]] = match[1];
             }
         });

lib/core/resolvers/Resolver.js

@@ -1,12 +1,13 @@
-var fs = require('graceful-fs');
+var fs = require('../../util/fs');
 var path = require('path');
 var Q = require('q');
 var tmp = require('tmp');
 var mkdirp = require('mkdirp');
-var rimraf = require('rimraf');
+var rimraf = require('../../util/rimraf');
 var readJson = require('../../util/readJson');
 var createError = require('../../util/createError');
 var removeIgnores = require('../../util/removeIgnores');
+var md5 = require('md5-hex');
 
 tmp.setGracefulCleanup();
 
@@ -43,9 +44,8 @@ Resolver.prototype.getPkgMeta = function () {
     return this._pkgMeta;
 };
 
-Resolver.prototype.hasNew = function (canonicalDir, pkgMeta) {
+Resolver.prototype.hasNew = function (pkgMeta) {
     var promise;
-    var metaFile;
     var that = this;
 
     // If already working, error out
@@ -56,24 +56,7 @@ Resolver.prototype.hasNew = function (canonicalDir, pkgMeta) {
     this._working = true;
 
     // Avoid reading the package meta if already given
-    if (pkgMeta) {
-        promise = this._hasNew(canonicalDir, pkgMeta);
-    // Otherwise call _hasNew with both the package meta and the canonical dir
-    } else {
-        metaFile = path.join(canonicalDir, '.bower.json');
-
-        promise = readJson(metaFile)
-        .spread(function (pkgMeta) {
-            return that._hasNew(canonicalDir, pkgMeta);
-        }, function (err) {
-            that._logger.debug('read-json', 'Failed to read ' + metaFile, {
-                filename: metaFile,
-                error: err
-            });
-
-            return true;  // Simply resolve to true if there was an error reading the file
-        });
-    }
+    promise = this._hasNew(pkgMeta);
 
     return promise.fin(function () {
         that._working = false;
@@ -114,6 +97,25 @@ Resolver.prototype.resolve = function () {
     });
 };
 
+Resolver.prototype.isCacheable = function () {
+    // Bypass cache for local dependencies
+    if (this._source &&
+        /^(?:file:[\/\\]{2}|[A-Z]:)?\.?\.?[\/\\]/.test(this._source)
+    ) {
+        return false;
+    }
+
+    // We don't want to cache moving targets like branches
+    if (this._pkgMeta &&
+        this._pkgMeta._resolution &&
+        this._pkgMeta._resolution.type === 'branch') {
+        return false;
+    }
+
+    return true;
+};
+
+
 // -----------------
 
 // Abstract functions that must be implemented by concrete resolvers
@@ -123,7 +125,7 @@ Resolver.prototype._resolve = function () {
 
 // Abstract functions that can be re-implemented by concrete resolvers
 // as necessary
-Resolver.prototype._hasNew = function (canonicalDir, pkgMeta) {
+Resolver.prototype._hasNew = function (pkgMeta) {
     return Q.resolve(true);
 };
 
@@ -143,14 +145,14 @@ Resolver.prototype._createTempDir = function () {
     return Q.nfcall(mkdirp, this._config.tmp)
     .then(function () {
         return Q.nfcall(tmp.dir, {
-            template: path.join(this._config.tmp, this._name + '-' + process.pid + '-XXXXXX'),
+            template: path.join(this._config.tmp, md5(this._name) + '-' + process.pid + '-XXXXXX'),
             mode: 0777 & ~process.umask(),
             unsafeCleanup: true
         });
     }.bind(this))
     .then(function (dir) {
-        this._tempDir = dir;
-        return dir;
+        // nfcall may return multiple callback arguments as an array
+        return this._tempDir = Array.isArray(dir) ? dir[0] : dir;
     }.bind(this));
 };
 
@@ -176,7 +178,8 @@ Resolver.prototype._readJson = function (dir) {
 
     dir = dir || this._tempDir;
     return readJson(dir, {
-        assume: { name: this._name }
+        assume: { name: this._name },
+        logger: that._logger
     })
     .spread(function (json, deprecated) {
         if (deprecated) {
@@ -201,13 +204,14 @@ Resolver.prototype._applyPkgMeta = function (meta) {
     }
 
     // Otherwise remove them from the temp dir
-    return removeIgnores(this._tempDir, meta.ignore)
+    return removeIgnores(this._tempDir, meta)
     .then(function () {
         return meta;
     });
 };
 
 Resolver.prototype._savePkgMeta = function (meta) {
+    var that = this;
     var contents;
 
     // Store original source & target
@@ -219,8 +223,8 @@ Resolver.prototype._savePkgMeta = function (meta) {
 
     return Q.nfcall(fs.writeFile, path.join(this._tempDir, '.bower.json'), contents)
     .then(function () {
-        return this._pkgMeta = meta;
-    }.bind(this));
+        return that._pkgMeta = meta;
+    });
 };
 
 module.exports = Resolver;

