fix(node:net): remove ADDRCONFIG hint to fix IPv4/IPv6 mismatch

The dns.ADDRCONFIG hint was causing localhost connections to fail when
servers bind to IPv6 (::1) but the client resolves to IPv4 (127.0.0.1).

On systems where IPv6 is configured but ADDRCONFIG reports IPv4-only,
the hint filters out IPv6 addresses, causing ECONNREFUSED errors when
connecting to servers listening on localhost.

Removing ADDRCONFIG allows DNS to return both IPv6 and IPv4 addresses,
and the autoSelectFamily logic tries both, successfully connecting to
IPv6-bound servers.

Fixes 8 test failures:
- net.Socket read > long message > should work with .connect(port)
- net.Socket read > long message > should work with .connect(port, listener)
- net.Socket read > long message > should work with .connect(port, host, listener)
- net.Socket read > long message > should support onread callback
- net.Socket read > short message > should work with .connect(port)
- net.Socket read > short message > should work with .connect(port, listener)
- net.Socket read > short message > should work with .connect(port, host, listener)
- net.Socket read > short message > should support onread callback

Test results: 29 pass / 1 skip / 2 fail (was 21 pass / 1 skip / 10 fail)

The 2 remaining failures are pre-existing bugs unrelated to this change.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

.claude/hooks/post-edit-zig-format.js

@@ -0,0 +1,88 @@
+#!/usr/bin/env bun
+import { extname } from "path";
+import { spawnSync } from "child_process";
+
+const input = await Bun.stdin.json();
+
+const toolName = input.tool_name;
+const toolInput = input.tool_input || {};
+const filePath = toolInput.file_path;
+
+// Only process Write, Edit, and MultiEdit tools
+if (!["Write", "Edit", "MultiEdit"].includes(toolName)) {
+  process.exit(0);
+}
+
+const ext = extname(filePath);
+
+// Only format known files
+if (!filePath) {
+  process.exit(0);
+}
+
+function formatZigFile() {
+  try {
+    // Format the Zig file
+    const result = spawnSync("vendor/zig/zig.exe", ["fmt", filePath], {
+      cwd: process.env.CLAUDE_PROJECT_DIR || process.cwd(),
+      encoding: "utf-8",
+    });
+
+    if (result.error) {
+      console.error(`Failed to format ${filePath}: ${result.error.message}`);
+      process.exit(0);
+    }
+
+    if (result.status !== 0) {
+      console.error(`zig fmt failed for ${filePath}:`);
+      if (result.stderr) {
+        console.error(result.stderr);
+      }
+      process.exit(0);
+    }
+  } catch (error) {}
+}
+
+function formatTypeScriptFile() {
+  try {
+    // Format the TypeScript file
+    const result = spawnSync(
+      "./node_modules/.bin/prettier",
+      ["--plugin=prettier-plugin-organize-imports", "--config", ".prettierrc", "--write", filePath],
+      {
+        cwd: process.env.CLAUDE_PROJECT_DIR || process.cwd(),
+        encoding: "utf-8",
+      },
+    );
+  } catch (error) {}
+}
+
+if (ext === ".zig") {
+  formatZigFile();
+} else if (
+  [
+    ".cjs",
+    ".css",
+    ".html",
+    ".js",
+    ".json",
+    ".jsonc",
+    ".jsx",
+    ".less",
+    ".mjs",
+    ".pcss",
+    ".postcss",
+    ".sass",
+    ".scss",
+    ".styl",
+    ".stylus",
+    ".toml",
+    ".ts",
+    ".tsx",
+    ".yaml",
+  ].includes(ext)
+) {
+  formatTypeScriptFile();
+}
+
+process.exit(0);

