Bun

Bun v1.1.34

Dylan Conway · November 2, 2024

We're hiring systems engineers in San Francisco to build the future of JavaScript!

This release fixes 64 bugs (addressing 62 👍). It introduces Bun.randomUUIDv7, reduced memory usage for long-running processes, napi_type_tag_object and napi_check_object_type_tag, redacted secrets from config logs, ReadableStream and HTTP/1.1 spec fixes, and several bun install and Node.js compatibility improvements.

To install Bun

curl
npm
powershell
scoop
brew
docker
curl
curl -fsSL https://bun.sh/install | bash
npm
npm install -g bun
powershell
powershell -c "irm bun.sh/install.ps1|iex"
scoop
scoop install bun
brew
brew tap oven-sh/bun
brew install bun
docker
docker pull oven/bun
docker run --rm --init --ulimit memlock=-1:-1 oven/bun

To upgrade Bun

bun upgrade

New: Bun.randomUUIDv7()

Bun.randomUUIDv7() returns a UUID v7, a monotonic UUID suitable for sorting and databases.

index.ts
import { randomUUIDv7 } from "bun";
const id = randomUUIDv7();
// => "0192ce11-26d5-7dc3-9305-1426de888c5a"

Long-running processes use less memory

While your application sleeps in the event loop, the garbage collector runs and frees more memory. This reduces memory usage for long-running processes.

Sample code

napi_type_tag_object and napi_check_object_type_tag

Bun v1.1.34 adds Node-API support for napi_type_tag_object and napi_check_object_type_tag. These functions allow associating a type tag with objects, and unblocks the tree-sitter package.

Implemented thanks to @190n!

Redacted secrets in bunfig.toml and .npmrc logs

Bun will now redact secrets that appear in bunfig.toml and .npmrc logs for syntax errors or invalid configurations. UUIDs, npm secret tokens, url passwords, and values following _auth, _authToken, email, _password, and token will be replaced with *.

bunfig.toml
[registry]
a = { b = "http://user:pass@site.org", ; token = "ooops" }

$ bun install
- 2 | a = { b = "http://user:pass@site.org", ; token = "ooops" }
+ 2 | a = { b = "http://user:****@site.org", ; token = "*****" }
                                           ^
error: Unexpected semicolon
    at /path/to/bunfig.toml:2:40

SyntaxError: failed to load bunfig

Thanks to @dylan-conway!

Inline process.versions.bun in bun build --compile

When you use bun build --compile, Bun will now inline usages of process.versions.bun.

This means that the following code can be used to statically load node native addons when using bun build --compile:

const bindings =
  typeof process.versions.bun === "string"
    ? // `bun build --compile` will bundle the prebuilt .node file into the standalone build
      require(`./preload/${process.platform}-${process.arch}/my-addon.node`) // -> ./preload/linux-x64/my-addon.node
    : // Otherwise, use node-gyp-build to resolve the .node file at runtime
      require("node-gyp-build")(
        path.join(
          __dirname,
          `${process.platform}-${process.arch}`,
          `my-addon.node`,
        ),
      );

Thanks to @youennf!

Bugfixes

Fixed: ReadableStream spec updates

We've updated our ReadableStream implementation based on WebKit's upstream changes, fixing several spec issues including:

  • An error on piped ReadableStream could lead to an unhandled promise rejection
  • pipeThrough and pipeTo promises were not marked as handled
  • An error in a ReadableStream was rejecting closed promises before erroring read promises
  • ReadableStreamDefaultReader.releaseLock was rejecting pending read promises

Thanks to @pfgithub and @youennf (via WebKit) for the important fixes!

Fixed: bun install failing with patchedDependencies and bin fields

A bug causing patched dependencies to fail to install when package.json also contained a bin field has been fixed. Now, both can exist in package.json and patches will be applied correctly.

package.json
{
    "name": "pkg",
    "version": "1.0.0",
    "bin": "pkg.js",
    "dependencies": {
        "zod": "3.23.8"
    },
    "patchedDependencies": {
        "zod@3.23.8": "patches/zod@3.23.8.patch"
    }
}

Fixed thanks to @dylan-conway!

Fixed: Migrating package-lock.json with dependency on the root package

Given the following package.json:

package.json
{
    "name": "root-dep",
    "dependencies": {
        // becomes `./node_modules/root-dep`, a symlink to the root package
        "root-dep": "."
    }
}

npm will generate a package-lock.json with two packages: one for the root package and one for the dependency on the root package. The root package dependency will have a resolved value of an empty string. When migrating package.jsons with this structure, Bun would panic because a root dependency of this kind was not expected.

Fixed thanks to @dylan-conway!

