bower has been deprecated and also contains at least one serious vulnerability, so I'd say it's about time to get rid of it and use an alternate tool to handle our web dependencies.
Some quick googling indicates that yarn and npm are the most common tools people are using in place of bower. Given that we already use NPM for the dev dependencies I think it makes sense to just stick with that vs add a new tool into the build chain. This also has the advantage of allowing us to consolidate both dev and web deps into one file (package.json).
Removing bower meant that a few pieces of the build process had to be changed:
We now explicitly list the JS files to include in the build via the VENDOR_SRC variable in gulpfile.js. This was previously handled by the 'overrides' section in bowerfile.js.
The NPM lodash package does not come 'built', so I had to add a step to setup.py to generate the lodash.min.js file that we include in the build.
NPM installs the files in slightly different locations so I had to update some paths in the HTML template files.
All web dependencies are now specified in packages.json and managed by NPM
I verified I could use the UI to create/delete/view various objects and observed no errors in the server logs.
bower has been deprecated and also contains at least one serious vulnerability, so I'd say it's about time to get rid of it and use an alternate tool to handle our web dependencies.
Some quick googling indicates that yarn and npm are the most common tools people are using in place of bower. Given that we already use NPM for the dev dependencies I think it makes sense to just stick with that vs add a new tool into the build chain. This also has the advantage of allowing us to consolidate both dev and web deps into one file (package.json).
Removing bower meant that a few pieces of the build process had to be changed:
I verified I could use the UI to create/delete/view various objects and observed no errors in the server logs.