Bun

Lockfile

Running bun install will create a binary lockfile called bun.lockb.

Why is it binary?

In a word: Performance. Bun’s lockfile saves & loads incredibly quickly, and saves a lot more data than what is typically inside lockfiles.

How do I inspect Bun's lockfile?

Run bun install -y to generate a Yarn-compatible yarn.lock (v1) that can be inspected more easily.

How do I git diff Bun's lockfile?

Add the following to your local or global .gitattributes file:

*.lockb binary diff=lockb

Then add the following to you local git config with:

git config diff.lockb.textconv bun
git config diff.lockb.binary true

Or to your global git config (system-wide) with the --global option:

git config --global diff.lockb.textconv bun
git config --global diff.lockb.binary true

Why this works:

  • textconv tells git to run bun on the file before diffing
  • binary tells git to treat the file as binary (so it doesn't try to diff it line-by-line)

Running bun on a lockfile will print a human-readable diff. So we just need to tell git to run bun on the lockfile before diffing it.

Platform-specific dependencies?

Bun stores normalized cpu and os values from npm in the lockfile, along with the resolved packages. It skips downloading, extracting, and installing packages disabled for the current target at runtime. This means the lockfile won’t change between platforms/architectures even if the packages ultimately installed do change.

What does Bun's lockfile store?

Packages, metadata for those packages, the hoisted install order, dependencies for each package, what packages those dependencies resolved to, an integrity hash (if available), what each package was resolved to, and which version (or equivalent).

Why is Bun's lockfile fast?

It uses linear arrays for all data. Packages are referenced by an auto-incrementing integer ID or a hash of the package name. Strings longer than 8 characters are de-duplicated. Prior to saving on disk, the lockfile is garbage-collected & made deterministic by walking the package tree and cloning the packages in dependency order.

Can I opt out?

To install without creating a lockfile:

bun install --no-save

To install a Yarn lockfile in addition to bun.lockb.

CLI flag
bunfig.toml
CLI flag
bun install --yarn
bunfig.toml
[install.lockfile]
# whether to save a non-Bun lockfile alongside bun.lockb
# only "yarn" is supported
print = "yarn"

Configuring lockfile