BuildDocsReferenceGuidesBlog
Discord logo
Discord
GitHub logo
NSecurity
Bun

namespace

Security

namespace Security

bun install security related declarations

  • interface Advisory

    Advisory represents the result of a security scan result of a package

    • description: null | string

      If available, this is a brief description of the advisory that Bun will print to the user.

    • level: 'warn' | 'fatal'

      Level represents the degree of danger for a security advisory

      Bun behaves differently depending on the values returned from the scan() hook:

      In any case, Bun always pretty prints all the advisories, but...

      → if any fatal, Bun will immediately cancel the installation and quit with a non-zero exit code

      → else if any warn, Bun will either ask the user if they'd like to continue with the install if in a TTY environment, or immediately exit if not.

    • package: string

      The name of the package attempting to be installed.

    • url: null | string

      If available, this is a url linking to a CVE or report online so users can learn more about the advisory.

  • interface Package

    • name: string

      The name of the package

    • requestedRange: string

      The range that was requested by the command

      This could be a tag like beta or a semver range like >=4.0.0

    • tarball: string

      The URL of the tgz of this package that Bun will download

    • version: string

      The resolved version to be installed that matches the requested range.

      This is the exact version string, not a range.

  • interface Scanner

    • scan: (info: { packages: Package[] }) => Promise<Advisory[]>

      Perform an advisory check when a user ran bun add <package> [...packages] or other related/similar commands.

      If this function throws an error, Bun will immediately stop the install process and print the error to the user.

    • version: '1'

      This is the version of the scanner implementation. It may change in future versions, so we will use this version to discriminate between such versions. It's entirely possible this API changes in the future so much that version 1 would no longer be supported.

      The version is required because third-party scanner package versions are inherently unrelated to Bun versions