.claude/hooks/pre-bash-zig-build.js

@@ -0,0 +1,207 @@
+#!/usr/bin/env bun
+import { basename, extname } from "path";
+
+const input = await Bun.stdin.json();
+
+const toolName = input.tool_name;
+const toolInput = input.tool_input || {};
+const command = toolInput.command || "";
+const timeout = toolInput.timeout;
+const cwd = input.cwd || "";
+
+// Get environment variables from the hook context
+// Note: We check process.env directly as env vars are inherited
+let useSystemBun = process.env.USE_SYSTEM_BUN;
+
+if (toolName !== "Bash" || !command) {
+  process.exit(0);
+}
+
+function denyWithReason(reason) {
+  const output = {
+    hookSpecificOutput: {
+      hookEventName: "PreToolUse",
+      permissionDecision: "deny",
+      permissionDecisionReason: reason,
+    },
+  };
+  console.log(JSON.stringify(output));
+  process.exit(0);
+}
+
+// Parse the command to extract argv0 and positional args
+let tokens;
+try {
+  // Simple shell parsing - split on spaces but respect quotes (both single and double)
+  tokens = command.match(/(?:[^\s"']+|"[^"]*"|'[^']*')+/g)?.map(t => t.replace(/^['"]|['"]$/g, "")) || [];
+} catch {
+  process.exit(0);
+}
+
+if (tokens.length === 0) {
+  process.exit(0);
+}
+
+// Strip inline environment variable assignments (e.g., FOO=1 bun test)
+const inlineEnv = new Map();
+let commandStart = 0;
+while (
+  commandStart < tokens.length &&
+  /^[A-Za-z_][A-Za-z0-9_]*=/.test(tokens[commandStart]) &&
+  !tokens[commandStart].includes("/")
+) {
+  const [name, value = ""] = tokens[commandStart].split("=", 2);
+  inlineEnv.set(name, value);
+  commandStart++;
+}
+if (commandStart >= tokens.length) {
+  process.exit(0);
+}
+tokens = tokens.slice(commandStart);
+useSystemBun = inlineEnv.get("USE_SYSTEM_BUN") ?? useSystemBun;
+
+// Get the executable name (argv0)
+const argv0 = basename(tokens[0], extname(tokens[0]));
+
+// Check if it's zig or zig.exe
+if (argv0 === "zig") {
+  // Filter out flags (starting with -) to get positional arguments
+  const positionalArgs = tokens.slice(1).filter(arg => !arg.startsWith("-"));
+
+  // Check if the positional args contain "build" followed by "obj"
+  if (positionalArgs.length >= 2 && positionalArgs[0] === "build" && positionalArgs[1] === "obj") {
+    denyWithReason("error: Use `bun bd` to build Bun and wait patiently");
+  }
+}
+
+// Check if argv0 is timeout and the command is "bun bd"
+if (argv0 === "timeout") {
+  // Find the actual command after timeout and its arguments
+  const timeoutArgEndIndex = tokens.slice(1).findIndex(t => !t.startsWith("-") && !/^\d/.test(t));
+  if (timeoutArgEndIndex === -1) {
+    process.exit(0);
+  }
+
+  const actualCommandIndex = timeoutArgEndIndex + 1;
+  if (actualCommandIndex >= tokens.length) {
+    process.exit(0);
+  }
+
+  const actualCommand = basename(tokens[actualCommandIndex]);
+  const restArgs = tokens.slice(actualCommandIndex + 1);
+
+  // Check if it's "bun bd" or "bun-debug bd" without other positional args
+  if (actualCommand === "bun" || actualCommand.includes("bun-debug")) {
+    // Claude is a sneaky fucker
+    let positionalArgs = restArgs.filter(arg => !arg.startsWith("-"));
+    const redirectStderrToStdoutIndex = positionalArgs.findIndex(arg => arg === "2>&1");
+    if (redirectStderrToStdoutIndex !== -1) {
+      positionalArgs.splice(redirectStderrToStdoutIndex, 1);
+    }
+    const redirectStdoutToStderrIndex = positionalArgs.findIndex(arg => arg === "1>&2");
+    if (redirectStdoutToStderrIndex !== -1) {
+      positionalArgs.splice(redirectStdoutToStderrIndex, 1);
+    }
+
+    const redirectToFileIndex = positionalArgs.findIndex(arg => arg === ">");
+    if (redirectToFileIndex !== -1) {
+      positionalArgs.splice(redirectToFileIndex, 2);
+    }
+
+    const redirectToFileAppendIndex = positionalArgs.findIndex(arg => arg === ">>");
+    if (redirectToFileAppendIndex !== -1) {
+      positionalArgs.splice(redirectToFileAppendIndex, 2);
+    }
+
+    const redirectTOFileInlineIndex = positionalArgs.findIndex(arg => arg.startsWith(">"));
+    if (redirectTOFileInlineIndex !== -1) {
+      positionalArgs.splice(redirectTOFileInlineIndex, 1);
+    }
+
+    const pipeIndex = positionalArgs.findIndex(arg => arg === "|");
+    if (pipeIndex !== -1) {
+      positionalArgs = positionalArgs.slice(0, pipeIndex);
+    }
+
+    positionalArgs = positionalArgs.map(arg => arg.trim()).filter(Boolean);
+
+    if (positionalArgs.length === 1 && positionalArgs[0] === "bd") {
+      denyWithReason("error: Run `bun bd` without a timeout");
+    }
+  }
+}
+
+// Check if command is "bun .* test" or "bun-debug test" with -u/--update-snapshots AND -t/--test-name-pattern
+if (argv0 === "bun" || argv0.includes("bun-debug")) {
+  const allArgs = tokens.slice(1);
+
+  // Check if "test" is in positional args or "bd" followed by "test"
+  const positionalArgs = allArgs.filter(arg => !arg.startsWith("-"));
+  const hasTest = positionalArgs.includes("test") || (positionalArgs[0] === "bd" && positionalArgs[1] === "test");
+
+  if (hasTest) {
+    const hasUpdateSnapshots = allArgs.some(arg => arg === "-u" || arg === "--update-snapshots");
+    const hasTestNamePattern = allArgs.some(arg => arg === "-t" || arg === "--test-name-pattern");
+
+    if (hasUpdateSnapshots && hasTestNamePattern) {
+      denyWithReason("error: Cannot use -u/--update-snapshots with -t/--test-name-pattern");
+    }
+  }
+}
+
+// Check if timeout option is set for "bun bd" command
+if (timeout !== undefined && (argv0 === "bun" || argv0.includes("bun-debug"))) {
+  const positionalArgs = tokens.slice(1).filter(arg => !arg.startsWith("-"));
+  if (positionalArgs.length === 1 && positionalArgs[0] === "bd") {
+    denyWithReason("error: Run `bun bd` without a timeout");
+  }
+}
+
+// Check if running "bun test <file>" without USE_SYSTEM_BUN=1
+if ((argv0 === "bun" || argv0.includes("bun-debug")) && useSystemBun !== "1") {
+  const allArgs = tokens.slice(1);
+  const positionalArgs = allArgs.filter(arg => !arg.startsWith("-"));
+
+  // Check if it's "test" (not "bd test")
+  if (positionalArgs.length >= 1 && positionalArgs[0] === "test" && positionalArgs[0] !== "bd") {
+    denyWithReason(
+      "error: In development, use `bun bd test <file>` to test your changes. If you meant to use a release version, set USE_SYSTEM_BUN=1",
+    );
+  }
+}
+
+// Check if running "bun bd test" from bun repo root or test folder without a file path
+if (argv0 === "bun" || argv0.includes("bun-debug")) {
+  const allArgs = tokens.slice(1);
+  const positionalArgs = allArgs.filter(arg => !arg.startsWith("-"));
+
+  // Check if it's "bd test"
+  if (positionalArgs.length >= 2 && positionalArgs[0] === "bd" && positionalArgs[1] === "test") {
+    // Check if cwd is the bun repo root or test folder
+    const isBunRepoRoot = cwd === "/workspace/bun" || cwd.endsWith("/bun");
+    const isTestFolder = cwd.endsWith("/bun/test");
+
+    if (isBunRepoRoot || isTestFolder) {
+      // Check if there's a file path argument (looks like a path: contains / or has test extension)
+      const hasFilePath = positionalArgs
+        .slice(2)
+        .some(
+          arg =>
+            arg.includes("/") ||
+            arg.endsWith(".test.ts") ||
+            arg.endsWith(".test.js") ||
+            arg.endsWith(".test.tsx") ||
+            arg.endsWith(".test.jsx"),
+        );
+
+      if (!hasFilePath) {
+        denyWithReason(
+          "error: `bun bd test` from repo root or test folder will run all tests. Use `bun bd test <path>` with a specific test file.",
+        );
+      }
+    }
+  }
+}
+
+// Allow the command to proceed
+process.exit(0);

.claude/settings.json

@@ -0,0 +1,26 @@
+{
+  "hooks": {
+    "PreToolUse": [
+      {
+        "matcher": "Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "\"$CLAUDE_PROJECT_DIR\"/.claude/hooks/pre-bash-zig-build.js"
+          }
+        ]
+      }
+    ],
+    "PostToolUse": [
+      {
+        "matcher": "Write|Edit|MultiEdit",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "\"$CLAUDE_PROJECT_DIR\"/.claude/hooks/post-edit-zig-format.js"
+          }
+        ]
+      }
+    ]
+  }
+}