lib/core/resolvers/SvnResolver.js

@@ -0,0 +1,403 @@
+var util = require('util');
+var Q = require('q');
+var which = require('which');
+var LRU = require('lru-cache');
+var mout = require('mout');
+var Resolver = require('./Resolver');
+var semver = require('../../util/semver');
+var createError = require('../../util/createError');
+var cmd = require('../../util/cmd');
+
+var hasSvn;
+
+// Check if svn is installed
+try {
+    which.sync('svn');
+    hasSvn = true;
+} catch (ex) {
+    hasSvn = false;
+}
+
+function SvnResolver(decEndpoint, config, logger) {
+    Resolver.call(this, decEndpoint, config, logger);
+
+    if (!hasSvn) {
+        throw createError('svn is not installed or not in the PATH', 'ENOSVN');
+    }
+}
+
+util.inherits(SvnResolver, Resolver);
+mout.object.mixIn(SvnResolver, Resolver);
+
+// -----------------
+
+SvnResolver.getSource = function (source) {
+    var uri = this._source || source;
+
+    return uri
+        .replace(/^svn\+(https?|file):\/\//i, '$1://')  // Change svn+http or svn+https or svn+file to http(s), file respectively
+        .replace('svn://', 'http://')  // Change svn to http
+        .replace(/\/+$/, '');  // Remove trailing slashes
+};
+
+SvnResolver.prototype._hasNew = function (pkgMeta) {
+    var oldResolution = pkgMeta._resolution || {};
+
+    return this._findResolution()
+    .then(function (resolution) {
+        // Check if resolution types are different
+        if (oldResolution.type !== resolution.type) {
+            return true;
+        }
+
+        // If resolved to a version, there is new content if the tags are not equal
+        if (resolution.type === 'version' && semver.neq(resolution.tag, oldResolution.tag)) {
+            return true;
+        }
+
+        // As last check, we compare both commit hashes
+        return resolution.commit !== oldResolution.commit;
+    });
+};
+
+SvnResolver.prototype._resolve = function () {
+    var that = this;
+
+    return this._findResolution()
+    .then(function () {
+        return that._export();
+    });
+};
+
+// -----------------
+
+SvnResolver.prototype._export = function () {
+    var promise;
+    var timer;
+    var reporter;
+    var that = this;
+    var resolution = this._resolution;
+
+    this.source = SvnResolver.getSource(this._source);
+
+    this._logger.action('export', resolution.tag || resolution.branch || resolution.commit, {
+        resolution: resolution,
+        to: this._tempDir
+    });
+
+    if (resolution.type === 'commit') {
+        promise = cmd('svn', ['export', '--force', '--non-interactive', this._source + '/trunk', '-r' + resolution.commit, this._tempDir]);
+    } else if (resolution.type === 'branch' && resolution.branch === 'trunk') {
+        promise = cmd('svn', ['export', '--force', '--non-interactive', this._source + '/trunk', this._tempDir]);
+    } else if (resolution.type === 'branch') {
+        promise = cmd('svn', ['export', '--force', '--non-interactive', this._source + '/branches/' + resolution.branch, this._tempDir]);
+    } else {
+        promise = cmd('svn', ['export', '--force', '--non-interactive', this._source + '/tags/' + resolution.tag, this._tempDir]);
+    }
+
+    // Throttle the progress reporter to 1 time each sec
+    reporter = mout.fn.throttle(function (data) {
+        var lines;
+
+        lines = data.split(/[\r\n]+/);
+        lines.forEach(function (line) {
+            if (/\d{1,3}\%/.test(line)) {
+                // TODO: There are some strange chars that appear once in a while (\u001b[K)
+                //       Trim also those?
+                that._logger.info('progress', line.trim());
+            }
+        });
+    }, 1000);
+
+    // Start reporting progress after a few seconds
+    timer = setTimeout(function () {
+        promise.progress(reporter);
+    }, 8000);
+
+    return promise
+    // Add additional proxy information to the error if necessary
+    .fail(function (err) {
+        throw err;
+    })
+    // Clear timer at the end
+    .fin(function () {
+        clearTimeout(timer);
+        reporter.cancel();
+    });
+};
+
+// -----------------
+
+SvnResolver.prototype._findResolution = function (target) {
+    var err;
+    var self = this.constructor;
+    var that = this;
+
+    target = target || this._target || '*';
+
+    this._source = SvnResolver.getSource(this._source);
+
+    // Target is a revision, so it's a stale target (not a moving target)
+    // There's nothing to do in this case
+    if ((/^r\d+/).test(target)) {
+        target = target.split('r');
+
+        this._resolution = { type: 'commit', commit: target[1] };
+        return Q.resolve(this._resolution);
+    }
+
+    // Target is a range/version
+    if (semver.validRange(target)) {
+        return self.versions(this._source, true)
+        .then(function (versions) {
+            var versionsArr,
+                version,
+                index;
+
+            versionsArr = versions.map(function (obj) { return obj.version; });
+
+            // If there are no tags and target is *,
+            // fallback to the latest commit on trunk
+            if (!versions.length && target === '*') {
+                return that._findResolution('trunk');
+            }
+
+            versionsArr = versions.map(function (obj) { return obj.version; });
+            // Find a satisfying version, enabling strict match so that pre-releases
+            // have lower priority over normal ones when target is *
+            index = semver.maxSatisfyingIndex(versionsArr, target, true);
+            if (index !== -1) {
+                version = versions[index];
+                return that._resolution = { type: 'version', tag: version.tag, commit: version.commit };
+            }
+
+            // Check if there's an exact branch/tag with this name as last resort
+            return Q.all([
+                self.branches(that._source),
+                self.tags(that._source)
+            ])
+            .spread(function (branches, tags) {
+                // Use hasOwn because a branch/tag could have a name like "hasOwnProperty"
+                if (mout.object.hasOwn(tags, target)) {
+                    return that._resolution = { type: 'tag', tag: target, commit: tags[target] };
+                }
+                if (mout.object.hasOwn(branches, target)) {
+                    return that._resolution = { type: 'branch', branch: target, commit: branches[target] };
+                }
+
+                throw createError('No tag found that was able to satisfy ' + target, 'ENORESTARGET', {
+                    details: !versions.length ?
+                        'No versions found in ' + that._source :
+                        'Available versions in ' + that._source + ': ' + versions.map(function (version) { return version.version; }).join(', ')
+                });
+            });
+        });
+    }
+
+    // Otherwise, target is either a tag or a branch
+    return Q.all([
+        self.branches(that._source),
+        self.tags(that._source)
+    ])
+    .spread(function (branches, tags) {
+        // Use hasOwn because a branch/tag could have a name like "hasOwnProperty"
+        if (mout.object.hasOwn(tags, target)) {
+            return that._resolution = { type: 'tag', tag: target, commit: tags[target] };
+        }
+        if (mout.object.hasOwn(branches, target)) {
+            return that._resolution = { type: 'branch', branch: target, commit: branches[target] };
+        }
+
+        branches = Object.keys(branches);
+        tags = Object.keys(tags);
+
+        err = createError('target ' + target + ' does not exist', 'ENORESTARGET');
+        err.details = !tags.length ?
+                'No tags found in ' + that._source :
+                'Available tags: ' + tags.join(', ');
+        err.details += '\n';
+        err.details += !branches.length ?
+                'No branches found in ' + that._source :
+                'Available branches: ' + branches.join(', ');
+
+        throw err;
+    });
+};
+
+SvnResolver.prototype._savePkgMeta = function (meta) {
+    var version;
+
+    if (this._resolution.type === 'version') {
+        version = semver.clean(this._resolution.tag);
+
+        // Warn if the package meta version is different than the resolved one
+        if (typeof meta.version === 'string' && semver.neq(meta.version, version)) {
+            this._logger.warn('mismatch', 'Version declared in the json (' + meta.version + ') is different than the resolved one (' + version + ')', {
+                resolution: this._resolution,
+                pkgMeta: meta
+            });
+        }
+
+        // Ensure package meta version is the same as the resolution
+        meta.version = version;
+    } else {
+        // If resolved to a target that is not a version,
+        // remove the version from the meta
+        delete meta.version;
+    }
+
+    // Save version/tag/commit in the release
+    // Note that we can't store branches because _release is supposed to be
+    // an unique id of this ref.
+    meta._release = version ||
+                    this._resolution.tag ||
+                    this._resolution.commit;
+
+    // Save resolution to be used in hasNew later
+    meta._resolution = this._resolution;
+
+    return Resolver.prototype._savePkgMeta.call(this, meta);
+};
+
+// ------------------------------
+
+SvnResolver.versions = function (source, extra) {
+    source = SvnResolver.getSource(source);
+
+    var value = this._cache.versions.get(source);
+
+    if (value) {
+        return Q.resolve(value)
+        .then(function () {
+            var versions = this._cache.versions.get(source);
+
+            // If no extra information was requested,
+            // resolve simply with the versions
+            if (!extra) {
+                versions = versions.map(function (version) {
+                    return version.version;
+                });
+            }
+
+            return versions;
+        }.bind(this));
+    }
+
+    value = this.tags(source)
+    .then(function (tags) {
+        var tag;
+        var version;
+        var versions = [];
+
+        // For each tag
+        for (tag in tags) {
+            version = semver.clean(tag);
+            if (version) {
+                versions.push({ version: version, tag: tag, commit: tags[tag] });
+            }
+        }
+
+        // Sort them by DESC order
+        versions.sort(function (a, b) {
+            return semver.rcompare(a.version, b.version);
+        });
+
+        this._cache.versions.set(source, versions);
+
+        // Call the function again to keep it DRY
+        return this.versions(source, extra);
+    }.bind(this));
+
+    // Store the promise to be reused until it resolves
+    // to a specific value
+    this._cache.versions.set(source, value);
+
+    return value;
+};
+
+SvnResolver.tags = function (source) {
+    source = SvnResolver.getSource(source);
+
+    var value = this._cache.tags.get(source);
+
+    if (value) {
+        return Q.resolve(value);
+    }
+
+    value = cmd('svn', ['list', source + '/tags', '--verbose', '--non-interactive'])
+    .spread(function (stout) {
+        var tags = SvnResolver.parseSubversionListOutput(stout.toString());
+
+        this._cache.tags.set(source, tags);
+        return tags;
+
+    }.bind(this));
+
+    // Store the promise to be reused until it resolves
+    // to a specific value
+    this._cache.tags.set(source, value);
+
+    return value;
+};
+
+SvnResolver.branches = function (source) {
+    source = SvnResolver.getSource(source);
+
+    var value = this._cache.branches.get(source);
+
+    if (value) {
+        return Q.resolve(value);
+    }
+
+    value = cmd('svn', ['list', source + '/branches', '--verbose', '--non-interactive'])
+    .spread(function (stout) {
+        var branches = SvnResolver.parseSubversionListOutput(stout.toString());
+
+        // trunk is a branch!
+        branches.trunk = '*';
+
+        this._cache.branches.set(source, branches);
+        return branches;
+
+    }.bind(this));
+
+    // Store the promise to be reused until it resolves
+    // to a specific value
+    this._cache.branches.set(source, value);
+
+    return value;
+};
+
+SvnResolver.parseSubversionListOutput = function (stout) {
+
+    var entries = {};
+    var lines = stout
+        .trim()
+        .split(/[\r\n]+/);
+
+    // For each line in the refs, match only the branches
+    lines.forEach(function (line) {
+        var match = line.match(/\s+([0-9]+)\s.+\s([\w.$-]+)\//i);
+
+        if (match && match[2] !== '.') {
+            entries[match[2]] = match[1];
+        }
+    });
+
+    return entries;
+};
+
+SvnResolver.clearRuntimeCache = function () {
+    // Reset cache for branches, tags, etc
+    mout.object.forOwn(SvnResolver._cache, function (lru) {
+        lru.reset();
+    });
+};
+
+SvnResolver._cache = {
+    branches: new LRU({ max: 50, maxAge: 5 * 60 * 1000 }),
+    tags: new LRU({ max: 50, maxAge: 5 * 60 * 1000 }),
+    versions: new LRU({ max: 50, maxAge: 5 * 60 * 1000 })
+};
+
+module.exports = SvnResolver;

lib/core/resolvers/UrlResolver.js

@@ -1,6 +1,6 @@
 var util = require('util');
 var path = require('path');
-var fs = require('graceful-fs');
+var fs = require('../../util/fs');
 var url = require('url');
 var request = require('request');
 var Q = require('q');
@@ -12,8 +12,6 @@ var extract = require('../../util/extract');
 var createError = require('../../util/createError');
 
 function UrlResolver(decEndpoint, config, logger) {
-    var pos;
-
     Resolver.call(this, decEndpoint, config, logger);
 
     // If target was specified, error out
@@ -21,12 +19,12 @@ function UrlResolver(decEndpoint, config, logger) {
         throw createError('URL sources can\'t resolve targets', 'ENORESTARGET');
     }
 
-    // If the name was guessed, remove the ? part
+    // If the name was guessed
     if (this._guessedName) {
-        pos = this._name.indexOf('?');
-        if (pos !== -1) {
-            this._name = path.basename(this._name.substr(0, pos));
-        }
+        // Remove the ?xxx part
+        this._name = this._name.replace(/\?.*$/, '');
+        // Remove extension
+        this._name = this._name.substr(0, this._name.length - path.extname(this._name).length);
     }
 
     this._remote = url.parse(this._source);
@@ -41,7 +39,7 @@ UrlResolver.isTargetable = function () {
     return false;
 };
 
-UrlResolver.prototype._hasNew = function (canonicalDir, pkgMeta) {
+UrlResolver.prototype._hasNew = function (pkgMeta) {
     var oldCacheHeaders = pkgMeta._cacheHeaders || {};
     var reqHeaders = {};
 
@@ -57,7 +55,7 @@ UrlResolver.prototype._hasNew = function (canonicalDir, pkgMeta) {
 
     // Make an HEAD request to the source
     return Q.nfcall(request.head, this._source, {
-        proxy: this._remote.protocol === 'https:' ? this._config.httpsProxy : this._config.proxy,
+        ca: this._config.ca.default,
         strictSSL: this._config.strictSsl,
         timeout: this._config.timeout,
         headers: reqHeaders
@@ -106,8 +104,19 @@ UrlResolver.prototype._resolve = function () {
 
 // -----------------
 
+UrlResolver.prototype._parseSourceURL = function (_url) {
+    return url.parse(path.basename(_url)).pathname;
+};
+
 UrlResolver.prototype._download = function () {
-    var file = path.join(this._tempDir, path.basename(this._source));
+    var fileName = this._parseSourceURL(this._source);
+
+    if (!fileName) {
+        this._source = this._source.replace(/\/(?=\?|#)/, '');
+        fileName = this._parseSourceURL(this._source);
+    }
+
+    var file = path.join(this._tempDir, fileName);
     var reqHeaders = {};
     var that = this;
 
