bun
Version: 1.3.14Incredibly fast JavaScript runtime, bundler, test runner, and package manager – all in one
What is "bun"?
Incredibly fast JavaScript runtime, bundler, test runner, and package manager – all in one
How to use this package
Quick install
Installs the package into the current environment for this session. Use --build or --runtime to persist it as a build-time or runtime dependency.
min add bun Declare as a task dependency in minimal.toml
Listing the package under tasks.<name>.packages makes it available inside that task’s sandbox.
[tasks.dev]
packages = ["bun"] Build-time vs runtime
Choose build-time for tools needed during compilation, runtime for dynamic libraries loaded at runtime.
min add --build bun
min add --runtime bun Dependencies (18)
| Name | Version | Kind |
|---|---|---|
| automake | 1.18.1 | build |
| base | — | build |
| cmake | 4.2.7 | build |
| curl | 8.21.0 | build |
| git | 2.55.0 | build + runtime |
| glibc CVE:5 | 2.43 | runtime |
| go | 1.26.4 | build |
| libtool | 2.5.4 | build |
| llvm | 21.1.8 | build |
| make | 4.4.1 | build |
| ninja | 1.13.2 | build |
| perl | 5.42.2 | build |
| pkgconf | 2.5.1 | build |
| python CVE:7 | 3.14.6 | build |
| ruby | 4.0.5 | build |
| rust | 1.95.0 | build |
| toolchain | — | build |
| unzip CVE:1 | 6.0 | build |
Dependency changes
Loading diff…
Could not load the dependency diff for one of the selected versions. Try again.
No dependency changes
The two selected versions have identical direct dependencies.
| Name | Version | Kind |
|---|
-
- Lines: +1 Deps: 18Released:
- Lines: +13 / -6 Deps: 18Released:
-
-
- Lines: -1 Deps: 17Released:
- Lines: +3 / -1 Deps: 17Released:
- Lines: +1 Deps: 17Released:
- Lines: +114 / -8 Deps: 17 ( +14 )Released:
- Lines: +2 / -2 Deps: 3Released:
-
-
- Lines: +1 / -1 Deps: 3Released:
- Lines: +1 / -1 Deps: 3Released:
- Lines: +5 Deps: 3Released:
- Lines: +4 Deps: 3Released:
- Lines: +54 Deps: 3 ( +3 )Released:
-
No direct advisories
This package inherits 21 transitive advisories from its dependencies.
Showing 21 transitive advisories via bun's dependencies
No advisories match the current filters.
| Critical ( 1 ) | ||||||
| Status | IDs | Package | Severity | |||
|---|---|---|---|---|---|---|
| Under investigation | glibc | Critical: 9.8 | ||||
Summaryscanf %mc off-by-one heap buffer overflow ViaAffected ranges2.42 – 2.43 CVSS vectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References
| ||||||
| High ( 4 ) | ||||||
| Status | IDs | Package | Severity | |||
| Under investigation | glibc | High: 7.5 | ||||
SummaryPotential buffer under-read in ungetwc ViaAffected ranges2.42 – 2.43 CVSS vectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | ||||||
| Under investigation | glibc | High: 7.5 | ||||
Summaryiconv crash due to assertion failure with untrusted input ViaAffected ranges2.42 – 2.43 CVSS vectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References
| ||||||
| Under investigation | glibc | High: 7.5 | ||||
Summarygethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response ViaAffected ranges2.42 – 2.43 CVSS vectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | ||||||
| Fix unavailable | pcre2 | High | ||||
SummaryHeap-buffer-overflow in pcre2_compile_32 Affected ranges10.47 References | ||||||
| Medium ( 14 ) | ||||||
| Status | IDs | Package | Severity | |||
| Resolved in R.2.8.2 | expat | Medium: 4.9 | ||||
SummaryNo summary published for this advisory. Affected rangesR.2.8.0 – R.2.8.1, fixed in R.2.8.2 Fixed inR.2.8.2 CVSS vectorCVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L | ||||||
| Resolved in R.2.8.2 | expat | Medium: 6.9 | ||||
SummaryNo summary published for this advisory. Affected rangesR.2.8.0 – R.2.8.1, fixed in R.2.8.2 Fixed inR.2.8.2 CVSS vectorCVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L | ||||||
| Resolved in R.2.8.2 | expat | Medium: 6.9 | ||||
SummaryNo summary published for this advisory. Affected rangesR.2.8.0 – R.2.8.1, fixed in R.2.8.2 Fixed inR.2.8.2 CVSS vectorCVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L | ||||||
| Resolved in R.2.8.2 | expat | Medium: 6.5 | ||||
SummaryNo summary published for this advisory. Affected rangesR.2.8.0 – R.2.8.1, fixed in R.2.8.2 Fixed inR.2.8.2 CVSS vectorCVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L | ||||||