.cursor/rules/building-bun.mdc

@@ -30,7 +30,7 @@ bun bd <file> <...args>
 Debug logs look like this:
 
 ```zig
-const log = bun.Output.scoped(.${SCOPE}, false);
+const log = bun.Output.scoped(.${SCOPE}, .hidden);
 
 // ...later
 log("MY DEBUG LOG", .{})

.github/workflows/claude.yml

@@ -57,8 +57,7 @@ jobs:
           git reset --hard origin/${{ github.event.pull_request.head.ref }}
       - name: Run Claude Code
         id: claude
-        # TODO: switch this out once they merge their v1
-        uses: km-anthropic/claude-code-action@v1-dev
+        uses: anthropics/claude-code-action@v1
         with:
           timeout_minutes: "180"
           claude_args: |

.github/workflows/labeled.yml

@@ -142,8 +142,8 @@ jobs:
         uses: actions/github-script@v7
         with:
           script: |
-            const closeAction = JSON.parse('${{ steps.add-labels.outputs.close-action }}');
-            
+            const closeAction = ${{ fromJson(steps.add-labels.outputs.close-action) }};
+
             // Comment with the reason
             await github.rest.issues.createComment({
               owner: context.repo.owner,
@@ -151,7 +151,7 @@ jobs:
               issue_number: context.issue.number,
               body: closeAction.comment
             });
-            
+
             // Close the issue
             await github.rest.issues.update({
               owner: context.repo.owner,

.github/workflows/update-sqlite3.yml

@@ -70,24 +70,7 @@ jobs:
       - name: Update SQLite if needed
         if: success() && steps.check-version.outputs.current_num < steps.check-version.outputs.latest_num
         run: |
-          set -euo pipefail
-
-          TEMP_DIR=$(mktemp -d)
-          cd $TEMP_DIR
-
-          echo "Downloading from: https://sqlite.org/${{ steps.check-version.outputs.latest_year }}/sqlite-amalgamation-${{ steps.check-version.outputs.latest_num }}.zip"
-
-          # Download and extract latest version
-          wget "https://sqlite.org/${{ steps.check-version.outputs.latest_year }}/sqlite-amalgamation-${{ steps.check-version.outputs.latest_num }}.zip"
-          unzip "sqlite-amalgamation-${{ steps.check-version.outputs.latest_num }}.zip"
-          cd "sqlite-amalgamation-${{ steps.check-version.outputs.latest_num }}"
-
-          # Add header comment and copy files
-          echo "// clang-format off" > $GITHUB_WORKSPACE/src/bun.js/bindings/sqlite/sqlite3.c
-          cat sqlite3.c >> $GITHUB_WORKSPACE/src/bun.js/bindings/sqlite/sqlite3.c
-
-          echo "// clang-format off" > $GITHUB_WORKSPACE/src/bun.js/bindings/sqlite/sqlite3_local.h
-          cat sqlite3.h >> $GITHUB_WORKSPACE/src/bun.js/bindings/sqlite/sqlite3_local.h
+          ./scripts/update-sqlite-amalgamation.sh ${{ steps.check-version.outputs.latest_num }} ${{ steps.check-version.outputs.latest_year }}
 
       - name: Create Pull Request
         if: success() && steps.check-version.outputs.current_num < steps.check-version.outputs.latest_num

.gitignore

@@ -1,7 +1,9 @@
+.claude/settings.local.json
 .DS_Store
 .env
 .envrc
 .eslintcache
+.gdb_history
 .idea
 .next
 .ninja_deps
@@ -189,4 +191,4 @@ scratch*.{js,ts,tsx,cjs,mjs}
 scripts/lldb-inline
 
 # We regenerate these in all the build scripts
-cmake/sources/*.txt
+cmake/sources/*.txt

.prettierrc

@@ -19,6 +19,12 @@
       "options": {
         "printWidth": 80
       }
+    },
+    {
+      "files": ["src/codegen/bindgenv2/**/*.ts", "*.bindv2.ts"],
+      "options": {
+        "printWidth": 100
+      }
     }
   ]
 }

CLAUDE.md

@@ -143,19 +143,6 @@ When implementing JavaScript classes in C++:
 3. Add iso subspaces for classes with C++ fields
 4. Cache structures in ZigGlobalObject
 
-## Development Workflow
-
-### Code Formatting
-
-- `bun run prettier` - Format JS/TS files
-- `bun run zig-format` - Format Zig files
-- `bun run clang-format` - Format C++ files
-
-### Watching for Changes
-
-- `bun run watch` - Incremental Zig compilation with error checking
-- `bun run watch-windows` - Windows-specific watch mode
-
 ### Code Generation
 
 Code generation happens automatically as part of the build process. The main scripts are:
@@ -177,47 +164,6 @@ Built-in JavaScript modules use special syntax and are organized as:
 - `internal/` - Internal modules not exposed to users
 - `builtins/` - Core JavaScript builtins (streams, console, etc.)
 
-### Special Syntax in Built-in Modules
-
-1. **`$` prefix** - Access to private properties and JSC intrinsics:
-
-   ```js
-   const arr = $Array.from(...);  // Private global
-   map.$set(...);                 // Private method
-   const arr2 = $newArrayWithSize(5); // JSC intrinsic
-   ```
-
-2. **`require()`** - Must use string literals, resolved at compile time:
-
-   ```js
-   const fs = require("fs"); // Directly loads by numeric ID
-   ```
-
-3. **Debug helpers**:
-   - `$debug()` - Like console.log but stripped in release builds
-   - `$assert()` - Assertions stripped in release builds
-   - `if($debug) {}` - Check if debug env var is set
-
-4. **Platform detection**: `process.platform` and `process.arch` are inlined and dead-code eliminated
-
-5. **Export syntax**: Use `export default` which gets converted to a return statement:
-   ```js
-   export default {
-     readFile,
-     writeFile,
-   };
-   ```
-
-Note: These are NOT ES modules. The preprocessor converts `$` to `@` (JSC's actual syntax) and handles the special functions.
-
-## CI
-
-Bun uses BuildKite for CI. To get the status of a PR, you can use the following command:
-
-```bash
-bun ci
-```
-
 ## Important Development Notes
 
 1. **Never use `bun test` or `bun <file>` directly** - always use `bun bd test` or `bun bd <command>`. `bun bd` compiles & runs the debug build.
@@ -229,19 +175,6 @@ bun ci
 7. **Avoid shell commands** - Don't use `find` or `grep` in tests; use Bun's Glob and built-in tools
 8. **Memory management** - In Zig code, be careful with allocators and use defer for cleanup