@@ -122,7 +131,7 @@ UrlResolver.prototype._download = function () {
 
     // Download the file
     return download(this._source, file, {
-        proxy: this._remote.protocol === 'https:' ? this._config.httpsProxy : this._config.proxy,
+        ca: this._config.ca.default,
         strictSSL: this._config.strictSsl,
         timeout: this._config.timeout,
         headers: reqHeaders
@@ -199,6 +208,8 @@ UrlResolver.prototype._extract = function (file, response) {
     if (mimeType) {
         // Clean everything after ; and trim the end result
         mimeType = mimeType.split(';')[0].trim();
+        // Some servers add quotes around the content-type, so we trim that also
+        mimeType = mout.string.trim(mimeType, ['"', '\'']);
     }
 
     if (!extract.canExtract(file, mimeType)) {

lib/core/resolvers/index.js

@@ -2,6 +2,7 @@ module.exports = {
     GitFs: require('./GitFsResolver'),
     GitRemote: require('./GitRemoteResolver'),
     GitHub: require('./GitHubResolver'),
+    Svn: require('./SvnResolver'),
     Fs: require('./FsResolver'),
     Url: require('./UrlResolver')
 };

lib/core/resolvers/pluginResolverFactory.js

@@ -0,0 +1,323 @@
+var Q = require('q');
+var path = require('path');
+var fs = require('../../util/fs');
+var object = require('mout/object');
+
+var semver = require('../../util/semver');
+var createError = require('../../util/createError');
+var readJson = require('../../util/readJson');
+var removeIgnores = require('../../util/removeIgnores');
+
+function pluginResolverFactory(resolverFactory, bower) {
+    bower = bower || {};
+
+    if (typeof resolverFactory !== 'function') {
+        throw createError('Resolver has "' + typeof resolverFactory + '" type instead of "function" type.', 'ERESOLERAPI');
+    }
+
+    var resolver = resolverFactory(bower);
+
+    function maxSatisfyingVersion(versions, target) {
+        var versionsArr, index;
+
+        versionsArr = versions.map(function (obj) { return obj.version; });
+
+        // Find a satisfying version, enabling strict match so that pre-releases
+        // have lower priority over normal ones when target is *
+        index = semver.maxSatisfyingIndex(versionsArr, target, true);
+
+        if (index !== -1) {
+            return versions[index];
+        }
+    }
+
+    function PluginResolver(decEndpoint) {
+        this._decEndpoint = decEndpoint;
+    }
+
+    // @private
+    PluginResolver.prototype.getEndpoint = function () {
+        return object.merge(this._decEndpoint, {
+            name: this.getName(),
+            source: this.getSource(),
+            target: this.getTarget()
+        });
+    };
+
+    PluginResolver.prototype.getSource = function () {
+        return this._decEndpoint.source;
+    };
+
+    PluginResolver.prototype.getTarget = function () {
+        return this._decEndpoint.target || '*';
+    };
+
+    PluginResolver.prototype.getName = function () {
+        if (!this._decEndpoint.name && typeof resolver.getName === 'function') {
+            return resolver.getName.call(resolver, this.getSource());
+        } else if (!this._decEndpoint.name) {
+            return path.basename(this.getSource());
+        } else {
+            return this._decEndpoint.name;
+        }
+    };
+
+    PluginResolver.prototype.getPkgMeta = function () {
+        return this._pkgMeta;
+    };
+
+    // -----------------
+
+    // Plugin Resolver is always considered potentially cacheable
+    // The "resolve" method decides whether to use cached or fetch new version.
+    PluginResolver.prototype.isCacheable = function () {
+        return true;
+    };
+
+    // Not only it's always potentially cacheable, but also always potenially new.
+    // The "resolve" handles logic of re-downloading target if needed.
+    PluginResolver.prototype.hasNew = function (pkgMeta) {
+        if (this.hasNewPromise) {
+            return this.hasNewPromise;
+        }
+
+        this._pkgMeta = pkgMeta;
+
+        return this.hasNewPromise = this.resolve().then(function (result) {
+            return result !== undefined;
+        });
+    };
+
+    PluginResolver.prototype.resolve = function () {
+        if (this.resolvePromise) {
+            return this.resolvePromise;
+        }
+
+        var that = this;
+
+        return this.resolvePromise = Q.fcall(function () {
+            var target = that.getTarget();
+
+            // It means that we can accept ranges as targets
+            if (that.constructor.isTargetable()) {
+                that._release = target;
+
+                if (semver.validRange(target)) {
+                    return Q.fcall(resolver.releases.bind(resolver), that.getSource())
+                    .then(function (result) {
+                        if (!result) {
+                            throw createError('Resolver did not provide releases of package.');
+                        }
+
+                        var releases = that._releases = result;
+
+                        var versions = releases.filter(function (target) {
+                            return semver.clean(target.version);
+                        });
+
+                        var maxRelease = maxSatisfyingVersion(versions, target);
+
+                        if (maxRelease) {
+                            that._version = maxRelease.version;
+                            that._release = that._decEndpoint.target = maxRelease.target;
+                        } else {
+                            throw createError('No version found that was able to satisfy ' + target, 'ENORESTARGET', {
+                                details: !versions.length ?
+                                    'No versions found in ' + that.getSource() :
+                                    'Available versions: ' + versions.map(function (version) { return version.version; }).join(', ')
+                            });
+                        }
+                    });
+                }
+            } else {
+                if (semver.validRange(target) && target !== '*') {
+                    return Q.reject(createError('Resolver does not accept version ranges (' + target + ')'));
+                }
+            }
+        })
+        .then(function () {
+
+            // We pass old _resolution (if hasNew has been called before contents).
+            // So resolver can decide wheter use cached version of contents new one.
+            if (typeof resolver.fetch !== 'function') {
+                throw createError('Resolver does not implement the "fetch" method.');
+            }
+
+            var cached = {};
+
+            if (that._releases) {
+                cached.releases = that._releases;
+            }
+
+            if (that._pkgMeta) {
+                cached.endpoint = {
+                    name: that._pkgMeta.name,
+                    source: that._pkgMeta._source,
+                    target: that._pkgMeta._target
+                };
+
+                cached.release = that._pkgMeta._release;
+
+                cached.version = that._pkgMeta.version;
+
+                cached.resolution = that._pkgMeta._resolution || {};
+            }
+
+            return Q.fcall(resolver.fetch.bind(resolver), that.getEndpoint(), cached);
+        })
+        .then(function (result) {
+            // Empty result means to re-use existing resolution
+            if (!result) {
+                return;
+            } else {
+                if (!result.tempPath) {
+                    throw createError('Resolver did not provide path to extracted contents of package.');
+                }
+
+                that._tempDir = result.tempPath;
+
+                return that._readJson(that._tempDir).then(function (meta) {
+                    return that._applyPkgMeta(meta, result)
+                    .then(that._savePkgMeta.bind(that, meta, result))
+                    .then(function () {
+                        return that._tempDir;
+                    });
+                });
+            }
+        });
+    };
+
+    PluginResolver.prototype._readJson = function (dir) {
+        var that = this;
+
+        return readJson(dir, {
+            assume: { name: that.getName() },
+            logger: bower.logger
+        })
+        .spread(function (json, deprecated) {
+            if (deprecated) {
+                bower.logger.warn('deprecated', 'Package ' + that.getName() + ' is using the deprecated ' + deprecated);
+            }
+
+            return json;
+        });
+    };
+
+    PluginResolver.prototype._applyPkgMeta = function (meta, result) {
+        // Check if name defined in the json is different
+        // If so and if the name was "guessed", assume the json name
+        if (meta.name !== this._name) {
+            this._name = meta.name;
+        }
+
+        // Handle ignore property, deleting all files from the temporary directory
+        // If no ignores were specified, simply resolve
+        if (result.removeIgnores === false || !meta.ignore || !meta.ignore.length) {
+            return Q.resolve(meta);
+        }
+
+        // Otherwise remove them from the temp dir
+        return removeIgnores(this._tempDir, meta).then(function () {
+            return meta;
+        });
+    };
+
+    PluginResolver.prototype._savePkgMeta = function (meta, result) {
+        var that = this;
+
+        meta._source = that.getSource();
+        meta._target = that.getTarget();
+
+        if (result.resolution) {
+            meta._resolution = result.resolution;
+        }
+
+        if (that._release) {
+            meta._release = that._release;
+        }
+
+        if (that._version) {
+            meta.version = that._version;
+        } else {
+            delete meta.version;
+        }
+
+        // Stringify contents
+        var contents = JSON.stringify(meta, null, 2);
+
+        return Q.nfcall(fs.writeFile, path.join(this._tempDir, '.bower.json'), contents)
+        .then(function () {
+            return that._pkgMeta = meta;
+        });
+    };
+
+    // It is used only by "bower info". It returns all semver versions.
+    PluginResolver.versions = function (source) {
+        return Q.fcall(resolver.releases.bind(resolver), source).then(function (result) {
+            if (!result) {
+                throw createError('Resolver did not provide releases of package.');
+            }
+
+            var releases = this._releases = result;
+
+            var versions = releases.map(function (version) {
+                return semver.clean(version.version);
+            });
+
+            versions = versions.filter(function (version) {
+                return version;
+            });
+
+            versions.sort(function (a, b) {
+                return semver.rcompare(a, b);
+            });
+
+            return versions;
+        });
+    };
+
+    PluginResolver.isTargetable = function () {
+        // If resolver doesn't define versions function, it's not targetable..
+        return typeof resolver.releases === 'function';
+    };
+
+    PluginResolver.clearRuntimeCache = function () {
+        resolver = resolverFactory(bower);
+    };
+
+    PluginResolver.match = function (source) {
+        if (typeof resolver.match !== 'function') {
+            throw createError('Resolver is missing "match" method.', 'ERESOLVERAPI');
+        }
+
+        var match = resolver.match.bind(resolver);
+
+        return Q.fcall(match, source).then(function (result) {
+            if (typeof result !== 'boolean') {
+                throw createError('Resolver\'s "match" method should return a boolean', 'ERESOLVERAPI');
+            }
+
+            return result;
+        });
+    };
+
+    PluginResolver.locate = function (source) {
+        if (typeof resolver.locate !== 'function') {
+            return source;
+        }
+
+        return Q.fcall(resolver.locate.bind(resolver), source).then(function (result) {
+            if (typeof result !== 'string') {
+                throw createError('Resolver\'s "locate" method should return a string', 'ERESOLVERAPI');
+            }
+
+            return result;
+        });
+    };
+
+    return PluginResolver;
+}
+
+
+module.exports = pluginResolverFactory;
+