| Resolved in R.2.8.2 | expat | Medium: 6.9 | ||||
SummaryNo summary published for this advisory. Affected rangesR.2.8.0 – R.2.8.1, fixed in R.2.8.2 Fixed inR.2.8.2 CVSS vectorCVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L | ||||||
| Resolved in R.2.8.2 | expat | Medium: 6.9 | ||||
SummaryNo summary published for this advisory. Affected rangesR.2.8.0 – R.2.8.1, fixed in R.2.8.2 Fixed inR.2.8.2 CVSS vectorCVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L | ||||||
| Resolved in R.2.8.2 | expat | Medium: 6.9 | ||||
SummaryNo summary published for this advisory. Affected rangesR.2.8.0 – R.2.8.1, fixed in R.2.8.2 Fixed inR.2.8.2 CVSS vectorCVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L | ||||||
| Resolved in R.2.8.2 | expat | Medium: 6.9 | ||||
SummaryNo summary published for this advisory. Affected rangesR.2.8.0 – R.2.8.1, fixed in R.2.8.2 Fixed inR.2.8.2 CVSS vectorCVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L | ||||||
| Resolved in R.2.8.2 | expat | Medium: 6.9 | ||||
SummaryNo summary published for this advisory. Affected rangesR.2.8.0 – R.2.8.1, fixed in R.2.8.2 Fixed inR.2.8.2 CVSS vectorCVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L | ||||||
| Resolved in R.2.8.2 | expat | Medium: 6.9 | ||||
SummaryNo summary published for this advisory. Affected rangesR.2.8.0 – R.2.8.1, fixed in R.2.8.2 Fixed inR.2.8.2 CVSS vectorCVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L | ||||||
| Resolved in R.2.8.2 | expat | Medium: 6.9 | ||||
SummaryNo summary published for this advisory. Affected rangesR.2.8.0 – R.2.8.1, fixed in R.2.8.2 Fixed inR.2.8.2 CVSS vectorCVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L | ||||||
| Resolved in R.2.8.2 | expat | Medium: 4.9 | ||||
SummaryNo summary published for this advisory. Affected rangesR.2.8.0 – R.2.8.1, fixed in R.2.8.2 Fixed inR.2.8.2 CVSS vectorCVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L | ||||||
| Resolved in R.2.8.2 | expat | Medium: 4.9 | ||||
SummaryNo summary published for this advisory. Affected rangesR.2.8.0 – R.2.8.1, fixed in R.2.8.2 Fixed inR.2.8.2 CVSS vectorCVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L | ||||||
| Under investigation | glibc | Medium: 5.4 | ||||
Summarygethostbyaddr and gethostbyaddr_r return invalid DNS hostnames ViaAffected ranges2.42 – 2.43 CVSS vectorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N | ||||||
| Low ( 1 ) | ||||||
| Status | IDs | Package | Severity | |||
| Resolved in R.2.8.1 | expat | Low: 2.9 | ||||
SummaryNo summary published for this advisory. Affected rangesR.2.8.0, fixed in R.2.8.1 Fixed inR.2.8.1 CVSS vectorCVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L References
| ||||||
| Unknown ( 1 ) | ||||||
| Status | IDs | Package | Severity | |||
| Under investigation | pcre2 | Unknown | ||||
Summarypcre2_serialize_encode() information disclosure Affected ranges10.45 – 10.47 | ||||||
66 components
No components match your filter.
| Packages | Version |
|---|---|
| bun ROOT | 1.3.14 |
| acl | 2.4.0 |
| attr | 2.6.0 |
| autoconf | 2.73 |
| automake | 1.18.1 |
| bash | 5.3 |
| bash-bootstrap | 5.3 |
| binutils | 2.46.1 |
| bison | 3.8.2 |
| bzip2 | 1.0.8 |
| cmake | 4.2.7 |
| coreutils | 9.11 |
| curl | 8.21.0 |
| diffutils | 3.12 |
| expat | 2.8.2 |
| file | 5.48 |
| findutils | 4.10.0 |
| flex | 2.6.4 |
| gawk | 5.4.0 |
| gawk-bootstrap | 5.3.2 |
| gcc | 15.2.0 |
| gdbm | 1.26 |
| gettext | 1.0 |
| git | 2.55.0 |
| glibc | 2.43 |
| gmp | 6.3.0 |
| go | 1.26.4 |
| grep | 3.12 |
| gzip | 1.14 |
| libcap | 2.78 |
| libffi | 3.6.0 |
| libidn2 | 2.3.8 |
| libpsl | 0.22.0 |
| libtool | 2.5.4 |
| libunistring | 1.4.2 |
| libuv | 1.52.1 |
| libyaml | 0.2.5 |
| linux_headers | 6.12.43 |
| llvm | 21.1.8 |
| llvm-bootstrap | 21.1.8 |
| lz4 | 1.10.0 |
| m4 | 1.4.21 |
| make | 4.4.1 |
| meson | 1.10.2 |
| mpc | 1.4.0 |
| mpfr | 4.2.2 |
| ncurses | 6.6 |
| ninja | 1.13.2 |
| openssl | 3.6.3 |
| patch | 2.8 |
| pcre2 | 10.47 |
| perl | 5.42.2 |
| pkgconf | 2.5.1 |
| python | 3.14.6 |
| readline | 8.3 |
| ruby | 4.0.5 |
| rust | 1.95.0 |
| sed | 4.10 |
| setuptools | 83.0.0 |
| sqlite | 3.50.4 |
| tar | 1.35 |
| unzip | 6.0 |
| util-linux | 2.42.2 |
| xz | 5.8.3 |
| zlib | 1.3.2 |
| zstd | 1.5.7 |