bun add – Package manager

To add a particular package:

bun add preact

To specify a version, version range, or tag:

bun add zod@3.20.0
bun add zod@^3.0.0
bun add zod@latest

`--dev`

Alias — --development, -d, -D

To add a package as a dev dependency ("devDependencies"):

bun add --dev @types/react
bun add -d @types/react

`--optional`

To add a package as an optional dependency ("optionalDependencies"):

bun add --optional lodash

To add a package and pin to the resolved version, use --exact. This will resolve the version of the package and add it to your package.json with an exact version number instead of a version range.

bun add react --exact
bun add react -E

This will add the following to your package.json:

{
  "dependencies": {
    // without --exact
    "react": "^18.2.0", // this matches >= 18.2.0 < 19.0.0

    // with --exact
    "react": "18.2.0" // this matches only 18.2.0 exactly
  }
}

To view a complete list of options for this command:

bun add --help

`--global`

Note — This would not modify package.json of your current project folder. Alias - bun add --global, bun add -g, bun install --global and bun install -g

To install a package globally, use the -g/--global flag. This will not modify the package.json of your current project. Typically this is used for installing command-line tools.

bun add --global cowsay # or `bun add -g cowsay`
cowsay "Bun!"
 ______
< Bun! >
 ------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||

Configuring global installation behavior

[install]
# where `bun add --global` installs packages
globalDir = "~/.bun/install/global"

# where globally-installed package bins are linked
globalBinDir = "~/.bun/bin"

Trusted dependencies

Unlike other npm clients, Bun does not execute arbitrary lifecycle scripts for installed dependencies, such as postinstall. These scripts represent a potential security risk, as they can execute arbitrary code on your machine.

To tell Bun to allow lifecycle scripts for a particular package, add the package to trustedDependencies in your package.json.

{
  "name": "my-app",
  "version": "1.0.0",
  "trustedDependencies": ["my-trusted-package"]
}

Bun reads this field and will run lifecycle scripts for my-trusted-package.

Git dependencies

To add a dependency from a public or private git repository:

bun add git@github.com:moment/moment.git

Note — To install private repositories, your system needs the appropriate SSH credentials to access the repository.

Bun supports a variety of protocols, including github, git, git+ssh, git+https, and many more.

{
  "dependencies": {
    "dayjs": "git+https://github.com/iamkun/dayjs.git",
    "lodash": "git+ssh://github.com/lodash/lodash.git#4.17.21",
    "moment": "git@github.com:moment/moment.git",
    "zod": "github:colinhacks/zod"
  }
}

Tarball dependencies

A package name can correspond to a publicly hosted .tgz file. During installation, Bun will download and install the package from the specified tarball URL, rather than from the package registry.

bun add zod@https://registry.npmjs.org/zod/-/zod-3.21.4.tgz

This will add the following line to your package.json:

package.json
{
  "dependencies": {
    "zod": "https://registry.npmjs.org/zod/-/zod-3.21.4.tgz"
  }
}

`bun add`

`--dev`

`--optional`

`--exact`

`--global`

Trusted dependencies

Git dependencies

Tarball dependencies