BUNDLE-INSTALL(1) BUNDLE-INSTALL(1)
NAME
bundle-install - Install the dependencies specified in your Gemfile
SYNOPSIS
bundle install [--binstubs[=DIRECTORY]] [--clean] [--deployment] [--frozen] [--full-index]
[--gemfile=GEMFILE] [--jobs=NUMBER] [--local] [--no-cache] [--no-prune] [--path PATH]
[--quiet] [--redownload] [--retry=NUMBER] [--shebang] [--standalone[=GROUP[ GROUP...]]]
[--system] [--trust-policy=POLICY] [--with=GROUP[ GROUP...]] [--without=GROUP[ GROUP...]]
DESCRIPTION
Install the gems specified in your Gemfile(5). If this is the first time you run bundle in‐
stall (and a Gemfile.lock does not exist), Bundler will fetch all remote sources, resolve de‐
pendencies and install all needed gems.
If a Gemfile.lock does exist, and you have not updated your Gemfile(5), Bundler will fetch
all remote sources, but use the dependencies specified in the Gemfile.lock instead of resolv‐
ing dependencies.
If a Gemfile.lock does exist, and you have updated your Gemfile(5), Bundler will use the de‐
pendencies in the Gemfile.lock for all gems that you did not update, but will re-resolve the
dependencies of gems that you did update. You can find more information about this update
process below under CONSERVATIVE UPDATING.
OPTIONS
The --clean, --deployment, --frozen, --no-prune, --path, --shebang, --system, --without and
--with options are deprecated because they only make sense if they are applied to every sub‐
sequent bundle install run automatically and that requires bundler to silently remember them.
Since bundler will no longer remember CLI flags in future versions, bundle config (see bun‐
dle-config(1)) should be used to apply them permanently.
--binstubs[=<directory>]
Binstubs are scripts that wrap around executables. Bundler creates a small Ruby file
(a binstub) that loads Bundler, runs the command, and puts it in bin/. This lets you
link the binstub inside of an application to the exact gem version the application
needs.
Creates a directory (defaults to ~/bin) and places any executables from the gem there.
These executables run in Bundler´s context. If used, you might add this directory to
your environment´s PATH variable. For instance, if the rails gem comes with a rails
executable, this flag will create a bin/rails executable that ensures that all re‐
ferred dependencies will be resolved using the bundled gems.
--clean
On finishing the installation Bundler is going to remove any gems not present in the
current Gemfile(5). Don´t worry, gems currently in use will not be removed.
This option is deprecated in favor of the clean setting.
--deployment
In deployment mode, Bundler will ´roll-out´ the bundle for production or CI use.
Please check carefully if you want to have this option enabled in your development en‐
vironment.
This option is deprecated in favor of the deployment setting.
--redownload
Force download every gem, even if the required versions are already available locally.
--frozen
Do not allow the Gemfile.lock to be updated after this install. Exits non-zero if
there are going to be changes to the Gemfile.lock.
This option is deprecated in favor of the frozen setting.
--full-index
Bundler will not call Rubygems´ API endpoint (default) but download and cache a (cur‐
rently big) index file of all gems. Performance can be improved for large bundles that
seldom change by enabling this option.
--gemfile=<gemfile>
The location of the Gemfile(5) which Bundler should use. This defaults to a Gemfile(5)
in the current working directory. In general, Bundler will assume that the location of
the Gemfile(5) is also the project´s root and will try to find Gemfile.lock and ven‐�‐
dor/cache relative to this location.
--jobs=[<number>], -j[<number>]
The maximum number of parallel download and install jobs. The default is the number of
available processors.
--local
Do not attempt to connect to rubygems.org. Instead, Bundler will use the gems already
present in Rubygems´ cache or in vendor/cache. Note that if an appropriate plat‐
form-specific gem exists on rubygems.org it will not be found.
--no-cache
Do not update the cache in vendor/cache with the newly bundled gems. This does not re‐
move any gems in the cache but keeps the newly bundled gems from being cached during
the install.
--no-prune
Don´t remove stale gems from the cache when the installation finishes.
This option is deprecated in favor of the no_prune setting.
--path=<path>
The location to install the specified gems to. This defaults to Rubygems´ setting.
Bundler shares this location with Rubygems, gem install ... will have gem installed
there, too. Therefore, gems installed without a --path ... setting will show up by
calling gem list. Accordingly, gems installed to other locations will not get listed.
This option is deprecated in favor of the path setting.
--quiet
Do not print progress information to the standard output. Instead, Bundler will exit
using a status code ($?).
--retry=[<number>]
Retry failed network or git requests for number times.