lib/core/scripts.js

@@ -0,0 +1,97 @@
+var mout = require('mout');
+var cmd = require('../util/cmd');
+var Q = require('q');
+var shellquote = require('shell-quote');
+
+var orderByDependencies = function (packages, installed, json) {
+    var ordered = [];
+    installed = mout.object.keys(installed);
+
+    var depsSatisfied = function (packageName) {
+        return mout.array.difference(mout.object.keys(packages[packageName].dependencies), installed, ordered).length === 0;
+    };
+
+    var depsFromBowerJson = json && json.dependencies ? mout.object.keys(json.dependencies) : [];
+    var packageNames = mout.object.keys(packages);
+
+    //get the list of the packages that are specified in bower.json in that order
+    //its nice to maintain that order for users
+    var desiredOrder = mout.array.intersection(depsFromBowerJson, packageNames);
+    //then add to the end any remaining packages that werent in bower.json
+    desiredOrder = desiredOrder.concat(mout.array.difference(packageNames, desiredOrder));
+
+    //the desired order isn't necessarily a correct dependency specific order
+    //so we ensure that below
+    var resolvedOne = true;
+    while (resolvedOne) {
+
+        resolvedOne = false;
+
+        for (var i = 0; i < desiredOrder.length; i++) {
+            var packageName = desiredOrder[i];
+            if (depsSatisfied(packageName)) {
+                ordered.push(packageName);
+                mout.array.remove(desiredOrder, packageName);
+                //as soon as we resolve a package start the loop again
+                resolvedOne = true;
+                break;
+            }
+        }
+
+        if (!resolvedOne && desiredOrder.length > 0) {
+            //if we're here then some package(s) doesn't have all its deps satisified
+            //so lets just jam those names on the end
+            ordered = ordered.concat(desiredOrder);
+        }
+
+    }
+
+    return ordered;
+};
+
+var run = function (cmdString, action, logger, config) {
+    logger.action(action, cmdString);
+
+    //pass env + BOWER_PID so callees can identify a preinstall+postinstall from the same bower instance
+    var env = mout.object.mixIn({ 'BOWER_PID': process.pid }, process.env);
+    var args = shellquote.parse(cmdString, env);
+    var cmdName = args[0];
+    mout.array.remove(args, cmdName); //no rest() in mout
+
+    var options = {
+        cwd: config.cwd,
+        env: env
+    };
+
+    var promise = cmd(cmdName, args, options);
+
+    promise.progress(function (progress) {
+        progress.split('\n').forEach(function (line) {
+            if (line) {
+                logger.action(action, line);
+            }
+        });
+    });
+
+    return promise;
+};
+
+var hook = function (action, ordered, config, logger, packages, installed, json) {
+    if (mout.object.keys(packages).length === 0 || !config.scripts || !config.scripts[action]) {
+        return Q();
+    }
+
+    var orderedPackages = ordered ? orderByDependencies(packages, installed, json) : mout.object.keys(packages);
+    var placeholder = new RegExp('%', 'g');
+    var cmdString = mout.string.replace(config.scripts[action], placeholder, orderedPackages.join(' '));
+    return run(cmdString, action, logger, config);
+};
+
+module.exports = {
+    preuninstall: mout.function.partial(hook, 'preuninstall', false),
+    postuninstall: mout.function.partial(hook, 'postuninstall', false),
+    preinstall: mout.function.partial(hook, 'preinstall', true),
+    postinstall: mout.function.partial(hook, 'postinstall', true),
+    //only exposed for test
+    _orderByDependencies: orderByDependencies
+};

lib/index.js

@@ -1,40 +1,19 @@
-var abbrev = require('abbrev');
-var mout = require('mout');
 var commands = require('./commands');
-var PackageRepository = require('./core/PackageRepository');
-
-var abbreviations = abbrev(expandNames(commands));
-abbreviations.i = 'install';
-abbreviations.rm = 'uninstall';
-abbreviations.ls = 'list';
-
-function expandNames(obj, prefix, stack) {
-    prefix = prefix || '';
-    stack = stack || [];
-
-    mout.object.forOwn(obj, function (value, name) {
-        name = prefix + name;
-
-        stack.push(name);
-
-        if (typeof value === 'object' && !value.line) {
-            expandNames(value, name + ' ', stack);
-        }
-    });
-
-    return stack;
-}
+var version = require('./version');
+var abbreviations = require('./util/abbreviations')(commands);
 
 function clearRuntimeCache() {
     // Note that in edge cases, some architecture components instance's
     // in-memory cache might be skipped.
     // If that's a problem, you should create and fresh instances instead.
+    var PackageRepository = require('./core/PackageRepository');
     PackageRepository.clearRuntimeCache();
 }
 
 module.exports = {
+    version: version,
     commands: commands,
-    config: require('./config'),
+    config: require('./config')(),
     abbreviations: abbreviations,
     reset: clearRuntimeCache
 };

lib/renderers/JsonRenderer.js

@@ -31,10 +31,8 @@ JsonRenderer.prototype.error = function (err) {
     err.message = message;
 
     // Stack
-    /*jshint camelcase:false*/
     stack = err.fstream_stack || err.stack || 'N/A';
     err.stacktrace = (Array.isArray(stack) ? stack.join('\n') : stack);
-    /*jshint camelcase:true*/
 
     this.log(err);
     this.end();
@@ -88,6 +86,9 @@ JsonRenderer.prototype.prompt = function (prompts) {
         case 'password':
             funcName = prompt.type;
             break;
+        case 'checkbox':
+            funcName = 'prompt';
+            break;
         default:
             promise = promise.then(function () {
                 throw createError('Unknown prompt type', 'ENOTSUP');
@@ -105,6 +106,12 @@ JsonRenderer.prototype.prompt = function (prompts) {
                 answers[prompt.name] = answer;
             });
         });
+
+        if (prompt.type === 'checkbox') {
+            promise = promise.then(function () {
+                answers[prompt.name] = answers[prompt.name].split(',');
+            });
+        }
     });
 
     return promise.then(function () {
@@ -112,8 +119,6 @@ JsonRenderer.prototype.prompt = function (prompts) {
     });
 };
 
-JsonRenderer.prototype.updateNotice = function () {};
-
 // -------------------------
 
 JsonRenderer.prototype._stringify = function (log) {

lib/renderers/StandardRenderer.js

@@ -1,13 +1,12 @@
-var cardinal = require('cardinal');
 var chalk = require('chalk');
 var path = require('path');
 var mout = require('mout');
 var archy = require('archy');
 var Q = require('q');
-var inquirer = require('inquirer');
 var stringifyObject = require('stringify-object');
 var os = require('os');
-var pkg = require(path.join(__dirname, '../..', 'package.json'));
+var semverUtils = require('semver-utils');
+var version = require('../version');
 var template = require('../util/template');
 
 function StandardRenderer(command, config) {
@@ -25,13 +24,23 @@ function StandardRenderer(command, config) {
     };
 
     this._command = command;
-    this._config = config;
+    this._config = config || {};
 
     if (this.constructor._wideCommands.indexOf(command) === -1) {
         this._compact = true;
     } else {
         this._compact = process.stdout.columns < 120;
     }
+
+    var exitOnPipeError = function (err) {
+        if (err.code === 'EPIPE') {
+            process.exit(0);
+        }
+    };
+
+    // It happens when piping command to "head" util
+    process.stdout.on('error', exitOnPipeError);
+    process.stderr.on('error', exitOnPipeError);
 }
 
 StandardRenderer.prototype.end = function (data) {
@@ -63,19 +72,17 @@ StandardRenderer.prototype.error = function (err) {
     // Print trace if verbose, the error has no code
     // or if the error is a node error
     if (this._config.verbose || !err.code || err.errno) {
-        /*jshint camelcase:false*/
         stack = err.fstream_stack || err.stack || 'N/A';
         str = chalk.yellow('\nStack trace:\n');
         str += (Array.isArray(stack) ? stack.join('\n') : stack) + '\n';
         str += chalk.yellow('\nConsole trace:\n');
-        /*jshint camelcase:true*/
 
         this._write(process.stderr, str);
-        console.trace();
+        this._write(process.stderr, new Error().stack);
 
         // Print bower version, node version and system info.
         this._write(process.stderr, chalk.yellow('\nSystem info:\n'));
-        this._write(process.stderr, 'Bower version: ' + pkg.version + '\n');
+        this._write(process.stderr, 'Bower version: ' + version + '\n');
         this._write(process.stderr, 'Node version: ' + process.versions.node + '\n');
         this._write(process.stderr, 'OS: ' + os.type() + ' ' + os.release() + ' ' + os.arch() + '\n');
     }
@@ -106,16 +113,12 @@ StandardRenderer.prototype.prompt = function (prompts) {
 