 9. **Cross-platform** - Run `bun run zig:check-all` to compile the Zig code on all platforms when making platform-specific changes
-10. **Debug builds** - Use `BUN_DEBUG_QUIET_LOGS=1` to disable debug logging, or `BUN_DEBUG_<scope>=1` to enable specific scopes
+10. **Debug builds** - Use `BUN_DEBUG_QUIET_LOGS=1` to disable debug logging, or `BUN_DEBUG_<scopeName>=1` to enable specific `Output.scoped(.${scopeName}, .visible)`s
 11. **Be humble & honest** - NEVER overstate what you got done or what actually works in commits, PRs or in messages to the user.
 12. **Branch names must start with `claude/`** - This is a requirement for the CI to work.
-
-## Key APIs and Features
-
-### Bun-Specific APIs
-
-- **Bun.serve()** - High-performance HTTP server
-- **Bun.spawn()** - Process spawning with better performance than Node.js
-- **Bun.file()** - Fast file I/O operations
-- **Bun.write()** - Unified API for writing to files, stdout, etc.
-- **Bun.$ (Shell)** - Cross-platform shell scripting
-- **Bun.SQLite** - Native SQLite integration
-- **Bun.FFI** - Call native libraries from JavaScript
-- **Bun.Glob** - Fast file pattern matching

CONTRIBUTING.md

@@ -2,7 +2,21 @@ Configuring a development environment for Bun can take 10-30 minutes depending o
 
 If you are using Windows, please refer to [this guide](https://bun.com/docs/project/building-windows)
 
-## Install Dependencies
+## Using Nix (Alternative)
+
+A Nix flake is provided as an alternative to manual dependency installation:
+
+```bash
+nix develop
+# or explicitly use the pure shell
+# nix develop .#pure
+export CMAKE_SYSTEM_PROCESSOR=$(uname -m)
+bun bd
+```
+
+This provides all dependencies in an isolated, reproducible environment without requiring sudo.
+
+## Install Dependencies (Manual)
 
 Using your system's package manager, install Bun's dependencies:
 
@@ -149,7 +163,7 @@ Bun generally takes about 2.5 minutes to compile a debug build when there are Zi
 - Batch up your changes
 - Ensure zls is running with incremental watching for LSP errors (if you use VSCode and install Zig and run `bun run build` once to download Zig, this should just work)
 - Prefer using the debugger ("CodeLLDB" in VSCode) to step through the code.
-- Use debug logs. `BUN_DEBUG_<scope>=1` will enable debug logging for the corresponding `Output.scoped(.<scope>, false)` logs. You can also set `BUN_DEBUG_QUIET_LOGS=1` to disable all debug logging that isn't explicitly enabled. To dump debug lgos into a file, `BUN_DEBUG=<path-to-file>.log`. Debug logs are aggressively removed in release builds.
+- Use debug logs. `BUN_DEBUG_<scope>=1` will enable debug logging for the corresponding `Output.scoped(.<scope>, .hidden)` logs. You can also set `BUN_DEBUG_QUIET_LOGS=1` to disable all debug logging that isn't explicitly enabled. To dump debug lgos into a file, `BUN_DEBUG=<path-to-file>.log`. Debug logs are aggressively removed in release builds.
 - src/js/\*\*.ts changes are pretty much instant to rebuild. C++ changes are a bit slower, but still much faster than the Zig code (Zig is one compilation unit, C++ is many).
 
 ## Code generation scripts

LATEST

@@ -1 +1 @@
-1.2.23
+1.3.0

build.zig

@@ -49,6 +49,7 @@ const BunBuildOptions = struct {
     enable_logs: bool = false,
     enable_asan: bool,
     enable_valgrind: bool,
+    use_mimalloc: bool,
     tracy_callstack_depth: u16,
     reported_nodejs_version: Version,
     /// To make iterating on some '@embedFile's faster, we load them at runtime
@@ -68,6 +69,7 @@ const BunBuildOptions = struct {
 
     cached_options_module: ?*Module = null,
     windows_shim: ?WindowsShim = null,
+    llvm_codegen_threads: ?u32 = null,
 
     pub fn isBaseline(this: *const BunBuildOptions) bool {
         return this.arch.isX86() and
@@ -96,6 +98,7 @@ const BunBuildOptions = struct {
         opts.addOption(bool, "enable_logs", this.enable_logs);
         opts.addOption(bool, "enable_asan", this.enable_asan);
         opts.addOption(bool, "enable_valgrind", this.enable_valgrind);
+        opts.addOption(bool, "use_mimalloc", this.use_mimalloc);
         opts.addOption([]const u8, "reported_nodejs_version", b.fmt("{}", .{this.reported_nodejs_version}));
         opts.addOption(bool, "zig_self_hosted_backend", this.no_llvm);
         opts.addOption(bool, "override_no_export_cpp_apis", this.override_no_export_cpp_apis);
@@ -269,6 +272,8 @@ pub fn build(b: *Build) !void {
         .enable_logs = b.option(bool, "enable_logs", "Enable logs in release") orelse false,
         .enable_asan = b.option(bool, "enable_asan", "Enable asan") orelse false,
         .enable_valgrind = b.option(bool, "enable_valgrind", "Enable valgrind") orelse false,
+        .use_mimalloc = b.option(bool, "use_mimalloc", "Use mimalloc as default allocator") orelse false,
+        .llvm_codegen_threads = b.option(u32, "llvm_codegen_threads", "Number of threads to use for LLVM codegen") orelse 1,
     };
 
     // zig build obj
@@ -498,6 +503,7 @@ fn addMultiCheck(
                 .no_llvm = root_build_options.no_llvm,
                 .enable_asan = root_build_options.enable_asan,
                 .enable_valgrind = root_build_options.enable_valgrind,
+                .use_mimalloc = root_build_options.use_mimalloc,
                 .override_no_export_cpp_apis = root_build_options.override_no_export_cpp_apis,
             };
 
@@ -603,7 +609,15 @@ fn configureObj(b: *Build, opts: *BunBuildOptions, obj: *Compile) void {
 
     // Object options
     obj.use_llvm = !opts.no_llvm;
-    obj.use_lld = if (opts.os == .mac) false else !opts.no_llvm;
+    obj.use_lld = if (opts.os == .mac or opts.os == .linux) false else !opts.no_llvm;
+
+    if (opts.optimize == .Debug) {
+        if (@hasField(std.meta.Child(@TypeOf(obj)), "llvm_codegen_threads"))
+            obj.llvm_codegen_threads = opts.llvm_codegen_threads orelse 0;
+    }
+
+    obj.no_link_obj = true;
+