--shebang=<ruby-executable>
Uses the specified ruby executable (usually ruby) to execute the scripts created with
--binstubs. In addition, if you use --binstubs together with --shebang jruby these ex‐
ecutables will be changed to execute jruby instead.
This option is deprecated in favor of the shebang setting.
--standalone[=<list>]
Makes a bundle that can work without depending on Rubygems or Bundler at runtime. A
space separated list of groups to install has to be specified. Bundler creates a di‐
rectory named bundle and installs the bundle there. It also generates a bun‐�‐
dle/bundler/setup.rb file to replace Bundler´s own setup in the manner required. Using
this option implicitly sets path, which is a [remembered option][REMEMBERED OPTIONS].
--system
Installs the gems specified in the bundle to the system´s Rubygems location. This
overrides any previous configuration of --path.
This option is deprecated in favor of the system setting.
--trust-policy=[<policy>]
Apply the Rubygems security policy policy, where policy is one of HighSecurity, Medi‐�‐
umSecurity, LowSecurity, AlmostNoSecurity, or NoSecurity. For more details, please see
the Rubygems signing documentation linked below in SEE ALSO.
--with=<list>
A space-separated list of groups referencing gems to install. If an optional group is
given it is installed. If a group is given that is in the remembered list of groups
given to --without, it is removed from that list.
This option is deprecated in favor of the with setting.
--without=<list>
A space-separated list of groups referencing gems to skip during installation. If a
group is given that is in the remembered list of groups given to --with, it is removed
from that list.
This option is deprecated in favor of the without setting.
DEPLOYMENT MODE
Bundler´s defaults are optimized for development. To switch to defaults optimized for deploy‐
ment and for CI, use the --deployment flag. Do not activate deployment mode on development
machines, as it will cause an error when the Gemfile(5) is modified.
1. A Gemfile.lock is required.
To ensure that the same versions of the gems you developed with and tested with are also
used in deployments, a Gemfile.lock is required.
This is mainly to ensure that you remember to check your Gemfile.lock into version con‐
trol.
2. The Gemfile.lock must be up to date
In development, you can modify your Gemfile(5) and re-run bundle install to conserva‐
tively update your Gemfile.lock snapshot.
In deployment, your Gemfile.lock should be up-to-date with changes made in your Gem‐
file(5).
3. Gems are installed to vendor/bundle not your default system location
In development, it´s convenient to share the gems used in your application with other ap‐
plications and other scripts that run on the system.
In deployment, isolation is a more important default. In addition, the user deploying the
application may not have permission to install gems to the system, or the web server may
not have permission to read them.
As a result, bundle install --deployment installs gems to the vendor/bundle directory in
the application. This may be overridden using the --path option.
SUDO USAGE
By default, Bundler installs gems to the same location as gem install.
In some cases, that location may not be writable by your Unix user. In that case, Bundler
will stage everything in a temporary directory, then ask you for your sudo password in order
to copy the gems into their system location.
From your perspective, this is identical to installing the gems directly into the system.
You should never use sudo bundle install. This is because several other steps in bundle in‐�‐
stall must be performed as the current user:
• Updating your Gemfile.lock
• Updating your vendor/cache, if necessary
• Checking out private git repositories using your user´s SSH keys
Of these three, the first two could theoretically be performed by chowning the resulting
files to $SUDO_USER. The third, however, can only be performed by invoking the git command as
the current user. Therefore, git gems are downloaded and installed into ~/.bundle rather than
$GEM_HOME or $BUNDLE_PATH.
As a result, you should run bundle install as the current user, and Bundler will ask for your
password if it is needed to put the gems into their final location.
INSTALLING GROUPS
By default, bundle install will install all gems in all groups in your Gemfile(5), except
those declared for a different platform.
However, you can explicitly tell Bundler to skip installing certain groups with the --without
option. This option takes a space-separated list of groups.
While the --without option will skip installing the gems in the specified groups, it will
still download those gems and use them to resolve the dependencies of every gem in your Gem‐
file(5).
This is so that installing a different set of groups on another machine (such as a production
server) will not change the gems and versions that you have already developed and tested
against.
Bundler offers a rock-solid guarantee that the third-party code you are running in develop‐�‐
ment and testing is also the third-party code you are running in production. You can choose
to exclude some of that code in different environments, but you will never be caught
flat-footed by different versions of third-party code being used in different environments.
For a simple illustration, consider the following Gemfile(5):
source ´https://rubygems.org´
gem ´sinatra´
group :production do
gem ´rack-perftools-profiler´
end
In this case, sinatra depends on any version of Rack (>= 1.0), while rack-perftools-profiler
depends on 1.x (~> 1.0).