     // Prompt
     deferred = Q.defer();
+    var inquirer = require('inquirer');
     inquirer.prompt(prompts, deferred.resolve);
 
     return deferred.promise;
 };
 
-StandardRenderer.prototype.updateNotice = function (data) {
-    var str = template.render('std/update-notice.std', data);
-    this._write(process.stderr, str);
-};
-
 // -------------------------
 
 StandardRenderer.prototype._help = function (data) {
@@ -171,10 +174,14 @@ StandardRenderer.prototype._update = function (packages) {
 StandardRenderer.prototype._list = function (tree) {
     var cliTree;
 
-    tree.root = true;
-    cliTree = this._tree2archy(tree);
+    if (tree.pkgMeta) {
+        tree.root = true;
+        cliTree = archy(this._tree2archy(tree));
+    } else {
+        cliTree = stringifyObject(tree, { indent: '  ' }).replace(/[{}]/g, '') + '\n';
+    }
 
-    this._write(process.stdout, archy(cliTree));
+    this._write(process.stdout, cliTree);
 };
 
 StandardRenderer.prototype._search = function (results) {
@@ -201,6 +208,19 @@ StandardRenderer.prototype._info = function (data) {
 
     // Render the versions at the end
     if (includeVersions) {
+        data.hidePreReleases = false;
+        data.numPreReleases = 0;
+        // If output isn't verbose, hide prereleases
+        if (!this._config.verbose) {
+            data.versions = mout.array.filter(data.versions, function (version) {
+                version = semverUtils.parse(version);
+                if (!version.release && !version.build) {
+                    return true;
+                }
+                data.numPreReleases++;
+            });
+            data.hidePreReleases = !!data.numPreReleases;
+        }
         str += '\n' + template.render('std/info.std', data);
     }
 
@@ -221,6 +241,11 @@ StandardRenderer.prototype._link = function (data) {
         level: 'info',
         message: data.dst + ' > ' + data.src
     });
+
+    // Print also a tree of the installed packages
+    if (data.installed) {
+        this._install(data.installed);
+    }
 };
 
 StandardRenderer.prototype._register = function (data) {
@@ -389,13 +414,19 @@ StandardRenderer.prototype._write = function (stream, str) {
 };
 
 StandardRenderer.prototype._highlightJson = function (json) {
+    var cardinal = require('cardinal');
+
     return cardinal.highlight(stringifyObject(json, { indent: '  ' }), {
         theme: {
             String: {
-                _default: chalk.cyan
+                _default: function (str) {
+                    return chalk.cyan(str);
+                }
             },
             Identifier: {
-                _default: chalk.green
+                _default: function (str) {
+                    return chalk.green(str);
+                }
             }
         },
         json: true
@@ -414,7 +445,7 @@ StandardRenderer.prototype._tree2archy = function (node) {
 
     // State labels
     if (node.missing) {
-        label += chalk.red(' missing');
+        label += chalk.red(' not installed');
         return label;
     }
 
@@ -463,6 +494,7 @@ StandardRenderer.prototype._tree2archy = function (node) {
 StandardRenderer._wideCommands = [
     'install',
     'update',
+    'link',
     'info',
     'home',
     'register'

lib/templates/helpers/rpad.js

@@ -3,10 +3,9 @@ var mout = require('mout');
 function rpad(Handlebars) {
     Handlebars.registerHelper('rpad', function (context) {
         var hash = context.hash;
-        var length = parseInt(hash.length, 10);
+        var minLength = parseInt(hash.minLength, 10);
         var chr = hash.char;
-
-        return mout.string.rpad(context.fn(this), length, chr);
+        return mout.string.rpad(context.fn(this), minLength, chr);
     });
 }
 

lib/templates/json/help-cache/clean.json

@@ -1,5 +1,5 @@
 {
-    "command": "cache list",
+    "command": "cache clean",
     "description": "Cleans cached packages.",
     "usage": [
         "cache clean [<options>]",

lib/templates/json/help-cache/list.json

@@ -1,5 +1,5 @@
 {
-    "command": "cache clean",
+    "command": "cache list",
     "description": "Lists cached packages.",
     "usage": [
         "cache list [<options>]",

lib/templates/json/help-install.json

@@ -11,6 +11,11 @@
             "flag":        "--force-latest",
             "description": "Force latest version on conflict"
         },
+        {
+            "shorthand":   "-f",
+            "flag":        "--force",
+            "description": "If dependencies are installed, it reinstalls all installed components. It also forces installation even when there are non-bower directories with the same name in the components directory. Also bypasses the cache and overwrites to the cache anyway."
+        },
         {
             "shorthand":   "-h",
             "flag":        "--help",
@@ -30,6 +35,11 @@
             "shorthand":   "-D",
             "flag":        "--save-dev",
             "description": "Save installed packages into the project's bower.json devDependencies"
+        },
+        {
+            "shorthand":   "-E",
+            "flag":        "--save-exact",
+            "description": "Configure installed packages with an exact version rather than semver"
         }
     ]
 }

lib/templates/json/help-link.json

@@ -1,6 +1,6 @@
 {
     "command": "link",
-    "description": "The link functionality allows developers to easily test their packages.\nLinking is a two-step process.\n\nUsing 'bower link' in a project folder will create a global link.\nThen, in some other package, 'bower link <name>' will create a link in the components folder pointing to the previously created link.\n\nThis allows to easily test a package because changes will be reflected immediately.\nPlease note that bower will not fetch the linked package dependencies.\n\nBower will overwrite the link when installing/updating.",
+    "description": "The link functionality allows developers to easily test their packages.\nLinking is a two-step process.\n\nUsing 'bower link' in a project folder will create a global link.\nThen, in some other package, 'bower link <name>' will create a link in the components folder pointing to the previously created link.\n\nThis allows to easily test a package because changes will be reflected immediately.\nWhen the link is no longer necessary, simply remove it with 'bower uninstall <name>'.",
     "usage": [
         "link [<options>]",
         "link <name> [<local name>] [<options>]"

lib/templates/json/help-list.json

@@ -1,6 +1,6 @@
 {
     "command": "list",
-    "description": "List local packages.",
+    "description": "List local packages - and possible updates.",
     "usage": [
         "list [<options>]"
     ],

lib/templates/json/help-login.json

@@ -0,0 +1,19 @@
+{
+    "command": "login",
+    "description": "Authenticate with GitHub and store credentials to be used later.",
+    "usage": [
+        "login [<options>]"
+    ],
+    "options": [
+        {
+            "shorthand":   "-h",
+            "flag":        "--help",
+            "description": "Show this help message"
+        },
+        {
+            "shorthand":   "-t",
+            "flag":        "--token",
+            "description": "Pass an existing GitHub auth token rather than prompting for username and password."
+        }
+    ]
+}

lib/templates/json/help-lookup.json

@@ -1,6 +1,6 @@
 {
     "command": "lookup",
-    "description": "Looks up a package URL by name.",
+    "description": "Look up a single package URL by name.",
     "usage": [
         "lookup <name> [<options>]"
     ],

lib/templates/json/help-register.json

@@ -5,6 +5,11 @@
         "register <name> <url> [<options>]"
     ],
     "options": [
+        {
+            "shorthand":   "-f",
+            "flag":        "--force",
+            "description": "Bypasses confirmation. Bower login is still needed."
+        },
         {
             "shorthand":   "-h",
             "flag":        "--help",

lib/templates/json/help-search.json

@@ -1,8 +1,7 @@
 {
     "command": "search",
-    "description": "Finds all packages or a specific package.",
+    "description": "Search for packages by name.",
     "usage": [
-        "search [<options>]",
         "search <name> [<options>]"
     ],
     "options": [

lib/templates/json/help-uninstall.json

@@ -5,20 +5,25 @@
         "uninstall <name> [<name> ..] [<options>]"
     ],
     "options": [
+        {
+            "shorthand":   "-f",
+            "flag":        "--force",
+            "description": "Continues uninstallation even after a dependency conflict"
+        },
         {
             "shorthand":   "-h",
             "flag":        "--help",
             "description": "Show this help message"
         },
         {
-            "shorthand":   "-s",
+            "shorthand":   "-S",
             "flag":        "--save",
-            "description": "Save installed packages into the project's bower.json dependencies"
+            "description": "Remove uninstalled packages from the project's bower.json dependencies"
         },
         {
             "shorthand":   "-D",
             "flag":        "--save-dev",
-            "description": "Save installed packages into the project's bower.json devDependencies"
+            "description": "Remove uninstalled packages from the project's bower.json devDependencies"
         }
     ]
 }

lib/templates/json/help-unregister.json

@@ -0,0 +1,19 @@
+{
+    "command": "unregister",
+    "description": "Unregisters a package.",
+    "usage": [
+        "unregister <name> [<options>]"
+    ],
+    "options": [
+        {
+            "shorthand":   "-f",
+            "flag":        "--force",
+            "description": "Bypasses confirmation. Bower login is still needed."
+        },
+        {
+            "shorthand":   "-h",
+            "flag":        "--help",
+            "description": "Show this help message"
+        }
+    ]
+}

lib/templates/json/help-update.json

@@ -19,6 +19,16 @@
             "shorthand":   "-p",
             "flag":        "--production",
             "description": "Do not install project devDependencies"
+        },
+        {
+            "shorthand":   "-S",
+            "flag":        "--save",
+            "description": "Update dependencies in bower.json"
+        },
+        {
+            "shorthand":   "-D",
+            "flag":        "--save-dev",
+            "description": "Update devDependencies in bower.json"
         }
     ]
 }