     if (opts.enable_asan and !enableFastBuild(b)) {
         if (@hasField(Build.Module, "sanitize_address")) {
             obj.root_module.sanitize_address = true;
@@ -710,6 +724,7 @@ fn addInternalImports(b: *Build, mod: *Module, opts: *BunBuildOptions) void {
     // Generated code exposed as individual modules.
     inline for (.{
         .{ .file = "ZigGeneratedClasses.zig", .import = "ZigGeneratedClasses" },
+        .{ .file = "bindgen_generated.zig", .import = "bindgen_generated" },
         .{ .file = "ResolvedSourceTag.zig", .import = "ResolvedSourceTag" },
         .{ .file = "ErrorCode.zig", .import = "ErrorCode" },
         .{ .file = "runtime.out.js", .enable = opts.shouldEmbedCode() },

bun.lock

@@ -8,14 +8,14 @@
         "@lezer/cpp": "^1.1.3",
         "@types/bun": "workspace:*",
         "bun-tracestrings": "github:oven-sh/bun.report#912ca63e26c51429d3e6799aa2a6ab079b188fd8",
-        "esbuild": "^0.21.4",
-        "mitata": "^0.1.11",
+        "esbuild": "^0.21.5",
+        "mitata": "^0.1.14",
         "peechy": "0.4.34",
-        "prettier": "^3.5.3",
-        "prettier-plugin-organize-imports": "^4.0.0",
+        "prettier": "^3.6.2",
+        "prettier-plugin-organize-imports": "^4.3.0",
         "react": "^18.3.1",
         "react-dom": "^18.3.1",
-        "source-map-js": "^1.2.0",
+        "source-map-js": "^1.2.1",
         "typescript": "5.9.2",
       },
     },
@@ -284,7 +284,7 @@
 
     "prettier": ["prettier@3.6.2", "", { "bin": { "prettier": "bin/prettier.cjs" } }, "sha512-I7AIg5boAr5R0FFtJ6rCfD+LFsWHp81dolrFD8S79U9tb8Az2nGrJncnMSnys+bpQJfRUzqs9hnA81OAA3hCuQ=="],
 
-    "prettier-plugin-organize-imports": ["prettier-plugin-organize-imports@4.2.0", "", { "peerDependencies": { "prettier": ">=2.0", "typescript": ">=2.9", "vue-tsc": "^2.1.0 || 3" }, "optionalPeers": ["vue-tsc"] }, "sha512-Zdy27UhlmyvATZi67BTnLcKTo8fm6Oik59Sz6H64PgZJVs6NJpPD1mT240mmJn62c98/QaL+r3kx9Q3gRpDajg=="],
+    "prettier-plugin-organize-imports": ["prettier-plugin-organize-imports@4.3.0", "", { "peerDependencies": { "prettier": ">=2.0", "typescript": ">=2.9", "vue-tsc": "^2.1.0 || 3" }, "optionalPeers": ["vue-tsc"] }, "sha512-FxFz0qFhyBsGdIsb697f/EkvHzi5SZOhWAjxcx2dLt+Q532bAlhswcXGYB1yzjZ69kW8UoadFBw7TyNwlq96Iw=="],
 
     "react": ["react@18.3.1", "", { "dependencies": { "loose-envify": "^1.1.0" } }, "sha512-wS+hAgJShR0KhEvPJArfuPVN1+Hz1t0Y6n5jLrGQbkb4urgPE/0Rve+1kMB1v/oWgHgm4WIcV+i7F2pTVj+2iQ=="],
 

bunfig.toml

@@ -10,3 +10,4 @@ preload = "./test/preload.ts"
 
 [install]
 linker = "isolated"
+minimumReleaseAge = 1

cmake/CompilerFlags.cmake

@@ -86,11 +86,20 @@ elseif(APPLE)
 endif()
 
 if(UNIX)
-  register_compiler_flags(
-    DESCRIPTION "Enable debug symbols"
-    -g3 -gz=zstd ${DEBUG}
-    -g1 ${RELEASE}
-  )
+  # Nix LLVM doesn't support zstd compression, use zlib instead
+  if(DEFINED ENV{NIX_CC})
+    register_compiler_flags(
+      DESCRIPTION "Enable debug symbols (zlib-compressed for Nix)"
+      -g3 -gz=zlib ${DEBUG}
+      -g1 ${RELEASE}
+    )
+  else()
+    register_compiler_flags(
+      DESCRIPTION "Enable debug symbols (zstd-compressed)"
+      -g3 -gz=zstd ${DEBUG}
+      -g1 ${RELEASE}
+    )
+  endif()
 
   register_compiler_flags(
     DESCRIPTION "Optimize debug symbols for LLDB"
@@ -214,10 +223,13 @@ if(ENABLE_ASSERTIONS)
     _LIBCPP_HARDENING_MODE=_LIBCPP_HARDENING_MODE_DEBUG ${DEBUG}
   )
 
-  register_compiler_definitions(
-    DESCRIPTION "Enable fortified sources"
-    _FORTIFY_SOURCE=3
-  )
+  # Nix glibc already sets _FORTIFY_SOURCE, don't override it
+  if(NOT DEFINED ENV{NIX_CC})
+    register_compiler_definitions(
+      DESCRIPTION "Enable fortified sources (Release only)"
+      _FORTIFY_SOURCE=3 ${RELEASE}
+    )
+  endif()
 
   if(LINUX)
     register_compiler_definitions(

cmake/Options.cmake

@@ -202,4 +202,9 @@ optionx(USE_WEBKIT_ICU BOOL "Use the ICU libraries from WebKit" DEFAULT ${DEFAUL
 
 optionx(ERROR_LIMIT STRING "Maximum number of errors to show when compiling C++ code" DEFAULT "100")
 
+# This is not an `option` because setting this variable to OFF is experimental
+# and unsupported. This replaces the `use_mimalloc` variable previously in
+# bun.zig, and enables C++ code to also be aware of the option.
+set(USE_MIMALLOC_AS_DEFAULT_ALLOCATOR ON)
+
 list(APPEND CMAKE_ARGS -DCMAKE_EXPORT_COMPILE_COMMANDS=ON)

cmake/Sources.json

@@ -31,6 +31,14 @@
     "output": "BindgenSources.txt",
     "paths": ["src/**/*.bind.ts"]
   },
+  {
+    "output": "BindgenV2Sources.txt",
+    "paths": ["src/**/*.bindv2.ts"]
+  },
+  {
+    "output": "BindgenV2InternalSources.txt",
+    "paths": ["src/codegen/bindgenv2/**/*.ts"]
+  },
   {
     "output": "ZigSources.txt",
     "paths": ["src/**/*.zig"]

cmake/targets/BuildBun.cmake

@@ -44,6 +44,14 @@ else()
   set(CONFIGURE_DEPENDS "")
 endif()
 
+set(LLVM_ZIG_CODEGEN_THREADS 0)
+# This makes the build slower, so we turn it off for now.
+# if (DEBUG)
+#   include(ProcessorCount)
+#   ProcessorCount(CPU_COUNT)
+#   set(LLVM_ZIG_CODEGEN_THREADS ${CPU_COUNT})
+# endif()
+
 # --- Dependencies ---
 
 set(BUN_DEPENDENCIES
@@ -387,6 +395,54 @@ register_command(
     ${BUN_BAKE_RUNTIME_OUTPUTS}
 )
 
+set(BUN_BINDGENV2_SCRIPT ${CWD}/src/codegen/bindgenv2/script.ts)
+
+absolute_sources(BUN_BINDGENV2_SOURCES ${CWD}/cmake/sources/BindgenV2Sources.txt)
+# These sources include the script itself.
+absolute_sources(BUN_BINDGENV2_INTERNAL_SOURCES
+  ${CWD}/cmake/sources/BindgenV2InternalSources.txt)
+string(REPLACE ";" "," BUN_BINDGENV2_SOURCES_COMMA_SEPARATED
+  "${BUN_BINDGENV2_SOURCES}")
+
+execute_process(
+  COMMAND ${BUN_EXECUTABLE} run ${BUN_BINDGENV2_SCRIPT}
+    --command=list-outputs
+    --sources=${BUN_BINDGENV2_SOURCES_COMMA_SEPARATED}
+    --codegen-path=${CODEGEN_PATH}
+  RESULT_VARIABLE bindgen_result
+  OUTPUT_VARIABLE bindgen_outputs
+)
+if(${bindgen_result})
+  message(FATAL_ERROR "bindgenv2/script.ts exited with non-zero status")
