📍 NOTE
RubyGems.org was recently compromised in a hostile takeover about which many lies have been told.
I'm in the process of adding warnings to some important gems because I don't condone the theft of the bundler and rubygems-update projects.
Once publishing to gem.coop is available I will stop publishing to RubyGems.org.
Please see here and here for more info on what comes next.

🍕 Bundle::Namespace

if ci_badges.map(&:color).detect { it != "green"} ☝️ let me know, as I may have missed the discord notification.

---

if ci_badges.map(&:color).all? { it == "green"} 👇️ send money so I can do more of this. FLOSS maintenance is now my full-time job.

🌻 Synopsis

A Bundler plugin that adds namespace support for gem resolution, enabling a choice between alternate versions of a single gem in different namespaces, as well as multiple "flavors" of the same gem (partial support), from namespace-aware sources.

Bundle::Namespace extends Bundler's DSL to support namespaced gem resolution. This allows you to:

• Use the same gem name from different organizations/namespaces
• Differentiate between multiple "flavors" of the same gem
• Organize gems by namespace (similar to GitHub organizations)
• Maintain separate versions of the same gem for different purposes

💡 Info you can shake a stick at

Tokens to Remember
Works with JRuby
Works with Truffle Ruby
Works with MRI Ruby 3
Support & Community
Source
Documentation
Compliance
Style
Maintainer 🎖️
... 💖	🧊 🐙 🛖 🧪

Compatibility

Compatible with MRI Ruby 2.7.0+, and concordant releases of JRuby, and TruffleRuby.

🚚 Amazing test matrix was brought to you by	🔎 appraisal2 🔎 and the color 💚 green 💚
👟 Check it out!	✨ github.com/appraisal-rb/appraisal2 ✨

Federated DVCS

Find this repo on federated forges (Coming soon!)

Federated DVCS Repository	Status	Issues	PRs	Wiki	CI	Discussions
🧪 galtzo-floss/bundle-namespace on GitLab	The Truth	💚	💚	💚	🐭 Tiny Matrix	➖
🧊 galtzo-floss/bundle-namespace on CodeBerg	An Ethical Mirror (Donate)	💚	💚	➖	⭕️ No Matrix	➖
🐙 galtzo-floss/bundle-namespace on GitHub	Another Mirror	💚	💚	💚	💯 Full Matrix	💚
🎮️ Discord Server		Let's	talk	about	this	library!

Enterprise Support

Available as part of the Tidelift Subscription.

Need enterprise-level guarantees?

The maintainers of this and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use.

• 💡Subscribe for support guarantees covering all your FLOSS dependencies
• 💡Tidelift is part of Sonar
• 💡Tidelift pays maintainers to maintain the software you depend on!
  📊@Pointy Haired Boss: An enterprise support subscription is "never gonna let you down", and supports open source maintainers

Alternatively:

• 
• 
• 

✨ Installation

Install the gem and add to the application's Gemfile by executing:

bundle add bundle-namespace

If bundler is not being used to manage dependencies, install the gem by executing:

gem install bundle-namespace

🔒 Secure Installation

For Medium or High Security Installations

This gem is cryptographically signed, and has verifiable SHA-256 and SHA-512 checksums by stone_checksums. Be sure the gem you install hasn’t been tampered with by following the instructions below.

Add my public key (if you haven’t already, expires 2045-04-29) as a trusted certificate:

gem cert --add <(curl -Ls https://raw.github.com/galtzo-floss/certs/main/pboling.pem)

You only need to do that once. Then proceed to install with:

gem install bundle-namespace -P HighSecurity

The HighSecurity trust profile will verify signed gems, and not allow the installation of unsigned dependencies.

If you want to up your security game full-time:

bundle config set --global trust-policy MediumSecurity

MediumSecurity instead of HighSecurity is necessary if not all the gems you use are signed.

NOTE: Be prepared to track down certs for signed gems and add them the same way you added mine.

⚙️ Configuration

Configure the plugin via .bundle/config:

# Enable strict mode (raise errors for unsupported sources)
bundle config set namespace.strict_mode true

# Disable warnings for ignored namespaces
bundle config set namespace.warn_on_missing false

# Custom lockfile path
bundle config set namespace.lockfile_path "config/namespace-lock.yaml"

Or in Ruby:

Bundle::Namespace::Configuration.strict_mode = true
Bundle::Namespace::Configuration.warn_on_missing = false
Bundle::Namespace::Configuration.lockfile_path = "custom-path.yaml"

🔧 Basic Usage

Basic Namespace Declaration

Use the namespace macro in your Gemfile, similar to the platform macro:

# Block syntax - namespace within default source
namespace :myorg do
  gem "shared-library", "~> 2.0"
  gem "custom-middleware"
end

# Within a specific source
source "https://gems.mycompany.com" do
  namespace :engineering do
    gem "internal-tools", "~> 1.5"
  end

  namespace :security do
    gem "internal-tools", "~> 2.0"  # Different version, same name!
  end
end

