BuildDocsReferenceGuidesBlog
Discord logo
Discord
GitHub logo

Intro

What is Bun?

Installation

Quickstart

TypeScript

Templating

bun init

bun create

Runtime

bun run

File types

TypeScript

JSX

Environment variables

Bun APIs

Web APIs

Node.js compatibility

Single-file executable

Plugins

Watch mode

Module resolution

Auto-install

bunfig.toml

Debugger

Framework APISOON

Package manager

bun install

bun add

bun remove

bun update

bun publish

bun outdated

bun link

bun pm

bun why

Global cache

Isolated installs

Workspaces

Catalogs

Lifecycle scripts

Filter

Lockfile

Scopes and registries

Overrides and resolutions

Patch dependencies

Audit dependencies

.npmrc support

Security Scanner API

Bundler

Bun.build

HTML & static sites

CSS

Fullstack Dev Server

Hot reloading

Loaders

Plugins

Macros

vs esbuild

Test runner

bun test

Writing tests

Watch mode

Lifecycle hooks

Mocks

Snapshots

Dates and times

Code coverage

Test reporters

Test configuration

Runtime behavior

Finding tests

DOM testing

Package runner

bunx

API

HTTP server

HTTP client

WebSockets

Workers

Binary data

Streams

SQL

S3 Object Storage

File I/O

Redis client

import.meta

SQLite

FileSystemRouter

TCP sockets

UDP sockets

Globals

$ Shell

Child processes

YAML

HTMLRewriter

Hashing

Console

Cookie

FFI

C Compiler

Testing

Utils

Node-API

Glob

DNS

Semver

Color

Transpiler

Project

Roadmap

Benchmarking

Contributing

Building Windows

Bindgen

License

Bun

bun install

The bun CLI contains a Node.js-compatible package manager designed to be a dramatically faster replacement for npm, yarn, and pnpm. It's a standalone tool that will work in pre-existing Node.js projects; if your project has a package.json, bun install can help you speed up your workflow.

⚡️ 25x faster — Switch from npm install to bun install in any Node.js project to make your installations up to 25x faster.

For Linux users

To install all dependencies of a project:

bun install

Running bun install will:

  • Install all dependencies, devDependencies, and optionalDependencies. Bun will install peerDependencies by default.
  • Run your project's {pre|post}install and {pre|post}prepare scripts at the appropriate time. For security reasons Bun does not execute lifecycle scripts of installed dependencies.
  • Write a bun.lock lockfile to the project root.

Logging

To modify logging verbosity:

bun install --verbose # debug logging
bun install --silent  # no logging

Lifecycle scripts

Unlike other npm clients, Bun does not execute arbitrary lifecycle scripts like postinstall for installed dependencies. Executing arbitrary scripts represents a potential security risk.

To tell Bun to allow lifecycle scripts for a particular package, add the package to trustedDependencies in your package.json.

{
  "name": "my-app",
  "version": "1.0.0",
  "trustedDependencies": ["my-trusted-package"]
}

Then re-install the package. Bun will read this field and run lifecycle scripts for my-trusted-package.

Lifecycle scripts will run in parallel during installation. To adjust the maximum number of concurrent scripts, use the --concurrent-scripts flag. The default is two times the reported cpu count or GOMAXPROCS.

bun install --concurrent-scripts 5

Workspaces

Bun supports "workspaces" in package.json. For complete documentation refer to Package manager > Workspaces.

package.json
{
  "name": "my-app",
  "version": "1.0.0",
  "workspaces": ["packages/*"],
  "dependencies": {
    "preact": "^10.5.13"
  }
}

Installing dependencies for specific packages

In a monorepo, you can install the dependencies for a subset of packages using the --filter flag.

# Install dependencies for all workspaces except `pkg-c`
bun install --filter '!pkg-c'

# Install dependencies for only `pkg-a` in `./packages/pkg-a`
bun install --filter './packages/pkg-a'

For more information on filtering with bun install, refer to Package Manager > Filtering

Overrides and resolutions

Bun supports npm's "overrides" and Yarn's "resolutions" in package.json. These are mechanisms for specifying a version range for metadependencies—the dependencies of your dependencies. Refer to Package manager > Overrides and resolutions for complete documentation.

package.json
{
  "name": "my-app",
  "dependencies": {
    "foo": "^2.0.0"
  },
  "overrides": {
    "bar": "~4.4.0"
  }
}

Global packages

To install a package globally, use the -g/--global flag. Typically this is used for installing command-line tools.

bun install --global cowsay # or `bun install -g cowsay`
cowsay "Bun!"
 ______
< Bun! >
 ------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||

Production mode

To install in production mode (i.e. without devDependencies or optionalDependencies):

bun install --production

For reproducible installs, use --frozen-lockfile. This will install the exact versions of each package specified in the lockfile. If your package.json disagrees with bun.lock, Bun will exit with an error. The lockfile will not be updated.

bun install --frozen-lockfile

For more information on Bun's lockfile bun.lock, refer to Package manager > Lockfile.

Omitting dependencies

To omit dev, peer, or optional dependencies use the --omit flag.