+endif()
+foreach(output IN LISTS bindgen_outputs)
+  if(output MATCHES "\.cpp$")
+    list(APPEND BUN_BINDGENV2_CPP_OUTPUTS ${output})
+  elseif(output MATCHES "\.zig$")
+    list(APPEND BUN_BINDGENV2_ZIG_OUTPUTS ${output})
+  else()
+    message(FATAL_ERROR "unexpected bindgen output: [${output}]")
+  endif()
+endforeach()
+
+register_command(
+  TARGET
+    bun-bindgen-v2
+  COMMENT
+    "Generating bindings (v2)"
+  COMMAND
+    ${BUN_EXECUTABLE} run ${BUN_BINDGENV2_SCRIPT}
+      --command=generate
+      --codegen-path=${CODEGEN_PATH}
+      --sources=${BUN_BINDGENV2_SOURCES_COMMA_SEPARATED}
+  SOURCES
+    ${BUN_BINDGENV2_SOURCES}
+    ${BUN_BINDGENV2_INTERNAL_SOURCES}
+  OUTPUTS
+    ${BUN_BINDGENV2_CPP_OUTPUTS}
+    ${BUN_BINDGENV2_ZIG_OUTPUTS}
+)
+
 set(BUN_BINDGEN_SCRIPT ${CWD}/src/codegen/bindgen.ts)
 
 absolute_sources(BUN_BINDGEN_SOURCES ${CWD}/cmake/sources/BindgenSources.txt)
@@ -565,6 +621,7 @@ set(BUN_ZIG_GENERATED_SOURCES
   ${BUN_ZIG_GENERATED_CLASSES_OUTPUTS}
   ${BUN_JAVASCRIPT_OUTPUTS}
   ${BUN_CPP_OUTPUTS}
+  ${BUN_BINDGENV2_ZIG_OUTPUTS}
 )
 
 # In debug builds, these are not embedded, but rather referenced at runtime.
@@ -578,7 +635,13 @@ if (TEST)
   set(BUN_ZIG_OUTPUT ${BUILD_PATH}/bun-test.o)
   set(ZIG_STEPS test)
 else()
-  set(BUN_ZIG_OUTPUT ${BUILD_PATH}/bun-zig.o)
+  if (LLVM_ZIG_CODEGEN_THREADS GREATER 1)
+    foreach(i RANGE ${LLVM_ZIG_CODEGEN_THREADS})
+      list(APPEND BUN_ZIG_OUTPUT ${BUILD_PATH}/bun-zig.${i}.o)
+    endforeach()
+  else()
+    set(BUN_ZIG_OUTPUT ${BUILD_PATH}/bun-zig.o)
+  endif()
   set(ZIG_STEPS obj)
 endif()
 
@@ -622,6 +685,8 @@ register_command(
       -Denable_logs=$<IF:$<BOOL:${ENABLE_LOGS}>,true,false>
       -Denable_asan=$<IF:$<BOOL:${ENABLE_ZIG_ASAN}>,true,false>
       -Denable_valgrind=$<IF:$<BOOL:${ENABLE_VALGRIND}>,true,false>
+      -Duse_mimalloc=$<IF:$<BOOL:${USE_MIMALLOC_AS_DEFAULT_ALLOCATOR}>,true,false>
+      -Dllvm_codegen_threads=${LLVM_ZIG_CODEGEN_THREADS}
       -Dversion=${VERSION}
       -Dreported_nodejs_version=${NODEJS_VERSION}
       -Dcanary=${CANARY_REVISION}
@@ -697,6 +762,7 @@ list(APPEND BUN_CPP_SOURCES
   ${BUN_JAVASCRIPT_OUTPUTS}
   ${BUN_OBJECT_LUT_OUTPUTS}
   ${BUN_BINDGEN_CPP_OUTPUTS}
+  ${BUN_BINDGENV2_CPP_OUTPUTS}
 )
 
 if(WIN32)
@@ -753,7 +819,7 @@ set_target_properties(${bun} PROPERTIES
   CXX_STANDARD_REQUIRED YES
   CXX_EXTENSIONS YES
   CXX_VISIBILITY_PRESET hidden
-  C_STANDARD 17
+  C_STANDARD 23
   C_STANDARD_REQUIRED YES
   VISIBILITY_INLINES_HIDDEN YES
 )
@@ -834,6 +900,10 @@ if(WIN32)
   )
 endif()
 
+if(USE_MIMALLOC_AS_DEFAULT_ALLOCATOR)
+  target_compile_definitions(${bun} PRIVATE USE_MIMALLOC=1)
+endif()
+
 target_compile_definitions(${bun} PRIVATE
   _HAS_EXCEPTIONS=0
   LIBUS_USE_OPENSSL=1
@@ -975,7 +1045,6 @@ if(APPLE)
     -Wl,-no_compact_unwind
     -Wl,-stack_size,0x1200000
     -fno-keep-static-consts
-    -Wl,-map,${bun}.linker-map
   )
 
   if(DEBUG)
@@ -995,6 +1064,7 @@ if(APPLE)
     target_link_options(${bun} PUBLIC
       -dead_strip
       -dead_strip_dylibs
+      -Wl,-map,${bun}.linker-map
     )
   endif()
 endif()
@@ -1028,6 +1098,17 @@ if(LINUX)
     )
   endif()
 
+  if (ENABLE_LTO)
+    # We are optimizing for size at a slight debug-ability cost
+    target_link_options(${bun} PUBLIC
+      -Wl,--no-eh-frame-hdr
+    )
+  else()
+    target_link_options(${bun} PUBLIC
+      -Wl,--eh-frame-hdr
+    )
+  endif()
+
   target_link_options(${bun} PUBLIC
     --ld-path=${LLD_PROGRAM}
     -fno-pic
@@ -1042,11 +1123,9 @@ if(LINUX)
     # make debug info faster to load
     -Wl,--gdb-index
     -Wl,-z,combreloc
-    -Wl,--no-eh-frame-hdr
     -Wl,--sort-section=name
     -Wl,--hash-style=both
     -Wl,--build-id=sha1  # Better for debugging than default
-    -Wl,-Map=${bun}.linker-map
   )
 
   # don't strip in debug, this seems to be needed so that the Zig std library
@@ -1061,6 +1140,7 @@ if(LINUX)
   if (NOT DEBUG AND NOT ENABLE_ASAN AND NOT ENABLE_VALGRIND)
     target_link_options(${bun} PUBLIC
       -Wl,-icf=safe
+      -Wl,-Map=${bun}.linker-map
     )
   endif()
 
@@ -1382,7 +1462,7 @@ if(NOT BUN_CPP_ONLY)
       list(APPEND bunFiles ${bun}.dSYM)
     endif()
 
-    if(APPLE OR LINUX)
+    if((APPLE OR LINUX) AND NOT ENABLE_ASAN)
       list(APPEND bunFiles ${bun}.linker-map)
     endif()
 

cmake/targets/BuildHighway.cmake

@@ -4,7 +4,7 @@ register_repository(
   REPOSITORY
     google/highway
   COMMIT
-    12b325bc1793dee68ab2157995a690db859fe9e0
+    ac0d5d297b13ab1b89f48484fc7911082d76a93f
 )
 
 set(HIGHWAY_CMAKE_ARGS

cmake/targets/BuildLibuv.cmake

@@ -4,8 +4,8 @@ register_repository(
   REPOSITORY
     libuv/libuv
   COMMIT
-    # Corresponds to v1.51.0
-    5152db2cbfeb5582e9c27c5ea1dba2cd9e10759b
+    # Latest HEAD (includes recursion bug fix #4784)
+    f3ce527ea940d926c40878ba5de219640c362811
 )
 
 if(WIN32)

cmake/tools/SetupWebKit.cmake

@@ -2,7 +2,7 @@ option(WEBKIT_VERSION "The version of WebKit to use")
 option(WEBKIT_LOCAL "If a local version of WebKit should be used instead of downloading")
 
 if(NOT WEBKIT_VERSION)
-  set(WEBKIT_VERSION 69fa2714ab5f917c2d15501ff8cfdccfaea78882)
+  set(WEBKIT_VERSION 6d0f3aac0b817cc01a846b3754b21271adedac12)
 endif()
 
 string(SUBSTRING ${WEBKIT_VERSION} 0 16 WEBKIT_VERSION_PREFIX)

cmake/tools/SetupZig.cmake

@@ -20,7 +20,7 @@ else()
   unsupported(CMAKE_SYSTEM_NAME)
 endif()
 
-set(ZIG_COMMIT "e0b7c318f318196c5f81fdf3423816a7b5bb3112")
+set(ZIG_COMMIT "55fdbfa0c86be86b68d43a4ba761e6909eb0d7b2")
 optionx(ZIG_TARGET STRING "The zig target to use" DEFAULT ${DEFAULT_ZIG_TARGET})
 
 if(CMAKE_BUILD_TYPE STREQUAL "Release")

docs/api/fetch.md

@@ -233,6 +233,7 @@ In addition to the standard fetch options, Bun provides several extensions:
 ```ts
 const response = await fetch("http://example.com", {
   // Control automatic response decompression (default: true)
+  // Supports gzip, deflate, brotli (br), and zstd
   decompress: true,
 