When you run bundle install --without production in development, we look at the dependencies
of rack-perftools-profiler as well. That way, you do not spend all your time developing
against Rack 2.0, using new APIs unavailable in Rack 1.x, only to have Bundler switch to Rack
1.2 when the production group is used.
This should not cause any problems in practice, because we do not attempt to install the gems
in the excluded groups, and only evaluate as part of the dependency resolution process.
This also means that you cannot include different versions of the same gem in different
groups, because doing so would result in different sets of dependencies used in development
and production. Because of the vagaries of the dependency resolution process, this usually
affects more than the gems you list in your Gemfile(5), and can (surprisingly) radically
change the gems you are using.
THE GEMFILE.LOCK
When you run bundle install, Bundler will persist the full names and versions of all gems
that you used (including dependencies of the gems specified in the Gemfile(5)) into a file
called Gemfile.lock.
Bundler uses this file in all subsequent calls to bundle install, which guarantees that you
always use the same exact code, even as your application moves across machines.
Because of the way dependency resolution works, even a seemingly small change (for instance,
an update to a point-release of a dependency of a gem in your Gemfile(5)) can result in radi‐
cally different gems being needed to satisfy all dependencies.
As a result, you SHOULD check your Gemfile.lock into version control, in both applications
and gems. If you do not, every machine that checks out your repository (including your pro‐
duction server) will resolve all dependencies again, which will result in different versions
of third-party code being used if any of the gems in the Gemfile(5) or any of their dependen‐
cies have been updated.
When Bundler first shipped, the Gemfile.lock was included in the .gitignore file included
with generated gems. Over time, however, it became clear that this practice forces the pain
of broken dependencies onto new contributors, while leaving existing contributors potentially
unaware of the problem. Since bundle install is usually the first step towards a contribu‐
tion, the pain of broken dependencies would discourage new contributors from contributing. As
a result, we have revised our guidance for gem authors to now recommend checking in the lock
for gems.
CONSERVATIVE UPDATING
When you make a change to the Gemfile(5) and then run bundle install, Bundler will update
only the gems that you modified.
In other words, if a gem that you did not modify worked before you called bundle install, it
will continue to use the exact same versions of all dependencies as it used before the up‐
date.
Let´s take a look at an example. Here´s your original Gemfile(5):
source ´https://rubygems.org´
gem ´actionpack´, ´2.3.8´
gem ´activemerchant´
In this case, both actionpack and activemerchant depend on activesupport. The actionpack gem
depends on activesupport 2.3.8 and rack ~> 1.1.0, while the activemerchant gem depends on ac‐�‐
tivesupport >= 2.3.2, braintree >= 2.0.0, and builder >= 2.0.0.
When the dependencies are first resolved, Bundler will select activesupport 2.3.8, which sat‐
isfies the requirements of both gems in your Gemfile(5).
Next, you modify your Gemfile(5) to:
source ´https://rubygems.org´
gem ´actionpack´, ´3.0.0.rc´
gem ´activemerchant´
The actionpack 3.0.0.rc gem has a number of new dependencies, and updates the activesupport
dependency to = 3.0.0.rc and the rack dependency to ~> 1.2.1.
When you run bundle install, Bundler notices that you changed the actionpack gem, but not the
activemerchant gem. It evaluates the gems currently being used to satisfy its requirements:
activesupport 2.3.8
also used to satisfy a dependency in activemerchant, which is not being updated
rack ~> 1.1.0
not currently being used to satisfy another dependency
Because you did not explicitly ask to update activemerchant, you would not expect it to sud‐
denly stop working after updating actionpack. However, satisfying the new activesupport
3.0.0.rc dependency of actionpack requires updating one of its dependencies.
Even though activemerchant declares a very loose dependency that theoretically matches ac‐�‐
tivesupport 3.0.0.rc, Bundler treats gems in your Gemfile(5) that have not changed as an
atomic unit together with their dependencies. In this case, the activemerchant dependency is
treated as activemerchant 1.7.1 + activesupport 2.3.8, so bundle install will report that it
cannot update actionpack.
To explicitly update actionpack, including its dependencies which other gems in the Gem‐
file(5) still depend on, run bundle update actionpack (see bundle update(1)).
Summary: In general, after making a change to the Gemfile(5) , you should first try to run
bundle install, which will guarantee that no other gem in the Gemfile(5) is impacted by the
change. If that does not work, run bundle update(1) bundle-update.1.html.
SEE ALSO
• Gem install docs http://guides.rubygems.org/rubygems-basics/#installing-gems
• Rubygems signing docs http://guides.rubygems.org/security/
December 2021 BUNDLE-INSTALL(1)