# Exclude "devDependencies" from the installation. This will apply to the
# root package and workspaces if they exist. Transitive dependencies will
# not have "devDependencies".
bun install --omit dev

# Install only dependencies from "dependencies"
bun install --omit=dev --omit=peer --omit=optional

Dry run

To perform a dry run (i.e. don't actually install anything):

bun install --dry-run

Non-npm dependencies

Bun supports installing dependencies from Git, GitHub, and local or remotely-hosted tarballs. For complete documentation refer to Package manager > Git, GitHub, and tarball dependencies.

package.json
{
  "dependencies": {
    "dayjs": "git+https://github.com/iamkun/dayjs.git",
    "lodash": "git+ssh://github.com/lodash/lodash.git#4.17.21",
    "moment": "git@github.com:moment/moment.git",
    "zod": "github:colinhacks/zod",
    "react": "https://registry.npmjs.org/react/-/react-18.2.0.tgz",
    "bun-types": "npm:@types/bun"
  }
}

Installation strategies

Bun supports two package installation strategies that determine how dependencies are organized in node_modules:

Hoisted installs (default for single projects)

The traditional npm/Yarn approach that flattens dependencies into a shared node_modules directory:

bun install --linker hoisted

Isolated installs

A pnpm-like approach that creates strict dependency isolation to prevent phantom dependencies:

bun install --linker isolated

Isolated installs create a central package store in node_modules/.bun/ with symlinks in the top-level node_modules. This ensures packages can only access their declared dependencies.

For complete documentation on isolated installs, refer to Package manager > Isolated installs.

Configuration

The default behavior of bun install can be configured in bunfig.toml. The default values are shown below.

[install]

# whether to install optionalDependencies
optional = true

# whether to install devDependencies
dev = true

# whether to install peerDependencies
peer = true

# equivalent to `--production` flag
production = false

# equivalent to `--save-text-lockfile` flag
saveTextLockfile = false

# equivalent to `--frozen-lockfile` flag
frozenLockfile = false

# equivalent to `--dry-run` flag
dryRun = false

# equivalent to `--concurrent-scripts` flag
concurrentScripts = 16 # (cpu count or GOMAXPROCS) x2

# installation strategy: "hoisted" or "isolated"
# default: "hoisted"
linker = "hoisted"

CI/CD

Use the official oven-sh/setup-bun action to install bun in a GitHub Actions pipeline:

.github/workflows/release.yml
name: bun-types
jobs:
  build:
    name: build-app
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repo
        uses: actions/checkout@v4
      - name: Install bun
        uses: oven-sh/setup-bun@v2
      - name: Install dependencies
        run: bun install
      - name: Build app
        run: bun run build

For CI/CD environments that want to enforce reproducible builds, use bun ci to fail the build if the package.json is out of sync with the lockfile:

bun ci

This is equivalent to bun install --frozen-lockfile. It installs exact versions from bun.lock and fails if package.json doesn't match the lockfile. To use bun ci or bun install --frozen-lockfile, you must commit bun.lock to version control.

And instead of running bun install, run bun ci.

.github/workflows/release.yml
name: bun-types
jobs:
  build:
    name: build-app
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repo
        uses: actions/checkout@v4
      - name: Install bun
        uses: oven-sh/setup-bun@v2
      - name: Install dependencies
        run: bun ci
      - name: Build app
        run: bun run build

CLI Usage

$bun install <name>@<version>

Flags

General Configuration

-c,--config=<val>
Specify path to config file (bunfig.toml)
--cwd=<val>
Set a specific cwd

Dependency Scope & Management

-p,--production
Don't install devDependencies
--no-save
Don't update package.json or save a lockfile
--save
Save to package.json (true by default)
--omit=<val>
Exclude 'dev', 'optional', or 'peer' dependencies from install
--only-missing
Only add dependencies to package.json if they are not already present

Dependency Type & Versioning

-d,--dev
Add dependency to "devDependencies"
--optional
Add dependency to "optionalDependencies"
--peer
Add dependency to "peerDependencies"
-E,--exact
Add the exact version instead of the ^range

Lockfile Control

-y,--yarn
Write a yarn.lock file (yarn v1)
--frozen-lockfile
Disallow changes to lockfile
--save-text-lockfile
Save a text-based lockfile
--lockfile-only
Generate a lockfile without installing dependencies

Network & Registry Settings

--ca=<val>
Provide a Certificate Authority signing certificate
--cafile=<val>
The same as `--ca`, but is a file path to the certificate
--registry=<val>
Use a specific registry by default, overriding .npmrc, bunfig.toml and environment variables

Installation Process Control

--dry-run
Don't install anything
-f,--force
Always request the latest versions from the registry & reinstall all dependencies
-g,--global
Install globally
--backend=<val>
Platform-specific optimizations for installing dependencies. Possible values: "clonefile" (default), "hardlink", "symlink", "copyfile"
--filter=<val>
Install packages for the matching workspaces
-a,--analyze
Analyze & install all dependencies of files passed as arguments recursively (using Bun's bundler)

Caching Options

--cache-dir=<val>
Store & load cached data from a specific directory path
--no-cache
Ignore manifest cache entirely

Output & Logging

--silent
Don't log anything
--verbose
Excessively verbose logging
--no-progress
Disable the progress bar
--no-summary
Don't print a summary

Security & Integrity

--no-verify
Skip verifying integrity of newly downloaded packages
--trust
Add to trustedDependencies in the project's package.json and install the package(s)

Concurrency & Performance

--concurrent-scripts=<val>
Maximum number of concurrent jobs for lifecycle scripts (default 5)
--network-concurrency=<val>
Maximum number of concurrent network requests (default 48)

Lifecycle Script Management

--ignore-scripts
Skip lifecycle scripts in the project's package.json (dependency scripts are never run)

Help Information

-h,--help
Print this help menu

Examples

Install the dependencies for the current project
bun install
Skip devDependencies
bun install --production
Full documentation is available at https://bun.sh/docs/cli/install.

Previous

Debugger

Next

bun add

GitHub logo

Edit on GitHub