lib/templates/json/help-version.json

@@ -0,0 +1,14 @@
+{
+    "command": "version",
+    "description": "Creates an empty version commit and tag, and fail if the repo is not clean.\n\nThe <version> argument should be a valid semver string, or one of following:\nbuild, patch, minor, major.\n\nIf supplied with --message (shorthand: -m) config option, bower will use it\nas a commit message when creating a version commit. If the message config\ncontains %s then that will be replaced with the resulting version number.\n\nFor example:\n\n    bower version patch -m \"Upgrade to %s for reasons\"",
+    "usage": [
+        "version [<version> | major | minor | patch]"
+    ],
+    "options": [
+        {
+            "shorthand":   "-m",
+            "flag":        "--message",
+            "description": "Custom git commit and tag message"
+        }
+    ]
+}

lib/templates/json/help.json

@@ -10,13 +10,16 @@
         "init":            "Interactively create a bower.json file",
         "install":         "Install a package locally",
         "link":            "Symlink a package folder",
-        "list":            "List local packages",
-        "lookup":          "Look up a package URL by name",
+        "list":            "List local packages - and possible updates",
+        "login":           "Authenticate with GitHub and store credentials",
+        "lookup":          "Look up a single package URL by name",
         "prune":           "Removes local extraneous packages",
         "register":        "Register a package",
-        "search":          "Search for a package by name",
+        "search":          "Search for packages by name",
         "update":          "Update a local package",
-        "uninstall":       "Remove a local package"
+        "uninstall":       "Remove a local package",
+        "unregister":      "Remove a package from the registry",
+        "version":         "Bump a package version"
     },
     "options": [
         {
@@ -31,7 +34,7 @@
         },
         {
             "shorthand":   "-l",
-            "flag":        "--log-level",
+            "flag":        "--loglevel",
             "description": "What level of logs to report"
         },
         {
@@ -57,6 +60,19 @@
         {
             "flag":        "--allow-root",
             "description": "Allows running commands as root"
+        },
+        {
+            "shorthand":   "-v",
+            "flag":        "--version",
+            "description": "Output Bower version"
+        },
+        {
+            "flag":        "--no-color",
+            "description": "Disable colors"
+        },
+        {
+            "flag":        "--config.interactive=false",
+            "description": "Disable prompts"
         }
     ]
 }

lib/templates/std/conflict-resolved.std

@@ -0,0 +1,9 @@
+{{#yellow}}Please note that,{{/yellow}}
+{{#condense}}
+{{#each picks}}
+    {{#if dependants}}{{#green}}{{dependants}}{{/green}}{{else}}none{{/if}} depends on {{#cyan}}{{endpoint.name}}#{{endpoint.target}}{{/cyan}}{{#if pkgMeta._release}} which resolved to {{#green}}{{endpoint.name}}#{{pkgMeta._release}}{{/green}}{{/if}}
+{{/each}}
+{{/condense}}
+
+Resort to using {{#cyan}}{{suitable.endpoint.name}}#{{resolution}}{{/cyan}} which resolved to {{#green}}{{suitable.endpoint.name}}#{{suitable.pkgMeta._release}}{{/green}}
+Code incompatibilities may occur.

lib/templates/std/conflict.std

@@ -1,9 +1,11 @@
-{{#yellow}}Unable to find a suitable version for {{name}}, please choose one:{{/yellow}}
+{{#yellow}}Unable to find a suitable version for {{name}}, please choose one by typing one of the numbers below:{{/yellow}}
 {{#condense}}
 {{#each picks}}
-    {{#magenta}}{{sum @index 1}}){{/magenta}} {{#cyan}}{{endpoint.name}}#{{endpoint.target}}{{/cyan}}{{#if pkgMeta._release}} which resolved to {{#white}}{{pkgMeta._release}}{{/white}}{{/if}}{{#if dependants}} and has {{#white}}{{dependants}}{{/white}} as dependants{{/if}}
+    {{#magenta}}{{sum @index 1}}){{/magenta}} {{#cyan}}{{endpoint.name}}#{{endpoint.target}}{{/cyan}}{{#if pkgMeta._release}} which resolved to {{#green}}{{pkgMeta._release}}{{/green}}{{/if}}{{#if dependants}} and is required by {{#green}}{{dependants}}{{/green}}{{/if}}
 {{/each}}
 {{/condense}}
+
 {{#unless saveResolutions}}
+
 Prefix the choice with ! to persist it to bower.json
-{{/unless}}
+{{/unless}}

lib/templates/std/help-cache.std

@@ -11,6 +11,7 @@ Commands:
 
 {{#condense}}
 {{#each commands}}
-    {{#rpad length="23"}}{{@key}}{{/rpad}} {{.}}
+    {{#rpad minLength="23"}}{{@key}}{{/rpad}} {{.}}
 {{/each}}
 {{/condense}}
+{{#rpad minLength="23"}}{{/rpad}}

lib/templates/std/help-generic.std

@@ -7,11 +7,12 @@ Usage:
 {{/each}}
 {{/condense}}
 
+
 Options:
 
 {{#condense}}
 {{#each options}}
-    {{#yellow}}{{#rpad length="23"}}{{#if shorthand}}{{shorthand}}, {{/if}}{{flag}}{{/rpad}}{{/yellow}} {{description}}
+    {{#yellow}}{{#rpad minLength="23"}}{{#if shorthand}}{{shorthand}}, {{/if}}{{flag}}{{/rpad}}{{/yellow}} {{description}}
 {{/each}}
 {{/condense}}
 

lib/templates/std/help.std

@@ -11,7 +11,7 @@ Commands:
 
 {{#condense}}
 {{#each commands}}
-    {{#rpad length="23"}}{{@key}}{{/rpad}} {{.}}
+    {{#rpad minLength="23"}}{{@key}}{{/rpad}} {{.}}
 {{/each}}
 {{/condense}}
 
@@ -19,7 +19,7 @@ Options:
 
 {{#condense}}
 {{#each options}}
-    {{#yellow}}{{#rpad length="23"}}{{#if shorthand}}{{shorthand}}, {{/if}}{{flag}}{{/rpad}}{{/yellow}} {{description}}
+    {{#yellow}}{{#rpad minLength="23"}}{{#if shorthand}}{{shorthand}}, {{/if}}{{flag}}{{/rpad}}{{/yellow}} {{description}}
 {{/each}}
 {{/condense}}
 

lib/templates/std/info.std

@@ -5,6 +5,10 @@
 {{/versions}}
 {{/condense}}
 
+
+{{#if hidePreReleases}}
+Show {{numPreReleases}} additional prereleases with ‘bower info {{name}} --verbose’
+{{/if}}
 You can request info for a specific version with 'bower info {{name}}#<version>'
 {{else}}No versions available.
 {{/if}}

lib/templates/std/lookup.std

@@ -5,3 +5,4 @@
 Package not found.
 {{/if}}
 {{/condense}}
+

lib/templates/std/search-results.std

@@ -5,5 +5,6 @@
     {{#cyan}}{{{name}}}{{/cyan}} {{{url}}}
 {{/.}}
 {{/condense}}
+
 {{else}}No results.
-{{/if}}
+{{/if}}

lib/util/abbreviations.js

@@ -0,0 +1,30 @@
+var abbrev = require('abbrev');
+var mout = require('mout');
+
+function expandNames(obj, prefix, stack) {
+    prefix = prefix || '';
+    stack = stack || [];
+
+    mout.object.forOwn(obj, function (value, name) {
+        name = prefix + name;
+
+        stack.push(name);
+
+        if (typeof value === 'object' && !value.line) {
+            expandNames(value, name + ' ', stack);
+        }
+    });
+
+    return stack;
+}
+
+module.exports = function (commands) {
+    var abbreviations = abbrev(expandNames(commands));
+
+    abbreviations.i = 'install';
+    abbreviations.rm = 'uninstall';
+    abbreviations.unlink = 'uninstall';
+    abbreviations.ls = 'list';
+
+    return abbreviations;
+};

lib/util/analytics.js

@@ -1,61 +0,0 @@
-var Q = require('q');
-var Insight = require('insight');
-var mout = require('mout');
-var config = require('../config');
-var pkg = require('../../package.json');
-
-var analytics = module.exports;
-var insight;
-
-// Initializes the application-wide insight singleton and asks for the
-// permission on the CLI during the first run.
-analytics.setup = function setup() {
-    var deferred = Q.defer();
-    insight = new Insight({
-        trackingCode: 'UA-43531210-1',
-        packageName: pkg.name,
-        packageVersion: pkg.version
-    });
-
-    // Display the ask prompt only if it hasn't been answered before
-    // and the current session is interactive.
-    if (insight.optOut === undefined && config.interactive) {
-        insight.askPermission(null, deferred.resolve);
-    } else {
-        deferred.resolve();
-    }
-
-    return deferred.promise;
-};
-
-var Tracker = analytics.Tracker = function Tracker(config) {
-    if (!config.analytics) {
-        this.track = function noop() {};
-    }
-};
-
-Tracker.prototype.track = function track() {
-    if (!insight) {
-        throw new Error('You must call analytics.setup() prior to tracking.');
-    }
-    insight.track.apply(insight, arguments);
-};
-
-Tracker.prototype.trackDecomposedEndpoints = function trackDecomposedEndpoints(command, endpoints) {
-    endpoints.forEach(function (endpoint) {
-        this.track(command, endpoint.source, endpoint.target);
-    }.bind(this));
-};
-
-Tracker.prototype.trackPackages = function trackPackages(command, packages) {
-    mout.object.forOwn(packages, function (package) {
-        var meta = package.pkgMeta;
-        this.track(command, meta.name, meta.version);
-    }.bind(this));
-};
-
-Tracker.prototype.trackNames = function trackNames(command, names) {
-    names.forEach(function (name) {
-        this.track(command, name);
-    }.bind(this));
-};

lib/util/cmd.js

@@ -3,8 +3,18 @@ var path = require('path');
 var Q = require('q');
 var mout = require('mout');
 var which = require('which');
+var PThrottler = require('p-throttler');
 var createError = require('./createError');
 
