mirrors/bun.sh
1
0
Fork 0
mirror of https://github.com/oven-sh/bun synced 2026-02-09 10:28:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
14,506 Commits 2,399 Branches 252 Tags
714c7bdcea6ab8d0b7b0e2093ddb4d95e2015da0
Commit Graph

13 Commits

Author SHA1 Message Date
Claude Bot
714c7bdcea fix(audit): exclude workspace devDependencies in --prod mode (#26675) 
When running `bun audit --prod` from a monorepo root, devDependencies
of workspace packages were incorrectly being included in the audit.
The bug was in the BFS traversal of buildProductionPackageSet(), which
didn't check isDev() for transitive dependencies.

This fix adds the missing isDev() check so workspace package
devDependencies are properly excluded when auditing production deps.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-01 19:33:53 +00:00
pfg
05d0475c6c Update to zig 0.15.2 (#24204) 
Fixes ENG-21287

Build times, from `bun run build && echo '//' >> src/main.zig && time
bun run build`

|Platform|0.14.1|0.15.2|Speedup|
|-|-|-|-|
|macos debug asan|126.90s|106.27s|1.19x|
|macos debug noasan|60.62s|50.85s|1.19x|
|linux debug asan|292.77s|241.45s|1.21x|
|linux debug noasan|146.58s|130.94s|1.12x|
|linux debug use_llvm=false|n/a|78.27s|1.87x|
|windows debug asan|177.13s|142.55s|1.24x|

Runtime performance:

- next build memory usage may have gone up by 5%. Otherwise seems the
same. Some code with writers may have gotten slower, especially one
instance of a counting writer and a few instances of unbuffered writers
that now have vtable overhead.
- File size reduced by 800kb (from 100.2mb to 99.4mb)

Improvements:

- `@export` hack is no longer needed for watch
- native x86_64 backend for linux builds faster. to use it, set use_llvm
false and no_link_obj false. also set `ASAN_OPTIONS=detect_leaks=0`
otherwise it will spam the output with tens of thousands of lines of
debug info errors. may need to use the zig lldb fork for debugging.
- zig test-obj, which we will be able to use for zig unit tests

Still an issue:

- false 'dependency loop' errors remain in watch mode
- watch mode crashes observed

Follow-up:

- [ ] search `comptime Writer: type` and `comptime W: type` and remove
- [ ] remove format_mode in our zig fork
- [ ] remove deprecated.zig autoFormatLabelFallback
- [ ] remove deprecated.zig autoFormatLabel
- [ ] remove deprecated.BufferedWriter and BufferedReader
- [ ] remove override_no_export_cpp_apis as it is no longer needed
- [ ] css Parser(W) -> Parser, and remove all the comptime writer: type
params
- [ ] remove deprecated writer fully

Files that add lines:

```
649     src/deprecated.zig
167     scripts/pack-codegen-for-zig-team.ts
54      scripts/cleartrace-impl.js
46      scripts/cleartrace.ts
43      src/windows.zig
18      src/fs.zig
17      src/bun.js/ConsoleObject.zig
16      src/output.zig
12      src/bun.js/test/debug.zig
12      src/bun.js/node/node_fs.zig
8       src/env_loader.zig
7       src/css/printer.zig
7       src/cli/init_command.zig
7       src/bun.js/node.zig
6       src/string/escapeRegExp.zig
6       src/install/PnpmMatcher.zig
5       src/bun.js/webcore/Blob.zig
4       src/crash_handler.zig
4       src/bun.zig
3       src/install/lockfile/bun.lock.zig
3       src/cli/update_interactive_command.zig
3       src/cli/pack_command.zig
3       build.zig
2       src/Progress.zig
2       src/install/lockfile/lockfile_json_stringify_for_debugging.zig
2       src/css/small_list.zig
2       src/bun.js/webcore/prompt.zig
1       test/internal/ban-words.test.ts
1       test/internal/ban-limits.json
1       src/watcher/WatcherTrace.zig
1       src/transpiler.zig
1       src/shell/builtin/cp.zig
1       src/js_printer.zig
1       src/io/PipeReader.zig
1       src/install/bin.zig
1       src/css/selectors/selector.zig
1       src/cli/run_command.zig
1       src/bun.js/RuntimeTranspilerStore.zig
1       src/bun.js/bindings/JSRef.zig
1       src/bake/DevServer.zig
```

