{"id":41673158,"url":"https://github.com/craigburke/client-dependencies-gradle","last_synced_at":"2026-01-24T18:07:37.503Z","repository":{"id":57727652,"uuid":"50695660","full_name":"craigburke/client-dependencies-gradle","owner":"craigburke","description":"Install client dependencies from NPM, Bower or Git","archived":false,"fork":false,"pushed_at":"2018-03-07T11:12:09.000Z","size":458,"stargazers_count":89,"open_issues_count":19,"forks_count":18,"subscribers_count":12,"default_branch":"master","last_synced_at":"2024-04-16T07:21:21.027Z","etag":null,"topics":["bower","npm"],"latest_commit_sha":null,"homepage":"","language":"Groovy","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/craigburke.png","metadata":{"files":{"readme":"README.adoc","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.adoc","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-01-29T22:29:44.000Z","updated_at":"2023-10-17T08:01:23.000Z","dependencies_parsed_at":"2022-09-26T21:50:47.579Z","dependency_job_id":null,"html_url":"https://github.com/craigburke/client-dependencies-gradle","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/craigburke/client-dependencies-gradle","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/craigburke%2Fclient-dependencies-gradle","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/craigburke%2Fclient-dependencies-gradle/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/craigburke%2Fclient-dependencies-gradle/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/craigburke%2Fclient-dependencies-gradle/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/craigburke","download_url":"https://codeload.github.com/craigburke/client-dependencies-gradle/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/craigburke%2Fclient-dependencies-gradle/sbom","scorecard":{"id":307238,"data":{"date":"2025-08-11","repo":{"name":"github.com/craigburke/client-dependencies-gradle","commit":"82145a1a12f3181d65c6edcfdabf2f827ddbe4aa"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.3,"checks":[{"name":"Code-Review","score":3,"reason":"Found 7/21 approved changesets -- score normalized to 3","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":9,"reason":"binaries present in source code","details":["Warn: binary detected: gradle/wrapper/gradle-wrapper.jar:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE.adoc:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 16 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-17T22:22:43.703Z","repository_id":57727652,"created_at":"2025-08-17T22:22:43.704Z","updated_at":"2025-08-17T22:22:43.704Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28733505,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-24T17:51:25.893Z","status":"ssl_error","status_checked_at":"2026-01-24T17:50:48.377Z","response_time":89,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bower","npm"],"created_at":"2026-01-24T18:07:37.297Z","updated_at":"2026-01-24T18:07:37.489Z","avatar_url":"https://github.com/craigburke.png","language":"Groovy","funding_links":[],"categories":[],"sub_categories":[],"readme":":version: 1.4.1\n\nifdef::env-github[]\n:tip-caption: :bulb:\n:note-caption: :information_source:\n:important-caption: :heavy_exclamation_mark:\n:caution-caption: :fire:\n:warning-caption: :warning:\nendif::[]\n\n= Client Dependencies Gradle Plugin\n\nThis Gradle plugin allows you to declare client side dependencies in *build.gradle* from bower, npm, yarn or git and\nwith a much clearer dependencies resolution model. This plugin queries the registries directly so it doesn't require or install node, npm or bower.\n\n== Getting Started\n\n=== Gradle 2.0\n\n[source,gradle,subs='attributes']\n----\nbuildscript {\n    repositories {\n        jcenter()\n    }\n    dependencies {\n        classpath 'com.craigburke.gradle:client-dependencies:{version}'\n    }\n}\n\napply plugin: 'com.craigburke.client-dependencies'\n----\n\n=== Gradle 2.1 and higher\n\n[source,gradle,subs='attributes']\n----\nplugins {\n    id 'com.craigburke.client-dependencies' version '{version}'\n}\n----\n\n== Tasks\n\nThe plugin adds the following tasks to your build:\n\n|===\n\n| *Task* | *Description*\n\n| clientInstall | Installs all the client dependencies you have set in your build.gradle\n\n| clientRefresh | Refreshes client dependencies (if you add or modify your configuration)\n\n| clientClean | Removes client dependencies and clears the cache\n\n| clientReport | Prints a report of all dependencies and the resolved versions\n\n|===\n\n== Declaring dependencies\n\nYou can specify dependencies from different sources (npm, bower or git) and control which files are included in your project by using the DSL shown below.