- npm has a depreciation system called
.With it you could depreciate old versions of a package. You also could give warnings about bugs and patches. In bower, it doesn't exist so users could install broken packages. This would cause a lot of broken code caused by the bower dependencies.
- bower relies on a single repository with a single maintainer. Most of the time it authenticates with GitHub. You have to use
bower loginto do read/write operations. This is a single point of failure as it relies on a single repository and a single account. This leads to another problem.
- To switch permissions and ownership to another maintainer you will have to ask the bower core team. Why isn't this automated?
- bower only caches the most recent version. If you want to retrieve older versions, it uses tags and retrieves the correct version from releases(GitHub again). This means you could change old versions of package without the users knowing. For example, User A install beep 0.7.0 (old version). User A check package and thinks it a good package. User A build the API on top of beep 0.7.0 . Maintainer changes beep 0.7.0's API to something else. When User A deploys beep 0.7.0, all the deployed systems breaks down with incompatible API.
Sunday, 27 September 2015
Flaws of bower
bower is very inferior to npm as of Sept 2015. bower has no system of depreciation, maintainers, and caching.