+// The concurrency limit here is kind of magic. You don't really gain a lot from
+// having a large number of commands spawned at once, so it isn't super
+// important for this number to be large. Reports have shown that much more than 5
+// or 10 cause issues for corporate networks, private repos or situations where
+// internet bandwidth is limited. We're running with a concurrency of 5 until
+// 1.4.X is released, at which time we'll move to what was discussed in #1262
+// https://github.com/bower/bower/pull/1262
+var throttler = new PThrottler(5);
+
 var winBatchExtensions;
 var winWhichCache;
 var isWin = process.platform === 'win32';
@@ -44,7 +54,7 @@ function getWindowsCommand(command) {
 // If an error occurs, a meaningful error is generated
 // Returns a promise that gets fulfilled if the command succeeds
 // or rejected if it fails
-function cmd(command, args, options) {
+function executeCmd(command, args, options) {
     var process;
     var stderr = '';
     var stdout = '';
@@ -89,7 +99,7 @@ function cmd(command, args, options) {
             fullCommand += args.length ? ' ' + args.join(' ') : '';
 
             // Build the error instance
-            error = createError('Failed to execute "' + fullCommand + '", exit code of #' + code, 'ECMDERR', {
+            error = createError('Failed to execute "' + fullCommand + '", exit code of #' + code + '\n' + stderr, 'ECMDERR', {
                 details: stderr,
                 exitCode: code
             });
@@ -103,4 +113,8 @@ function cmd(command, args, options) {
     return deferred.promise;
 }
 
+function cmd(command, args, options) {
+    return throttler.enqueue(executeCmd.bind(null, command, args, options));
+}
+
 module.exports = cmd;

lib/util/copy.js

@@ -1,6 +1,6 @@
 var fstream = require('fstream');
 var fstreamIgnore = require('fstream-ignore');
-var fs = require('graceful-fs');
+var fs = require('./fs');
 var Q = require('q');
 
 function copy(reader, writer) {

lib/util/createLink.js

@@ -1,4 +1,4 @@
-var fs = require('graceful-fs');
+var fs = require('./fs');
 var path = require('path');
 var Q = require('q');
 var mkdirp = require('mkdirp');
@@ -17,7 +17,7 @@ function createLink(src, dst, type) {
         .fail(function (error) {
             if (error.code === 'ENOENT') {
                 throw createError('Failed to create link to ' + path.basename(src), 'ENOENT', {
-                    details: src + ' doest not exists or points to a non-existent file'
+                    details: src + ' does not exist or points to a non-existent file'
                 });
             }
 

lib/util/download.js

@@ -3,19 +3,20 @@ var request = require('request');
 var Q = require('q');
 var mout = require('mout');
 var retry = require('retry');
-var fs = require('graceful-fs');
 var createError = require('./createError');
+var createWriteStream = require('fs-write-stream-atomic');
+var destroy = require('destroy');
 
 var errorCodes = [
     'EADDRINFO',
     'ETIMEDOUT',
     'ECONNRESET',
-    'ESOCKETTIMEDOUT'
+    'ESOCKETTIMEDOUT',
+    'ENOTFOUND'
 ];
 
 function download(url, file, options) {
     var operation;
-    var response;
     var deferred = Q.defer();
     var progressDelay = 8000;
 
@@ -24,46 +25,24 @@ function download(url, file, options) {
         factor: 2,
         minTimeout: 1000,
         maxTimeout: 35000,
-        randomize: true
+        randomize: true,
+        progressDelay: progressDelay,
+        gzip: true
     }, options || {});
 
     // Retry on network errors
     operation = retry.operation(options);
+
     operation.attempt(function () {
-        var req;
-        var writeStream;
-        var contentLength;
-        var bytesDownloaded = 0;
-
-        req = progress(request(url, options), {
-            delay: progressDelay
+        Q.fcall(fetch, url, file, options)
+        .then(function (response) {
+            deferred.resolve(response);
         })
-        .on('response', function (res) {
-            var status = res.statusCode;
-
-            if (status < 200 || status >= 300) {
-                return deferred.reject(createError('Status code of ' + status, 'EHTTP'));
-            }
-
-            response = res;
-            contentLength = Number(res.headers['content-length']);
+        .progress(function (status) {
+            deferred.notify(status);
         })
-        .on('data', function (data) {
-            bytesDownloaded += data.length;
-        })
-        .on('progress', function (state) {
-            deferred.notify(state);
-        })
-        .on('end', function () {
-            // Check if the whole file was downloaded
-            // In some unstable connections the ACK/FIN packet might be sent in the
-            // middle of the download
-            // See: https://github.com/joyent/node/issues/6143
-            if (contentLength && bytesDownloaded < contentLength) {
-                req.emit('error', createError('Transfer closed with ' + (contentLength - bytesDownloaded) + ' bytes remaining to read', 'EINCOMPLETE'));
-            }
-        })
-        .on('error', function (error) {
+        .fail(function (error) {
+            // Save timeout before retrying to report
             var timeout = operation._timeouts[0];
 
             // Reject if error is not a network error
@@ -74,36 +53,91 @@ function download(url, file, options) {
             // Next attempt will start reporting download progress immediately
             progressDelay = 0;
 
-            // Check if there are more retries
+            // This will schedule next retry or return false
             if (operation.retry(error)) {
-                // Ensure that there are no more events from this request
-                req.removeAllListeners();
-                req.on('error', function () {});
-                // Ensure that there are no more events from the write stream
-                writeStream.removeAllListeners();
-                writeStream.on('error', function () {});
-
-                return deferred.notify({
+                deferred.notify({
                     retry: true,
                     delay: timeout,
                     error: error
                 });
+            } else {
+                deferred.reject(error);
             }
-
-            // No more retries, reject!
-            deferred.reject(error);
-        });
-
-        // Pipe read stream to write stream
-        writeStream = req
-        .pipe(fs.createWriteStream(file))
-        .on('error', deferred.reject)
-        .on('close', function () {
-            deferred.resolve(response);
         });
     });
 
     return deferred.promise;
 }
 
+function fetch(url, file, options) {
+    var deferred = Q.defer();
+
+    var contentLength;
+    var bytesDownloaded = 0;
+
+    var reject = function (error) {
+        deferred.reject(error);
+    };
+
+    var req = progress(request(url, options), {
+        delay: options.progressDelay
+    })
+    .on('response', function (response) {
+        contentLength = Number(response.headers['content-length']);
+
+        var status = response.statusCode;
+
+        if (status < 200 || status >= 300) {
+            return deferred.reject(createError('Status code of ' + status, 'EHTTP'));
+        }
+
+        var writeStream = createWriteStream(file);
+        var errored = false;
+
+        // Change error listener so it cleans up writeStream before exiting
+        req.removeListener('error', reject);
+        req.on('error', function (error) {
+            errored = true;
+            destroy(req);
+            destroy(writeStream);
+
+            // Wait for writeStream to cleanup after itself...
+            // TODO: Maybe there's a better way?
+            setTimeout(function () {
+                deferred.reject(error);
+            }, 50);
+        });
+
+        writeStream.on('finish', function () {
+            if (!errored) {
+                destroy(req);
+                deferred.resolve(response);
+            }
+        });
+
+        req.pipe(writeStream);
+    })
+    .on('data', function (data) {
+        bytesDownloaded += data.length;
+    })
+    .on('progress', function (state) {
+        deferred.notify(state);
+    })
+    .on('error', reject)
+    .on('end', function () {
+        // Check if the whole file was downloaded
+        // In some unstable connections the ACK/FIN packet might be sent in the
+        // middle of the download
+        // See: https://github.com/joyent/node/issues/6143
+        if (contentLength && bytesDownloaded < contentLength) {
+            req.emit('error', createError(
+                'Transfer closed with ' + (contentLength - bytesDownloaded) + ' bytes remaining to read',
+                'EINCOMPLETE'
+            ));
+        }
+    });
+
+    return deferred.promise;
+}
+
 module.exports = download;

lib/util/extract.js

@@ -1,12 +1,15 @@
 var path = require('path');
-var fs = require('graceful-fs');
+var fs = require('./fs');
 var zlib = require('zlib');
-var unzip = require('unzip');
-var tar = require('tar');
+var DecompressZip = require('decompress-zip');
+var tar = require('tar-fs');
 var Q = require('q');
 var mout = require('mout');
 var junk = require('junk');
 var createError = require('./createError');
+var createWriteStream = require('fs-write-stream-atomic');
+var destroy = require('destroy');
+var tmp = require('tmp');
 
 // This forces the default chunk size to something small in an attempt
 // to avoid issue #314
@@ -22,6 +25,8 @@ extractors = {
     '.tgz': extractTarGz,
     '.gz': extractGz,
     'application/zip': extractZip,
+    'application/x-zip': extractZip,
+    'application/x-zip-compressed': extractZip,
     'application/x-tar': extractTar,
     'application/x-tgz': extractTarGz,
     'application/x-gzip': extractGz
@@ -32,15 +37,14 @@ extractorTypes = Object.keys(extractors);
 function extractZip(archive, dst) {
     var deferred = Q.defer();
 
-    fs.createReadStream(archive)
+    new DecompressZip(archive)
     .on('error', deferred.reject)
-    .pipe(unzip.Extract({
+    .on('extract', deferred.resolve.bind(deferred, dst))
+    .extract({
         path: dst,
         follow: false,           // Do not follow symlinks (#699)
         filter: filterSymlinks   // Filter symlink files
-    }))
-    .on('error', deferred.reject)
-    .on('close', deferred.resolve.bind(deferred, dst));
+    });
 
     return deferred.promise;
 }
@@ -48,15 +52,24 @@ function extractZip(archive, dst) {
 function extractTar(archive, dst) {
     var deferred = Q.defer();
 
