Bun v1.0.5

Ashcon Partovi · October 11, 2023

Bun v1.0.5 fixes 41 bugs (addressing 248 👍 reactions), including a memory leak in fetch(), adds KeyObject support in crypto module, bun install can import package-lock.json files, and install peer dependencies. We've also added a bun pm migrate subcommand, and more bugfixes.

Bun is an incredibly fast JavaScript runtime, bundler, transpiler, and package manager — all in one. In case you missed it, here are some of the recent changes to Bun:

v1.0.0 - First stable release!
v1.0.1 - Named imports for .json and .toml files, fixes to bun install, node:path, and Buffer
v1.0.2 - Make --watch faster and lots of bug fixes
v1.0.3 - emitDecoratorMetadata and Nest.js support, fixes for private registries and more
v1.0.4 - server.requestIP, virtual modules in runtime plugins, and more

To install Bun:

curl

npm

brew

docker

curl
curl -fsSL https://bun.sh/install | bash

npm
npm install -g bun

brew
brew tap oven-sh/bun
brew install bun

docker
docker pull oven/bun
docker run --rm --init --ulimit memlock=-1:-1 oven/bun

To upgrade Bun:

bun upgrade

Fixed memory leak with `fetch()`

We fixed a memory leak in Bun caused by responses with gzip/delate encoding not properly being closed. This makes fetch() use less memory and more reliable.

in the next version of Bun

A memory leak impacting fetch() is fixed

left: bun v1.0.4
right: bun v1.0.5 pic.twitter.com/x3dNkPTh5O
— Jarred Sumner (@jarredsumner) October 7, 2023

This fix also reduces the overall memory consumption of fetch().

`KeyObject` support in `node:crypto` module

Bun now supports the KeyObject class in the crypto module, thanks to @cirospaciari. This class is used to represent public and private keys, and is used by various crypto packages which now work, including:

That's because the following crypto APIs are now implemented in Bun:

`expect().toEqualIgnoringWhitespace` in `bun:test`

bun:test gets a new test matcher: toEqualIgnoringWhitespace, thanks to @EladBezalel.

import { expect, test } from "bun:test";

test("it works", () => {
  expect("  hello  ").toEqualIgnoringWhitespace("hello");
});

`bun run --if-present` flag

bun run now has a --if-present flag, which only runs the script if it exists. This is useful for running the same script in many different folders, like workspaces.

bun run --if-present my-script
# runs "my-script" if it exists in package.json "scripts"

Thanks to @Electroid for implementing this.

Import dependencies from `package-lock.json`

If Bun does not detect a bun.lockb file, bun install will now automatically import dependencies from package-lock.json if it exists. This makes it easier to migrate from npm to bun. This preserves the same dependency versions from package-lock.json.

Thanks to @paperdave for implementing this.

`bun pm migrate` subcommand

bun v1.0.5 introduces a new bun pm migrate subcommand.

To use it, run the following command in the same directory as your package-lock.json file:

bun pm migrate

This subcommand converts from an npm package-lock.json file to a bun.lockb file, preserving the same dependency versions from package-lock.json.

You don't typically have to run this command because bun install will automatically run it if it detects a package-lock.json file and no bun.lockb file, but it's useful if you want to migrate from npm to bun without running bun install.

Install peer dependencies

bun install now automatically installs unmet peer dependencies by default. This means that if you install a package that has peer dependencies, Bun will automatically install those peer dependencies if they were not already present. This aligns the behavior of bun install with npm install and pnpm install.

If you don't want this behavior, you can disable it by passing the --no-peer flag to bun install.

You can also disable this behavior by default by adding the following to your bunfig.toml file:

# Disable installing peer dependencies
install.peer = false

Thanks to @dylan-conway for implementing this.

What are peer dependencies?

Peer dependencies are dependencies that are required by a package, but preferred to be installed by the user.

For example, if you install react-router-dom without react, it probably won't work. react-router-dom has react as a peer dependency, which means that it requires react to be installed, but it's preferred that the user installs react themselves so that you can have more control over which version of react is installed. It's a way for a package to say, "I need this library to work, but it should use your version of the dependency instead of mine".

Previously, Bun would not install peer dependencies, which meant that you had to install them yourself. This caused issues where packages would not work out of the box, and you would have to manually install peer dependencies. Now, Bun will automatically install peer dependencies for you.

`"trustedDependencies"` lifecycle scripts bugfix

A bug caused lifecycle scripts from "trustedDependencies" to not be re-run on bun install. This has been fixed, thanks to @Arden144.

Fixed `bun install` bugs

We've been working hard to fix bugs in bun install. Here are some of the bugs we fixed:

#6258 - Fixed issues with workspace dependencies not resolving.
#4066 - Fixed ConnectionRefused errors or scenarios where bun install would take too long.
More support for git dependencies, including git@<url> and bitbucket:<url>.
#6219 - micro-optimization in bun install to open fewer file descriptors.
Fixed a bug where pre-releases would cause the wrong version to be resolved.

Other changes and fixes

#6207 - process.kill() now returns a boolean, to match Node.js. (thanks @Hanaasagi!)
#6042 - bunx now works with Github packages, e.g. bunx github:piuccio/cowsay (thanks @axlEscalada!)
#6259 - Blob.slice sets offset correctly (thanks @Hanaasagi!)
#6074 - TextEncoder.ignoreBOM is now supported (thanks @WingLim!)
bun install now persists relative workspace paths in the bun.lockb file.
bun install now persists trustedDependencies in the bun.lockb file.
The query property in node:url is now an object instead of a URLSearchParams instance, matching Node.js behavior
Exit codes in process.exit can now be > 127, thanks to @liz3.
A bug in node:buffer where positional arguments were incorrectly required has been fixed, thanks to @kitsuned.

New Contributors

Thanks to our 16 new contributors 🎉

@mathiasrw made their first contribution in #6255
@wbjohn made their first contribution in #6256
@jsparkdev made their first contribution in #6222
@kitsuned made their first contribution in #4911
@Pandapip1 made their first contribution in #6298
@panva made their first contribution in #6294
@2hu12 made their first contribution in #6379
@Cadienvan made their first contribution in #6331
@Longju000 made their first contribution in #6291
@babarkhuroo made their first contribution in #6314
@otterDeveloper made their first contribution in #6359
@RaresAil made their first contribution in #6400
@yukulele made their first contribution in #6399
@vthemelis made their first contribution in #6307
@EladBezalel made their first contribution in #6293
@Arden144 made their first contribution in #6376

To view the full list of changes, check out the Bun changelog.