Bun Alternatives

bun reviews and mentions

• Supply chaing attack alert: .github/setup.js
  4 projects | news.ycombinator.com | 5 Jun 2026
• Show HN: yadiff, yet another diff viewer, based on pierre's diffshub
  4 projects | news.ycombinator.com | 3 Jun 2026

  what a horrible typo with the scoped name, it should be `npx @baggiiiie/yadiff https://github.com/oven-sh/bun/pull/30412`!

• Bun Has Been Converted to Rust. Now What?
  5 projects | news.ycombinator.com | 3 Jun 2026

  > Comparing unsafe counts to UV makes no sense here.

  Agreed. The better comparison is Deno, which does roughly the same thing (wrapping a c/c++ javascript engine to create a serverside runtime). Deno was smaller, but per line of code/file it had just over half the unsafe as the bun slop rewrite. There are also examples of unsafe blocks that are just locally incorrect [0], meaning you don't even need to read outside the function and it's definition to determine that the entity doing the porting (in this case claude) didn't understand how unsafe rust works.

  > I am skeptical why Bun was even an acquisition target in the first place, other than pulling stunts like this.

  From what I've heard, it sounds like the author had become fully hooked by LLM coding before the acquisition, so I don't think we know enough to conclude that this was premeditated by Anthropic. I think the more likely trigger is that Bun had just bragged about how they'd forked the zig language for a performance increase and attacked zig for it's no-AI policy, only for a zig core team member to point out that the code couldn't be upstreamed even if it had been hand written [1].

  The better point, IMO, is how this is an example of how AI use/addiction makes developers who fall into it loose the ability to judge code quality, particularly for code they prompted for themselves. From what I've heard of Mr. Sumner and the team at oven from before AI, I very much doubt code of this poor quality would have been allowed anywhere near the main branch before LLMs.

  [0] https://github.com/oven-sh/bun/blob/d2a6506dfad4c3ef3dddb9ae...

  [1] https://ziggit.dev/t/bun-s-zig-fork-got-4x-faster-compilatio...

• No SQLite driver works in both Bun and Node. Here is how I shipped one package that runs on both.
  2 projects | dev.to | 3 Jun 2026

  better-sqlite3, the usual answer, is a native addon. Bun still cannot load its addon reliably (oven-sh/bun#4290).

• Using DigitalOcean Droplets as Ephemeral Sandboxes for AI Agents
  2 projects | dev.to | 25 May 2026
• Bun team is rewriting SIMD from Rust to C++
  1 project | news.ycombinator.com | 25 May 2026
• Electrobun 2.0 will be decoupled from Bun due to the rust rewrite
  1 project | news.ycombinator.com | 23 May 2026

  https://github.com/oven-sh/bun/issues/30921

  > A CVE wasn’t announced for an HTTP Request Smuggling vulnerability

  Even before the acquisition of Anthropic, there had never been a single vulnerability report.

  https://github.com/oven-sh/bun/security

  Do not use this in production.

• Bun.Image
  2 projects | news.ycombinator.com | 23 May 2026

  > It's not like image manipulation is a poorly understood problem

  You would think, but the initial implementation of this stripped ICC profiles (https://github.com/oven-sh/bun/issues/30197), and while that was fixed in time for the release, it still currently doesn't understand EXIF rotation metadata (https://github.com/oven-sh/bun/issues/30235) or high-bit-depth images (https://github.com/oven-sh/bun/issues/30462)

• I’ve Given Up on Bun. I’m Removing It from SuperRails
  1 project | dev.to | 17 May 2026

  Jarred-Sumner posted on May 08, 2026

• Audit: Add UB-exorcism audit workspace and executive guide
  1 project | news.ycombinator.com | 17 May 2026
• A note from our sponsor - SaaSHub
  www.saashub.com | 13 Jun 2026

  SaaSHub helps you find the best software and product alternatives Learn more →