\n\nWARNING: The following example shows the use of several different types of registries, this works but it's best to stick to a single registry (NPM is recommended).\n\n[source,gradle,subs='attributes']\n----\nclientDependencies {\n    bower {\n        'jquery'('2.0.0') // \u003c1\u003e\n    }\n    npm {\n        'bootstrap'('3.3.6', exclude: 'jquery') // \u003c2\u003e\n        'restangular'('1.5.1', transitive: false) // \u003c3\u003e\n        'angular-animate'('1.5.0', into: 'angular/modules') // \u003c4\u003e\n        'animate.css'('1.0.0', url:'daneden/animate.css') // \u003c5\u003e\n        'angular-ui-bootstrap'('1.3.x', from:'dist') { // \u003c6\u003e\n            include 'ui-bootstrap-tpls.js'\n        }\n    }\n    yarn {\n        'angular'('1.5.8') // \u003c7\u003e\n    }\n}\n----\n\u003c1\u003e Installs jquery from bower and into the location (`src/assets/vendor/jquery`) using the default copy settings\n\u003c2\u003e Installs bootstrap from npm and excludes the dependency `jquery`\n\u003c3\u003e Installs restangular from npm but doesn't include any child dependencies\n\u003c4\u003e Changing the destination path using the `into` property. This is relative to the install path meaning this would install to the\nlocation `src/assets/vendor/angular/modules.`\n\u003c5\u003e Use the url property to use a github repo as a dependency source (expands to https://www.github.com/danedan/animate.css.git).\n    A full URL reference any git repository will also work here.\n\u003c6\u003e The from property allows you to copy code only from a certain subfolder\n\u003c7\u003e Installs angular from Yarn's registry\n\nTIP: If you update your config and it doesn't seem to be taking effect, try running the `clientRefresh` task.\n\n== The copy task\n\nThe files are copied using the DSL of Gradle's copy task. See: https://docs.gradle.org/current/dsl/org.gradle.api.tasks.Copy.html[Gradle Copy].\n\n=== Default copy task\n\nThe default settings for the copy task are as follows:\n[source,gradle,subs='attributes']\n----\nclientDependencies {\n    fileExtensions = ['css', 'js', 'eot', 'svg', 'ttf', 'woff', 'woff2', 'ts', \n                      'jpg', 'jpeg', 'png', 'gif'] // \u003c1\u003e\n    releaseFolders = ['dist', 'release'] // \u003c2\u003e\n    copyIncludes = [] // \u003c3\u003e\n    copyExcludes = ['**/*.min.js', '**/*.min.css', '**/*.map', '**/Gruntfile.js',\n                        'gulpfile.js', 'source/**'] // \u003c4\u003e\n}\n----\n\u003c1\u003e Default included file extensions\n\u003c2\u003e Default release folders to look for. If a folder by this name is found then the file extension includes are relative to this folder. (ex `dist/{asterisk}{asterisk}/{asterisk}.js` instead of `{asterisk}{asterisk}/{asterisk}.js`)\n\u003c3\u003e Default includes to append to the end of the copy task\n\u003c4\u003e Default excludes to append to the end of the copy task\n\nYou can add to the default values listed above by using the following methods:\n\n[source,gradle,subs='attributes']\n----\nclientDependencies {\n    fileExtensions 'ts' // \u003c1\u003e\n    releaseFolders 'lib' // \u003c2\u003e\n    copyIncludes '**' // \u003c3\u003e\n    copyExcludes 'index.js' // \u003c4\u003e\n}\n----\n\u003c1\u003e Adds the file extension (`ts`) to default fileExtensions\n\u003c2\u003e Adds a release folders (`lib`) to the default release folder list\n\u003c3\u003e Additional includes to append to the end of the copy task\n\u003c4\u003e Additional excludes to append to the end of the copy task\n\nYou can also completely override the default copy task (this will then completely ignores the settings above)\n\n[source,gradle,subs='attributes']\n----\nclientDependencies {\n    defaultCopy = {\n        include '**'\n        exclude '**/*.less', '**/*.sass'\n    }\n}\n----\n\n=== Overriding the copy task for an individual dependency\n\nBy passing a closure as the last argument of a dependency declaration you have full control of what files get copied and where they get copied to.