# Option syntax
gem "my-gem", "~> 1.0", namespace: :myorg

Multiple Namespaces

Handle the same gem from different namespaces:

source "https://rubygems.org" do
  namespace :myorganization do
    gem "rails", "~> 7.0", github: "myorganization/rails", branch: "custom"
  end
end

# Or for multi-tenant applications
source "https://gems.saas-platform.com" do
  namespace :tenant_a do
    gem "custom-theme", "~> 1.0"
  end

  namespace :tenant_b do
    gem "custom-theme", "~> 2.0"
  end
end

Nested Namespaces

Namespaces can be nested for complex organization:

namespace :parent do
  namespace :child do
    gem "nested-gem"
  end
end

How It Works

1. DSL Extension (Phase 1)

The plugin adds a namespace macro to Gemfile syntax, tracking which gems belong to which namespaces.

2. Resolution Enhancement (Phase 2)

During dependency resolution, the plugin:

• Makes gem sources namespace-aware
• Filters available gems by namespace
• Resolves dependencies considering namespaces
• Tracks namespace information in specifications

3. Lockfile Generation (Phase 3)

The plugin generates bundle-namespace-lock.yaml alongside Gemfile.lock:

---
"https://gems.mycompany.com":
  engineering:
    internal-tools:
      version: 1.5.2
      dependencies:
        - thor
      platform: ruby
  security:
    internal-tools:
      version: 2.0.1
      dependencies:
        - thor
        - openssl
      platform: ruby

This lockfile ensures reproducible builds with namespace information.

Requirements

• Ruby >= 3.1
• Bundler >= 2.6

Source Compatibility

Namespace-Aware Sources

The plugin automatically detects if a gem source supports namespaces. For sources that do:

• Gems are fetched from <namespace>/<gem-name> paths
• Specs are filtered by namespace
• Multiple versions of the same gem can coexist

Non-Namespace-Aware Sources

For sources that don't support namespaces:

• Namespace declarations are tracked but not enforced
• Standard gem resolution applies
• Warnings are shown (unless disabled)

Development

After checking out the repo, run bin/setup to install dependencies. Then, run rake spec to run the tests.

To install this gem onto your local machine, run bundle exec rake install.

Testing

# Run all tests
bundle exec rspec

# Run with documentation format
bundle exec rspec --format documentation

# Run specific test file
bundle exec rspec spec/bundle/namespace/dsl_extension_spec.rb

Project Structure

lib/bundle/namespace/
├── version.rb                    # Version information
├── errors.rb                     # Custom error classes
├── registry.rb                   # Namespace-to-gem registry
├── configuration.rb              # Plugin configuration
├── dsl_extension.rb             # Gemfile DSL namespace macro
├── dependency_extension.rb       # Namespace-aware dependencies
├── source_extensions.rb          # Namespace-aware sources
├── resolver_extension.rb         # Namespace-aware resolution
├── specification_extension.rb    # Namespace tracking in specs
├── lockfile_generator.rb        # Generate namespace lockfile
├── lockfile_parser.rb           # Parse namespace lockfile
├── lockfile_validator.rb        # Validate lockfile consistency
├── bundler_integration.rb       # Auto-integration with Bundler
├── hooks.rb                     # Extension installation
└── plugin.rb                    # Main plugin entry point

Architecture

The plugin uses module prepending to minimally monkey-patch Bundler:

• Bundler::Dsl ← DslExtension (adds namespace macro)
• Bundler::Dependency ← DependencyExtension (tracks namespaces)
• Bundler::Source::Rubygems ← SourceRubygemsExtension (namespace-aware lookups)
• Bundler::Resolver ← ResolverExtension (namespace-aware resolution)
• Bundler::RemoteSpecification ← SpecificationExtension (namespace tracking)
• Bundler::LazySpecification ← SpecificationExtension (namespace tracking)

Use Cases

Enterprise Internal Gems

source "https://gems.mycompany.com" do
  namespace :platform_team do
    gem "core-services", "~> 3.0"
    gem "monitoring-toolkit"
  end

  namespace :security_team do
    gem "core-services", "~> 2.5"  # Legacy compatibility
    gem "security-scanner"
  end
end

Testing Forked Gems

source "https://rubygems.org" do
  namespace :myorganization do
    gem "rails", github: "myorganization/rails", branch: "custom-patches"
  end
end

Multi-Tenant Applications

source "https://gems.saas-platform.com" do
  namespace :tenant_a do
    gem "custom-theme", "~> 1.0"
  end

  namespace :tenant_b do
    gem "custom-theme", "~> 2.0"
  end
end

Troubleshooting

Namespace Not Being Applied

1. Check if source supports namespaces
2. Enable warnings: bundle config set namespace.warn_on_missing true
3. Check bundle-namespace-lock.yaml was generated

Lockfile Validation Errors

# Validate manually
bundle exec ruby -r bundle/namespace -e "
  parser = Bundle::Namespace::LockfileParser.new
  validator = Bundle::Namespace::LockfileValidator.new(parser)
  validator.validate!
  validator.report
"

Reset Namespace Information

# Remove namespace lockfile
rm bundle-namespace-lock.yaml

# Clear registry (in Ruby)
Bundle::Namespace::Registry.clear!

🦷 FLOSS Funding

While pboling tools are free software and will always be, the project would benefit immensely from some funding. Raising a monthly budget of... "dollars" would make the project more sustainable.