Fixed: Multiple output files without an outdir in Bun.build

A bug was fixed where calling Bun.build with multiple output files and no outdir would fail with a message saying an output directory was required. Bun.build defaults to an in-memory build when outdir is undefined, so this error was incorrect. Now, Bun.build will create a build with multiple output files in-memory without error.

build.ts
const result = await Bun.build({
    entrypoints: ["main.ts", "index.html"],
})

for (const output of result.outputs) {
    console.log(output.path);
}
// "./main.js"
// "./index.js"
// "./index-7qpw8w4s.html"

Fixed thanks to @BjornTheProgrammer!

Fixed: Amazon Linux 2 regression

A regression in Bun v1.1.33 where Amazon Linux 2 was no longer supported has been fixed.

The bug was caused by depending on the libc powf function, which used a later version of glibc than Amazon Linux 2 supported. We have added a regression test that ensures we don't add dependencies on symbols that are not available in glibc versions 2.27. This bug also impacted Vercel builds when using their Node.js v18 image.

Fixed: bun:sqlite regression on arm64 Linux with glibc-compat

A regression where using bun:sqlite via glibc inside of alpine linux on Linux would lead to a crash has been fixed.

Added: node:net Socket's bytesWritten property

The bytesWritten property on node:net Socket objects is now correctly implemented, thanks to @cirospaciari.

This also makes the encoding option in net.Socket consistent with Node.js' behavior.

Fixed: node:fs' options parsing with "encoding" option

The encoding option in node:fs was not being parsed correctly in certain node:fs functions. This led to throwing errors when Node does not throw them. This has been fixed.

Fixed: Potential crash when appending a FormData from a File object created from another File

A bug where appending a FormData from a Web File object created from another File could cause a crash in certain cases has been fixed. This impacted the OpenAI package.

Fixed: napi property methods on non-objects

Node-API functions support calling methods on primitive values like string literals and numbers. This is consistent with JavaScript (like "foo".slice()), but in native code, to improve performance, the underlying implementation treats these values differently than in JavaScript.

A bug where we were throwing an error when calling Node-API functions like String.prototype.slice or Number.prototype.toFixed on non-objects has been fixed, thanks to @190n.

Fixed: TextEncoder.encode(undefined) incorrect result

TextEncoder.encode() stringifies input, unless the input is undefined. Bun was incorrectly including undefined in the string conversion, where it should have returned an empty Uint8Array.

index.js
const encoder = new TextEncoder();
console.log(encoder.encode());
// Before:       Uint8Array(9) [ 117, 110, 100, 101, 102, 105, 110, 101, 100 ]
// Bun v1.1.34:  Uint8Array(0) []

Fixed thanks to @dylan-conway!

Fixed: Crash in Error.prepareStackTrace argument conversion

A bug was fixed where calling Error.prepareStackTrace() with an array of non-CallSite values would crash. Now, values are stringified for the error stack trace as expected.

index.js
const result = Error.prepareStackTrace(new Error("oops"), [{ a: 1 }]);
console.log(result);
// Error: oops
//     at [object Object]

Fixed: Several HTTP spec issues

Our uWebSockets dependency was updated and added additional HTTP/1.1 spec compliance tests, addressing several HTTP spec issues involving invalid headers.

Thanks to Alex Hultman for the important fix!

Fixed: EventEmitter.name

A bug was fixed where EventEmitter.name was set to EventEmitter2 instead of EventEmitter.

index.js
import { EventEmitter } from "events";
console.log(EventEmitter.name);
// Before:         EventEmitter2
// Bun v1.1.34:    EventEmitter

Fixed: additional arguments escaping with package.json scripts

Arguments were not being escaped correctly when passed to a script in package.json. This has been fixed thanks to @pfgithub!

Given the following package.json:

package.json
{
    "scripts": {
        "args": "echo"
    }
}

bun run args \$HOME would previously print /path/to/home instead of $HOME.

Improved: Removed warning for unused registry options in .npmrc

Previously, Bun would print a warning if an option from npmrc was set for a registry other than the default registry (set with registry=<...>). We've removed this warning, as it was unnecessary.

Thanks to @dylan-conway!

Improved: package.json formatting with first dependency from bun add

When adding the first dependency to dependencies with bun add/install/update, the resulting package.json will now have nicer formatting.

bun add jquery@4.0.0-beta.2
package.json
{
    "name": "dependency-formatting",
    "dependencies": {
        "jquery": "4.0.0-beta.2"
    },
    "dependencies": { "jquery": "4.0.0-beta.2" }
}

Thanks to @nektro!

Improved: bun install -g <package> will not link transitive binaries

Installing a package globally will no longer link binaries from transitive dependencies to the global bin directory. This will prevent placing unexpected binaries in PATH.

Thanks to @dylan-conway!

Thanks to 14 contributors!

Bun v1.1.33