Allow endpoints other than git endpoints?

[satazor]

Follow up of: bower/bower#22

[patrickkettner]

I believe this was fixed as a result of #78

[rafayepes]

@patrickkettner in which version was it solved? I'm still having this issue

> bower -v
1.3.9
> node -v
v0.10.30
> npm -v
1.4.21

[patrickkettner]

this was an update to the registry, rather than the client. So the local version shouldn't matter. What error is it that you are getting?

[rayshan]

I think bower/bower#22 wanted to load a single file that isn't from a git endpoint, so it's more like bower/bower#584. @patrickkettner your patch allows a different protocol, but still a git endpoint. @satazor can you confirm?

It was decided in bower/bower#584 (comment) to not support URIs that point to a github releases, but I wonder if it makes sense to revisit the issue. Why not support a URI that points to a binary on any domain? What are the downsides? Security concerns?

cc @benschwarz since he had some thoughts on hosting binaries

[rafayepes]

I tried the following command:

> bower register my_component_name https://my_url.git
EINVFORMAT The registry only accepts URLs starting with git://

Same error message appears when using an url with starting with "ssh://".

The repository is a private repository outside Github and I don't have access to the "git://" URL. I'm trying to register private modules using private-bower (https://github.com/Hacklone/private-bower) but it looks like currently bower doesn't support different types of URLs.

[rayshan]

https git endpoints are indeed supported via @patrickkettner's patch. The issue is with a private endpoint. It was decided by the team that the public registry shouldn't host anything that isn't publicly available. For those we recommend running a private bower registry, or perhaps private-bower could help, I'm not too familiar with it. We will have better docs on how to run a private registry soon, but you can hack one together now by forking this repo.

[rafayepes]

If that's the case @rayshan , then I think that what's wrong is the error message, don't you think? If the problem is that the provided URL is private and not reachable by bower, then that's what the error message should say. Saying that that "only URLs starting with git:// are accepted" if that's not true is confusing . I'll try with a public repository and see if it works.

Thanks!

[rayshan]

@rafayepes absolutely, please see: #88

This issue is still outstanding. I'll change the title to better reflect the true issue at hand.

[noahmonster]

I'd like to shed some light on what the current behavior is. I'm trying to provide an internal company project via our own private registry. All of our code is in SVN repositories. When I tried to register my project, I got an Invalid URL format error:

> bower register common-ui svn+https://my-company-project
...
? Registering a package will make it installable via the registry (http://localhost:3000), continue?: Yes
...
bower                       EINVFORMAT Invalid URL format

I ended up setting skipValidation: true in my config, which allowed me to register the above URL successfully. The URL also worked when I used bower to install my project from this private registry. The point being that this is not an invalid URL.

It seems to me that this project is specifically designed to allow private registries to provide whatever they want from any source (especially SVN). So, if not explicitly allowing SVN URLs, there should at least be a good error message, as @rafayepes stated.

[patrickkettner]

what version of the registry are you using

[noahmonster]

Master, pulled today.

[patrickkettner]

@noahmonster, apologies - I hadn't looked in this in a while, and I remembered how it was setup incorrectly.

As of now, the registry is only validates git urls (wether they be http(s)://, ssh://, or git://). see validUrl

It would be trivial to add svn ln to that, but heroku (where we run the registry) does not have svn built in, nor am I sure of how you would go about getting it since it does not have sudo.

[noahmonster]

Would it be possible to tie the validation of URLs to some configuration values? More than just the skipValidation flag. Would it be possible to have an allowSVN configuration value? This would solve my issue without having to turn off validation completely. It would also allow a git only configuration as is being used currently.

[patrickkettner]

PRs welcome!

On Tue, Apr 7, 2015, 10:54 AM Noah Solomon [email protected] wrote:

Would it be possible to tie the validation of URLs to some configuration
values. More than just the skipValidation flag. Would it be possible to
have an allowSVN configuration value? This would solve my issue without
having to turn off validation completely. It would also allow a git only
configuration as is being used currently.

—
Reply to this email directly or view it on GitHub
#23 (comment).