   // Disable connection reuse for this request
@@ -339,7 +340,7 @@ This will print the request and response headers to your terminal:
 [fetch] > User-Agent: Bun/$BUN_LATEST_VERSION
 [fetch] > Accept: */*
 [fetch] > Host: example.com
-[fetch] > Accept-Encoding: gzip, deflate, br
+[fetch] > Accept-Encoding: gzip, deflate, br, zstd
 
 [fetch] < 200 OK
 [fetch] < Content-Encoding: gzip

docs/api/glob.md

@@ -155,3 +155,24 @@ const glob = new Glob("\\!index.ts");
 glob.match("!index.ts"); // => true
 glob.match("index.ts"); // => false
 ```
+
+## Node.js `fs.glob()` compatibility
+
+Bun also implements Node.js's `fs.glob()` functions with additional features:
+
+```ts
+import { glob, globSync, promises } from "node:fs";
+
+// Array of patterns
+const files = await promises.glob(["**/*.ts", "**/*.js"]);
+
+// Exclude patterns
+const filtered = await promises.glob("**/*", {
+  exclude: ["node_modules/**", "*.test.*"],
+});
+```
+
+All three functions (`fs.glob()`, `fs.globSync()`, `fs.promises.glob()`) support:
+
+- Array of patterns as the first argument
+- `exclude` option to filter results

docs/api/http.md

@@ -536,7 +536,7 @@ You can also access the `Server` object from the `fetch` handler. It's the secon
 const server = Bun.serve({
   fetch(req, server) {
     const ip = server.requestIP(req);
-    return new Response(`Your IP is ${ip}`);
+    return new Response(`Your IP is ${ip.address}`);
   },
 });
 ```

docs/api/redis.md

@@ -42,6 +42,7 @@ await client.incr("counter");
 By default, the client reads connection information from the following environment variables (in order of precedence):
 
 - `REDIS_URL`
+- `VALKEY_URL`
 - If not set, defaults to `"redis://localhost:6379"`
 
 ### Connection Lifecycle
@@ -88,6 +89,9 @@ await redis.set("user:1:name", "Alice");
 // Get a key
 const name = await redis.get("user:1:name");
 
+// Get a key as Uint8Array
+const buffer = await redis.getBuffer("user:1:name");
+
 // Delete a key
 await redis.del("user:1:name");
 
@@ -132,6 +136,10 @@ await redis.hmset("user:123", [
 const userFields = await redis.hmget("user:123", ["name", "email"]);
 console.log(userFields); // ["Alice", "alice@example.com"]
 
+// Get single field from hash (returns value directly, null if missing)
+const userName = await redis.hget("user:123", "name");
+console.log(userName); // "Alice"
+
 // Increment a numeric field in a hash
 await redis.hincrby("user:123", "visits", 1);
 

docs/api/sql.md

@@ -377,6 +377,22 @@ const users = [
 await sql`SELECT * FROM users WHERE id IN ${sql(users, "id")}`;
 ```
 
+### `sql.array` helper
+
+The `sql.array` helper creates PostgreSQL array literals from JavaScript arrays:
+
+```ts
+// Create array literals for PostgreSQL
+await sql`INSERT INTO tags (items) VALUES (${sql.array(["red", "blue", "green"])})`;
+// Generates: INSERT INTO tags (items) VALUES (ARRAY['red', 'blue', 'green'])
+
+// Works with numeric arrays too
+await sql`SELECT * FROM products WHERE ids = ANY(${sql.array([1, 2, 3])})`;
+// Generates: SELECT * FROM products WHERE ids = ANY(ARRAY[1, 2, 3])
+```
+
+**Note**: `sql.array` is PostgreSQL-only. Multi-dimensional arrays and NULL elements may not be supported yet.
+
 ## `sql``.simple()`
 
 The PostgreSQL wire protocol supports two types of queries: "simple" and "extended". Simple queries can contain multiple statements but don't support parameters, while extended queries (the default) support parameters but only allow one statement.

docs/api/sqlite.md

@@ -663,6 +663,8 @@ class Statement<Params, ReturnType> {
   toString(): string; // serialize to SQL
 
   columnNames: string[]; // the column names of the result set
+  columnTypes: string[]; // types based on actual values in first row (call .get()/.all() first)
+  declaredTypes: (string | null)[]; // types from CREATE TABLE schema (call .get()/.all() first)
   paramsCount: number; // the number of parameters expected by the statement
   native: any; // the native object representing the statement
 

docs/api/streams.md

@@ -28,6 +28,20 @@ for await (const chunk of stream) {
 }
 ```
 
+`ReadableStream` also provides convenience methods for consuming the entire stream:
+
+```ts
+const stream = new ReadableStream({
+  start(controller) {
+    controller.enqueue("hello world");
+    controller.close();
+  },
+});
+
+const data = await stream.text(); // => "hello world"
+// Also available: .json(), .bytes(), .blob()
+```
+
 ## Direct `ReadableStream`
 
 Bun implements an optimized version of `ReadableStream` that avoid unnecessary data copying & queue management logic. With a traditional `ReadableStream`, chunks of data are _enqueued_. Each chunk is copied into a queue, where it sits until the stream is ready to send more data.

docs/api/utils.md

@@ -602,6 +602,40 @@ dec.decode(decompressed);
 // => "hellohellohello..."
 ```
 
+## `Bun.zstdCompress()` / `Bun.zstdCompressSync()`
+
+Compresses a `Uint8Array` using the Zstandard algorithm.
+
+```ts
+const buf = Buffer.from("hello".repeat(100));
+
+// Synchronous
+const compressedSync = Bun.zstdCompressSync(buf);
+// Asynchronous
+const compressedAsync = await Bun.zstdCompress(buf);
+
+// With compression level (1-22, default: 3)
+const compressedLevel = Bun.zstdCompressSync(buf, { level: 6 });
+```
+
+## `Bun.zstdDecompress()` / `Bun.zstdDecompressSync()`
+
+Decompresses a `Uint8Array` using the Zstandard algorithm.
+
+```ts
+const buf = Buffer.from("hello".repeat(100));
+const compressed = Bun.zstdCompressSync(buf);
+
+// Synchronous
+const decompressedSync = Bun.zstdDecompressSync(compressed);
+// Asynchronous
+const decompressedAsync = await Bun.zstdDecompress(compressed);
+
+const dec = new TextDecoder();
+dec.decode(decompressedSync);
+// => "hellohellohello..."
+```
+
 ## `Bun.inspect()`
 
 Serializes an object to a `string` exactly as it would be printed by `console.log`.

docs/api/websockets.md

@@ -107,6 +107,8 @@ Bun.serve({
 
 Contextual `data` can be attached to a new WebSocket in the `.upgrade()` call. This data is made available on the `ws.data` property inside the WebSocket handlers.
 
+To strongly type `ws.data`, add a `data` property to the `websocket` handler object. This types `ws.data` across all lifecycle hooks.
+
 ```ts
 type WebSocketData = {
   createdAt: number;
@@ -114,8 +116,7 @@ type WebSocketData = {
   authToken: string;
 };
 
-// TypeScript: specify the type of `data`
-Bun.serve<WebSocketData>({
+Bun.serve({
   fetch(req, server) {
     const cookies = new Bun.CookieMap(req.headers.get("cookie")!);
 
@@ -131,8 +132,12 @@ Bun.serve<WebSocketData>({
     return undefined;
   },
   websocket: {
+    // TypeScript: specify the type of ws.data like this
+    data: {} as WebSocketData,
+
     // handler called when a message is received
     async message(ws, message) {
+      // ws.data is now properly typed as WebSocketData
       const user = getUserFromToken(ws.data.authToken);
 
       await saveMessageToDatabase({
@@ -145,6 +150,10 @@ Bun.serve<WebSocketData>({
 });
 ```
 
+{% callout %}
+**Note:** Previously, you could specify the type of `ws.data` using a type parameter on `Bun.serve`, like `Bun.serve<MyData>({...})`. This pattern was removed due to [a limitation in TypeScript](https://github.com/microsoft/TypeScript/issues/26242) in favor of the `data` property shown above.
+{% /callout %}
+
 To connect to this server from the browser, create a new `WebSocket`.
 