Files that remove lines:

```
-1      src/test/recover.zig
-1      src/sql/postgres/SocketMonitor.zig
-1      src/sql/mysql/MySQLRequestQueue.zig
-1      src/sourcemap/CodeCoverage.zig
-1      src/css/values/color_js.zig
-1      src/compile_target.zig
-1      src/bundler/linker_context/convertStmtsForChunk.zig
-1      src/bundler/bundle_v2.zig
-1      src/bun.js/webcore/blob/read_file.zig
-1      src/ast/base.zig
-2      src/sql/postgres/protocol/ArrayList.zig
-2      src/shell/builtin/mkdir.zig
-2      src/install/PackageManager/patchPackage.zig
-2      src/install/PackageManager/PackageManagerDirectories.zig
-2      src/fmt.zig
-2      src/css/declaration.zig
-2      src/css/css_parser.zig
-2      src/collections/baby_list.zig
-2      src/bun.js/bindings/ZigStackFrame.zig
-2      src/ast/E.zig
-3      src/StandaloneModuleGraph.zig
-3      src/deps/picohttp.zig
-3      src/deps/libuv.zig
-3      src/btjs.zig
-4      src/threading/Futex.zig
-4      src/shell/builtin/touch.zig
-4      src/meta.zig
-4      src/install/lockfile.zig
-4      src/css/selectors/parser.zig
-5      src/shell/interpreter.zig
-5      src/css/error.zig
-5      src/bun.js/web_worker.zig
-5      src/bun.js.zig
-6      src/cli/test_command.zig
-6      src/bun.js/VirtualMachine.zig
-6      src/bun.js/uuid.zig
-6      src/bun.js/bindings/JSValue.zig
-9      src/bun.js/test/pretty_format.zig
-9      src/bun.js/api/BunObject.zig
-14     src/install/install_binding.zig
-14     src/fd.zig
-14     src/bun.js/node/path.zig
-14     scripts/pack-codegen-for-zig-team.sh
-17     src/bun.js/test/diff_format.zig
```

`git diff --numstat origin/main...HEAD | awk '{ print ($1-$2)"\t"$3 }' |
sort -rn`

---------

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Dylan Conway <dylan.conway567@gmail.com>
Co-authored-by: Meghan Denny <meghan@bun.com>
Co-authored-by: tayor.fish <contact@taylor.fish>
 2025-11-10 14:38:26 -08:00
Alistair Smith
6a1bc7d780 fix: Escape loop in bun audit causing a hang (#22510) 
### What does this PR do?

Fixes #20800

### How did you verify your code works?

<img width="2397" height="1570" alt="CleanShot 2025-09-08 at 19 00
34@2x"
src="https://github.com/user-attachments/assets/90ae4581-89fb-49fa-b821-1ab4b193fd39"
/>

---------

Co-authored-by: Claude Bot <claude-bot@bun.sh>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2025-09-08 21:33:23 -07:00
Michael H
447f8446b8 followup #21833 (bun audit more filtering options) (#21873) 
### What does this PR do?

followup #21833

### How did you verify your code works?

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2025-08-14 19:51:56 -07:00
Michael H
50e7d5c26e bun audit add more filtering options (#21833) 
### What does this PR do?

fixes #21813

`--audit-level=high`,  `--prod` and `--ignore=cve` filters

### How did you verify your code works?

tests
 2025-08-14 16:36:44 -07:00
taylor.fish
07cd45deae Refactor Zig imports and file structure (part 1) (#21270) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2025-07-22 17:51:38 -07:00
pfg
83760fc446 Sort imports in all files (#21119) 
Co-authored-by: taylor.fish <contact@taylor.fish>
 2025-07-21 13:26:47 -07:00
Jarred Sumner
f3bca62a77 Fix proxy handling in bun audit (#20295) 
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: Jarred-Sumner <709451+Jarred-Sumner@users.noreply.github.com>
 2025-06-13 19:43:55 +02:00
Jarred Sumner
498186764a Remove a memcpy (#20261) 
Co-authored-by: Jarred-Sumner <709451+Jarred-Sumner@users.noreply.github.com>
 2025-06-08 05:07:09 -07:00
Dylan Conway
5910504aeb bun pm audit -> bun audit (#19944) 2025-05-27 19:52:18 -07:00
Jarred Sumner
a8e4489e10 Add docs for bun pm audit (#19885) 
Co-authored-by: Alistair Smith <hi@alistair.sh>
Co-authored-by: alii <25351731+alii@users.noreply.github.com>
 2025-05-26 21:56:32 -07:00
Alistair Smith
31980bc151 perf_hooks.Histogram (#19920) 2025-05-26 21:18:22 -07:00
Alistair Smith
9e329ee605 bun pm audit (#19855) 2025-05-23 22:31:12 -07:00