If you are a Gaia hacker, you have two choices when using Bower controlled packages: global or local.
You can use shared/ just like any other Gaia shared piece of code. This means you always get the latest version of that package, this means that you run the risk of code changing, you're not depending on a locked version.
Updating packages in Gaia should be done/reviewed by the package owner. This is because they will have the best knowledge as to which apps are likely to be affected by the update, and whether any app changes are required to avoid breakage. The update steps, like all Bower controlled shared dependencies, are as follows:
$ npm install -g bower(if you've never used Bower)$ cd shared/$ bower update <package-name>- Commit all changes made by the update and submit a pull-request.
Local dependency management allows you to control exactly what version of module your app depends on, giving you control over when to update. This is more stable, with the trade off of slightly more work.
If you haven't used Bower in your app before you will need to:
$ npm install -g bower(if you've never used Bower)$ cd gaia/apps/my-app$ bower init
You'll notice you have a new bower.json file in your project, this file is used to define what packages your app depends on, and at exactly what versions.
Now you can install the package into your app:
$ bower install gaia-components/<package-name> --save
The package will now have been magically placed in bower_components/<package-name>. You're now free to use the contents of this package however you please.
Notice that the package has now been added to your bower.json's "dependencies" list. The # semver extension on the end of the package location identifies what version range you are prepared to accept when you choose to bower update. Removing this semver definition will mean that you will get the latest version when updating.
Make sure to check-in all new files and changes, just as if they were part of your app.