From 0103dd56ab5e618bf54508b0406dbebd1cbd4f4e Mon Sep 17 00:00:00 2001
From: Jarred Sumner <709451+Jarred-Sumner@users.noreply.github.com>
Date: Thu, 4 Jan 2024 16:53:22 -0800
Subject: [PATCH] Update guide

---
 docs/guides/install/trusted.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/guides/install/trusted.md b/docs/guides/install/trusted.md
index 0c1ac63628..1922c6cc18 100644
--- a/docs/guides/install/trusted.md
+++ b/docs/guides/install/trusted.md
@@ -5,7 +5,7 @@ name: Add a trusted dependency
 Unlike other npm clients, Bun does not execute arbitrary lifecycle scripts for installed dependencies, such as `postinstall` and `node-gyp` builds. These scripts represent a potential security risk, as they can execute arbitrary code on your machine.
 
 {% callout %}
-Soon, Bun will include a built-in allow-list that automatically allows lifecycle scripts to be run by popular packages that are known to be safe. This is still under development.
+Bun includes a default allowlist of popular packages containing `postinstall` scripts that are known to be safe. You can see this list [here](https://github.com/oven-sh/bun/blob/main/src/install/default-trusted-dependencies.txt).
 {% /callout %}
 
 ---