\n\nFor example:\n[source,gradle,subs='attributes']\n----\nclientDependencies {\n    npm {\n        'bootstrap'('3.3.6') {\n            include 'dist/**'\n            exclude '**/*.min.*', '**/*.map', '**/npm.js'\n            eachFile { it.path -= 'dist/' }\n        }\n    }\n}\n----\n\n== Registering custom registry\n\nBy default two registries named npm and bower are installed. You can either override these or register new custom registries. This allows you to also use it to separate out dependencies (production versus devevelopment dependencies for example).\n\n[source,gradle,subs='attributes']\n----\nclientDependencies {\n    registry 'npmLocal', type:'npm', url:'http://www.example.com/npm/'\n    registry 'npmDev', type: 'npm', url:'http://www.example.com/npm/'\n    registry 'bowerLocal', type:'bower', url:'http://www.example.com/bower/'\n\n    npmLocal {\n        'bootstrap'('3.3.6')\n        'myJSLib'('1.0.0')\n    }\n\n    npmDev {\n        'lodash'('2.4.1')\n        'grunt'('1.0.0')\n        'grunt-contrib-clean'('~0.6.0')\n        'colors'('^0.6.2')\n    }\n\n    bowerLocal {\n        'jquery'('2.0.0')\n        'myBowerJSLib'('1.0.0')\n     }\n}\n----\n\n== Additional Properties\n\nWhat follows are additional configuration options. With the possible exception of `installDir` you typically won't\nneed to set any of these options.\n\n[source,gradle,subs='attributes']\n----\nclientDependencies {\n    installDir = 'src/assets/vendor' // \u003c1\u003e\n    cacheDir = 'build/client-cache/' // \u003c2\u003e\n    userAgent = 'client-dependencies-gradle' // \u003c3\u003e\n    useGlobalCache = true // \u003c4\u003e\n    checkDownloads = true // \u003c5\u003e\n    threadPoolSize = 10 // \u003c6\u003e\n}\n----\n\u003c1\u003e Location that dependencies are installed to\n\u003c2\u003e Location of the local project cache\n\u003c3\u003e User agent used when making web requests\n\u003c4\u003e Whether the global caches for bower and npm are searched when resolving dependencies\n\u003c5\u003e Whether downloads are checked and verified\n\u003c6\u003e Size of thread pool used when downloading and installing dependencies\n\n== Special for Bower repositories\nGithub credentials can be set in the `clientDependencies` block:\n\n[source,gradle,subs='attributes']\n----\nclientDependencies {\n    githubUsername = project.hasProperty('githubUsername') ? project.githubUsername : '' // \u003c1\u003e\n    githubPassword = project.hasProperty('githubPassword') ? project.githubPassword : '' // \u003c2\u003e\n}\n----\n\u003c1\u003e Your Github Username\n\u003c2\u003e Your Github password or if you use two factor login (and you really should), your personal access token (see: https://github.com/settings/tokens)\n\nIf you don't want to use your username and password you can obtain Github token here https://github.com/settings/tokens/new and use it this way:\n\n[source,gradle,subs='attributes']\n----\nclientDependencies {\n    githubToken = project.hasProperty('githubToken') ? project.githubToken : ''\n}\n----\n\nCAUTION: that it is important never to store your Github credentials in your `build.gradle` file. Instead you\ncan set the values in `~/.gradle/gradle.properties` where they are for your eyes only.\n\n== Contributors\n\nThank you to the following people who have made significant contributions to this project:\n\n* Janne Ruuttunen - link:https://github.com/jruuttun[@jruuttun]\n* Søren Berg Glasius - link:https://github.com/sbglasius[@sbglasius]\n* Eric Helgeson - link:https://github.com/erichelgeson[@erichelgeson]\n* Martin Grześlowski - link:https://github.com/magx2[@magx2]\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcraigburke%2Fclient-dependencies-gradle","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcraigburke%2Fclient-dependencies-gradle","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcraigburke%2Fclient-dependencies-gradle/lists"}