-    fs.createReadStream(archive)
-    .on('error', deferred.reject)
-    .pipe(tar.Extract({
-        path: dst,
-        follow: false,           // Do not follow symlinks (#699)
-        filter: filterSymlinks   // Filter symlink files
+    var stream = fs.createReadStream(archive);
+
+    var reject = function (error) {
+        destroy(stream);
+        deferred.reject(error);
+    };
+
+    stream.on('error', reject)
+    .pipe(tar.extract(dst, {
+        ignore: isSymlink, // Filter symlink files
+        dmode: 0555,       // Ensure dirs are readable
+        fmode: 0444        // Ensure files are readable
     }))
-    .on('error', deferred.reject)
-    .on('close', deferred.resolve.bind(deferred, dst));
+    .on('error', reject)
+    .on('finish', function (result) {
+        destroy(stream);
+        deferred.resolve(dst);
+    });
 
     return deferred.promise;
 }
@@ -64,17 +77,26 @@ function extractTar(archive, dst) {
 function extractTarGz(archive, dst) {
     var deferred = Q.defer();
 
-    fs.createReadStream(archive)
-    .on('error', deferred.reject)
+    var stream = fs.createReadStream(archive);
+
+    var reject = function (error) {
+        destroy(stream);
+        deferred.reject(error);
+    };
+
+    stream.on('error', reject)
     .pipe(zlib.createGunzip())
-    .on('error', deferred.reject)
-    .pipe(tar.Extract({
-        path: dst,
-        follow: false,           // Do not follow symlinks (#699)
-        filter: filterSymlinks   // Filter symlink files
+    .on('error', reject)
+    .pipe(tar.extract(dst, {
+        ignore: isSymlink, // Filter symlink files
+        dmode: 0555,       // Ensure dirs are readable
+        fmode: 0444        // Ensure files are readable
     }))
-    .on('error', deferred.reject)
-    .on('close', deferred.resolve.bind(deferred, dst));
+    .on('error', reject)
+    .on('finish', function (result) {
+        destroy(stream);
+        deferred.resolve(dst);
+    });
 
     return deferred.promise;
 }
@@ -82,17 +104,29 @@ function extractTarGz(archive, dst) {
 function extractGz(archive, dst) {
     var deferred = Q.defer();
 
-    fs.createReadStream(archive)
-    .on('error', deferred.reject)
+    var stream = fs.createReadStream(archive);
+
+    var reject = function (error) {
+        destroy(stream);
+        deferred.reject(error);
+    };
+    stream.on('error', reject)
     .pipe(zlib.createGunzip())
-    .on('error', deferred.reject)
-    .pipe(fs.createWriteStream(dst))
-    .on('error', deferred.reject)
-    .on('close', deferred.resolve.bind(deferred, dst));
+    .on('error', reject)
+    .pipe(createWriteStream(dst))
+    .on('error', reject)
+    .on('finish', function (result) {
+        destroy(stream);
+        deferred.resolve(dst);
+    });
 
     return deferred.promise;
 }
 
+function isSymlink(entry) {
+    return entry.type === 'SymbolicLink';
+}
+
 function filterSymlinks(entry) {
     return entry.type !== 'SymbolicLink';
 }
@@ -131,15 +165,11 @@ function isSingleDir(dir) {
     });
 }
 
-function moveSingleDirContents(dir) {
-    var destDir = path.dirname(dir);
-
-    return Q.nfcall(fs.readdir, dir)
+function moveDirectory(srcDir, destDir) {
+    return Q.nfcall(fs.readdir, srcDir)
     .then(function (files) {
-        var promises;
-
-        promises = files.map(function (file) {
-            var src = path.join(dir, file);
+        var promises = files.map(function (file) {
+            var src = path.join(srcDir, file);
             var dst = path.join(destDir, file);
 
             return Q.nfcall(fs.rename, src, dst);
@@ -148,7 +178,7 @@ function moveSingleDirContents(dir) {
         return Q.all(promises);
     })
     .then(function () {
-        return Q.nfcall(fs.rmdir, dir);
+        return Q.nfcall(fs.rmdir, srcDir);
     });
 }
 
@@ -182,44 +212,53 @@ function extract(src, dst, opts) {
         return Q.reject(createError('File ' + src + ' is not a known archive', 'ENOTARCHIVE'));
     }
 
-    // Check archive file size
-    promise = Q.nfcall(fs.stat, src)
-    .then(function (stat) {
-        if (stat.size <= 8) {
-            throw createError('File ' + src + ' is an invalid archive', 'ENOTARCHIVE');
+    // Extract to a temporary directory in case of file name clashes
+    return Q.nfcall(tmp.dir, {
+        template: dst + '-XXXXXX',
+        mode: 0777 & ~process.umask()
+    }).then(function (tempDir) {
+        // nfcall may return multiple callback arguments as an array
+        return Array.isArray(tempDir) ? tempDir[0] : tempDir;
+    }).then(function (tempDir) {
+
+        // Check archive file size
+        promise = Q.nfcall(fs.stat, src)
+        .then(function (stat) {
+            if (stat.size <= 8) {
+                throw createError('File ' + src + ' is an invalid archive', 'ENOTARCHIVE');
+            }
+
+            // Extract archive
+            return extractor(src, tempDir);
+        });
+
+        // Remove archive
+        if (!opts.keepArchive) {
+            promise = promise
+            .then(function () {
+                return Q.nfcall(fs.unlink, src);
+            });
         }
 
-        // Extract archive
-        return extractor(src, dst);
-    });
-
-    // TODO: There's an issue here if the src and dst are the same and
-    //       The zip name is the same as some of the zip file contents
-    //       Maybe create a temp directory inside dst, unzip it there,
-    //       unlink zip and then move contents
-
-    // Remove archive
-    if (!opts.keepArchive) {
+        // Move contents from the temporary directory
+        // If the contents are a single directory (and we're not preserving structure),
+        // move its contents directly instead.
         promise = promise
         .then(function () {
-            return Q.nfcall(fs.unlink, src);
-        });
-    }
-
-    // Move contents if a single directory was extracted
-    if (!opts.keepStructure) {
-        promise = promise
-        .then(function () {
-            return isSingleDir(dst);
+            return isSingleDir(tempDir);
         })
         .then(function (singleDir) {
-            return singleDir ? moveSingleDirContents(singleDir) : null;
+            if (singleDir && !opts.keepStructure) {
+                return moveDirectory(singleDir, dst);
+            } else {
+                return moveDirectory(tempDir, dst);
+            }
         });
-    }
 
-    // Resolve promise to the dst dir
-    return promise.then(function () {
-        return dst;
+        // Resolve promise to the dst dir
+        return promise.then(function () {
+            return dst;
+        });
     });
 }
 

lib/util/fs.js

@@ -0,0 +1,34 @@
+var fs = require('graceful-fs');
+
+var readdir = fs.readdir.bind(fs);
+var readdirSync = fs.readdirSync.bind(fs);
+
+module.exports = fs;
+
+module.exports.readdir = function (dir, callback) {
+    fs.stat(dir, function (err, stats) {
+        if (err) return callback(err);
+
+        if (stats.isDirectory()) {
+            return readdir(dir, callback);
+        } else {
+            var error = new Error('ENOTDIR, not a directory \'' + dir + '\'');
+            error.code = 'ENOTDIR';
+            error.path = dir;
+            error.errono = -20;
+            return callback(error);
+        }
+    });
+};
+
+module.exports.readdirSync = function (dir) {
+    var stats = fs.statSync(dir);
+
+    if (stats.isDirectory()) {
+        return readdirSync(dir);
+    } else {
+        var error = new Error();
+        error.code = 'ENOTDIR';
+        throw error;
+    }
+};

lib/util/isPathAbsolute.js

@@ -0,0 +1,5 @@
+function isPathAbsolute(filePath) {
+    return filePath.charAt(0) === '/';
+}
+
+module.exports = isPathAbsolute;

lib/util/readJson.js

@@ -17,6 +17,16 @@ function readJson(file, options) {
     .spread(function (json, jsonFile) {
         var deprecated;
 
+        if (options.logger) {
+            var issues = bowerJson.getIssues(json);
+            if (issues.warnings.length > 0) {
+                options.logger.warn('invalid-meta', 'for:' + jsonFile);
+            }
+            issues.warnings.forEach(function (warning) {
+                options.logger.warn('invalid-meta', warning);
+            });
+        }
+
         jsonFile = path.basename(jsonFile);
         deprecated = jsonFile === 'component.json' ? jsonFile : false;
 

lib/util/relativeToBaseDir.js

@@ -0,0 +1,14 @@
+var path = require('path');
+var isPathAbsolute = require('./isPathAbsolute');
+
+function relativeToBaseDir(baseDir) {
+    return function (filePath) {
+        if (isPathAbsolute(filePath)) {
+            return path.resolve(filePath);
+        } else {
+            return path.resolve(baseDir, filePath);
+        }
+    };
+}
+
+module.exports = relativeToBaseDir;

lib/util/removeIgnores.js

@@ -1,22 +1,29 @@
 var path = require('path');
-var rimraf = require('rimraf');
+var rimraf = require('../util/rimraf');
 var fstreamIgnore = require('fstream-ignore');
 var mout = require('mout');
 var Q = require('q');
 
-function removeIgnores(dir, ignore) {
+function removeIgnores(dir, meta) {
     var reader;
     var applyIgnores;
     var deferred = Q.defer();
     var ignored = [];
-    var nonIgnored = [];
+    var nonIgnored = ['bower.json'];
+
+    // Don't ignore main files
+    nonIgnored = nonIgnored.concat(meta.main || []);
+
+    nonIgnored = nonIgnored.map(function (file) {
+        return path.join(dir, file);
+    });
 
     reader = fstreamIgnore({
         path: dir,
         type: 'Directory'
     });
 
-    reader.addIgnoreRules(ignore);
+    reader.addIgnoreRules(meta.ignore || []);
 
     // Monkey patch applyIgnores such that we get hold of all ignored files
     applyIgnores = reader.applyIgnores;