We welcome both individual and corporate sponsors! We also offer a wide array of funding channels to account for your preferences (although currently Open Collective is our preferred funding platform).

If you're working in a company that's making significant use of pboling tools we'd appreciate it if you suggest to your company to become a pboling sponsor.

You can support the development of pboling tools via GitHub Sponsors, Liberapay, PayPal, Open Collective and Tidelift.

📍 NOTE
If doing a sponsorship in the form of donation is problematic for your company from an accounting standpoint, we'd recommend the use of Tidelift, where you can get a support-like subscription instead.

Open Collective for Individuals

Support us with a monthly donation and help us continue our activities. [Become a backer]

NOTE: kettle-readme-backers updates this list every day, automatically.

No backers yet. Be the first!

Open Collective for Organizations

Become a sponsor and get your logo on our README on GitHub with a link to your site. [Become a sponsor]

NOTE: kettle-readme-backers updates this list every day, automatically.

No sponsors yet. Be the first!

Another way to support open-source

How wonderful it is that nobody need wait a single moment before starting to improve the world.
—Anne Frank

I’m driven by a passion to foster a thriving open-source community – a space where people can tackle complex problems, no matter how small. Revitalizing libraries that have fallen into disrepair, and building new libraries focused on solving real-world challenges, are my passions — totaling 79 hours of FLOSS coding over just the past seven days, a pretty regular week for me. I was recently affected by layoffs, and the tech jobs market is unwelcoming. I’m reaching out here because your support would significantly aid my efforts to provide for my family, and my farm (11 🐔 chickens, 2 🐶 dogs, 3 🐰 rabbits, 8 🐈‍ cats).

If you work at a company that uses my work, please encourage them to support me as a corporate sponsor. My work on gems you use might show up in bundle fund.

I’m developing a new library, floss_funding, designed to empower open-source developers like myself to get paid for the work we do, in a sustainable way. Please give it a look.

Floss-Funding.dev: 👉️ No network calls. 👉️ No tracking. 👉️ No oversight. 👉️ Minimal crypto hashing. 💡 Easily disabled nags

🔐 Security

See SECURITY.md.

🤝 Contributing

If you need some ideas of where to help, you could work on adding more code coverage, or if it is already 💯 (see below) check reek, issues, or PRs, or use the gem and think about how it could be better.

We so if you make changes, remember to update it.

See CONTRIBUTING.md for more detailed instructions.

🚀 Release Instructions

See CONTRIBUTING.md.

Code Coverage

🪇 Code of Conduct

Everyone interacting with this project's codebases, issue trackers, chat rooms and mailing lists agrees to follow the .

🌈 Contributors

Made with contributors-img.

Also see GitLab Contributors: https://gitlab.com/galtzo-floss/bundle-namespace/-/graphs/main

⭐️ Star History

📌 Versioning

This Library adheres to . Violations of this scheme should be reported as bugs. Specifically, if a minor or patch version is released that breaks backward compatibility, a new version should be immediately released that restores compatibility. Breaking changes to the public API will only be introduced with new major versions.

dropping support for a platform is both obviously and objectively a breaking change
—Jordan Harband (@ljharb, maintainer of SemVer) in SemVer issue 716

I understand that policy doesn't work universally ("exceptions to every rule!"), but it is the policy here. As such, in many cases it is good to specify a dependency on this library using the Pessimistic Version Constraint with two digits of precision.

For example:

spec.add_dependency("bundle-namespace", "~> 1.0")

📌 Is "Platform Support" part of the public API? More details inside.

SemVer should, IMO, but doesn't explicitly, say that dropping support for specific Platforms is a breaking change to an API. It is obvious to many, but not all, and since the spec is silent, the bike shedding is endless.

To get a better understanding of how SemVer is intended to work over a project's lifetime, read this article from the creator of SemVer:

• "Major Version Numbers are Not Sacred"

See CHANGELOG.md for a list of releases.

📄 License

The gem is available as open source under the terms of the MIT License . See LICENSE.txt for the official Copyright Notice.

© Copyright

• Copyright (c) 2023, 2025 Peter H. Boling, of Galtzo.com , and bundle-namespace contributors.

🤑 A request for help

Maintainers have teeth and need to pay their dentists. After getting laid off in an RIF in March and filled with many dozens of rejections, I'm now spending ~60+ hours a week building open source tools. I'm hoping to be able to pay for my kids' health insurance this month, so if you value the work I am doing, I need your support. Please consider sponsoring me or the project.

To join the community or get help 👇️ Join the Discord.

To say "thanks!" ☝️ Join the Discord or 👇️ send money.

💌 💌 💌

Please give the project a star ⭐ ♥.

Thanks for RTFM. ☺️