Skip to main content
bun install creates a lockfile called bun.lock.

Should it be committed to git?

Yes

Generate a lockfile without installing?

To generate a lockfile without installing to node_modules, use the --lockfile-only flag. The lockfile is always saved to disk, even if it is already up to date with your project’s package.json(s).
terminal
bun install --lockfile-only
--lockfile-only still populates the global install cache with registry metadata and git/tarball dependencies.

Can I opt out?

To install without creating a lockfile:
terminal
bun install --no-save
To write a Yarn lockfile in addition to bun.lock: 
bun install --yarn

Text-based lockfile

Bun v1.2 changed the default lockfile format to the text-based bun.lock. To migrate an existing binary bun.lockb, run bun install --save-text-lockfile --frozen-lockfile --lockfile-only and delete bun.lockb. For more on the format, see the blog post.

Automatic lockfile migration

When running bun install in a project without a bun.lock, Bun automatically migrates existing lockfiles:
  • yarn.lock (v1)
  • package-lock.json (npm)
  • pnpm-lock.yaml (pnpm)
The original lockfile is preserved and can be removed manually after verification.