 ```ts#browser.js
@@ -164,7 +173,7 @@ socket.addEventListener("message", event => {
 Bun's `ServerWebSocket` implementation implements a native publish-subscribe API for topic-based broadcasting. Individual sockets can `.subscribe()` to a topic (specified with a string identifier) and `.publish()` messages to all other subscribers to that topic (excluding itself). This topic-based broadcast API is similar to [MQTT](https://en.wikipedia.org/wiki/MQTT) and [Redis Pub/Sub](https://redis.io/topics/pubsub).
 
 ```ts
-const server = Bun.serve<{ username: string }>({
+const server = Bun.serve({
   fetch(req, server) {
     const url = new URL(req.url);
     if (url.pathname === "/chat") {
@@ -179,6 +188,9 @@ const server = Bun.serve<{ username: string }>({
     return new Response("Hello world");
   },
   websocket: {
+    // TypeScript: specify the type of ws.data like this
+    data: {} as { username: string },
+
     open(ws) {
       const msg = `${ws.data.username} has entered the chat`;
       ws.subscribe("the-group-chat");
@@ -279,6 +291,9 @@ Bun implements the `WebSocket` class. To create a WebSocket client that connects
 
 ```ts
 const socket = new WebSocket("ws://localhost:3000");
+
+// With subprotocol negotiation
+const socket2 = new WebSocket("ws://localhost:3000", ["soap", "wamp"]);
 ```
 
 In browsers, the cookies that are currently set on the page will be sent with the WebSocket upgrade request. This is a standard feature of the `WebSocket` API.
@@ -293,6 +308,17 @@ const socket = new WebSocket("ws://localhost:3000", {
 });
 ```
 
+### Client compression
+
+WebSocket clients support permessage-deflate compression. The `extensions` property shows negotiated compression:
+
+```ts
+const socket = new WebSocket("wss://echo.websocket.org");
+socket.addEventListener("open", () => {
+  console.log(socket.extensions); // => "permessage-deflate"
+});
+```
+
 To add event listeners to the socket:
 
 ```ts

docs/api/workers.md

@@ -282,6 +282,31 @@ const worker = new Worker("./i-am-smol.ts", {
 Setting `smol: true` sets `JSC::HeapSize` to be `Small` instead of the default `Large`.
 {% /details %}
 
+## Environment Data
+
+Share data between the main thread and workers using `setEnvironmentData()` and `getEnvironmentData()`.
+
+```js
+import { setEnvironmentData, getEnvironmentData } from "worker_threads";
+
+// In main thread
+setEnvironmentData("config", { apiUrl: "https://api.example.com" });
+
+// In worker
+const config = getEnvironmentData("config");
+console.log(config); // => { apiUrl: "https://api.example.com" }
+```
+
+## Worker Events
+
+Listen for worker creation events using `process.emit()`:
+
+```js
+process.on("worker", worker => {
+  console.log("New worker created:", worker.threadId);
+});
+```
+
 ## `Bun.isMainThread`
 
 You can check if you're in the main thread by checking `Bun.isMainThread`.

docs/bundler/executables.md

@@ -140,6 +140,19 @@ The `--sourcemap` argument embeds a sourcemap compressed with zstd, so that erro
 
 The `--bytecode` argument enables bytecode compilation. Every time you run JavaScript code in Bun, JavaScriptCore (the engine) will compile your source code into bytecode. We can move this parsing work from runtime to bundle time, saving you startup time.
 
+## Embedding runtime arguments
+
+**`--compile-exec-argv="args"`** - Embed runtime arguments that are available via `process.execArgv`:
+
+```bash
+bun build --compile --compile-exec-argv="--smol --user-agent=MyBot" ./app.ts --outfile myapp
+```
+
+```js
+// In the compiled app
+console.log(process.execArgv); // ["--smol", "--user-agent=MyBot"]
+```
+
 ## Act as the Bun CLI
 
 {% note %}
@@ -573,12 +586,41 @@ Codesign support requires Bun v1.2.4 or newer.
 
 {% /callout %}
 
+## Code splitting
+
+Standalone executables support code splitting. Use `--compile` with `--splitting` to create an executable that loads code-split chunks at runtime.
+
+```bash
+$ bun build --compile --splitting ./src/entry.ts --outdir ./build
+```
+
+{% codetabs %}
+
+```ts#src/entry.ts
+console.log("Entrypoint loaded");
+const lazy = await import("./lazy.ts");
+lazy.hello();
+```
+
+```ts#src/lazy.ts
+export function hello() {
+  console.log("Lazy module loaded");
+}
+```
+
+{% /codetabs %}
+
+```bash
+$ ./build/entry
+Entrypoint loaded
+Lazy module loaded
+```
+
 ## Unsupported CLI arguments
 
 Currently, the `--compile` flag can only accept a single entrypoint at a time and does not support the following flags:
 
-- `--outdir` — use `outfile` instead.
-- `--splitting`
+- `--outdir` — use `outfile` instead (except when using with `--splitting`).
 - `--public-path`
 - `--target=node` or `--target=browser`
 - `--no-bundle` - we always bundle everything into the executable.

docs/bundler/index.md

@@ -313,6 +313,14 @@ $ bun build --entrypoints ./index.ts --outdir ./out --target browser
 
 Depending on the target, Bun will apply different module resolution rules and optimizations.
 
+### Module resolution
+
+Bun supports the `NODE_PATH` environment variable for additional module resolution paths:
+
+```bash
+NODE_PATH=./src bun build ./entry.js --outdir ./dist
+```
+
 <!-- - Module resolution. For example, when bundling for the browser, Bun will prioritize the `"browser"` export condition when resolving imports. An error will be thrown if any Node.js or Bun built-ins are imported or used, e.g. `node:fs` or `Bun.serve`. -->
 
 {% table %}
@@ -392,6 +400,55 @@ $ bun build ./index.tsx --outdir ./out --format cjs
 
 TODO: document IIFE once we support globalNames.
 
+### `jsx`
+
+Configure JSX transform behavior. Allows fine-grained control over how JSX is compiled.
+
+**Classic runtime example** (uses `factory` and `fragment`):
+
+{% codetabs %}
+
+```ts#JavaScript
+await Bun.build({
+  entrypoints: ['./app.tsx'],
+  outdir: './out',
+  jsx: {
+    factory: 'h',
+    fragment: 'Fragment',
+    runtime: 'classic',
+  },
+})
+```
+
+```bash#CLI
+# JSX configuration is handled via bunfig.toml or tsconfig.json
+$ bun build ./app.tsx --outdir ./out
+```
+
+{% /codetabs %}
+
+**Automatic runtime example** (uses `importSource`):
+
+{% codetabs %}
+
+```ts#JavaScript
+await Bun.build({
+  entrypoints: ['./app.tsx'],
+  outdir: './out',
+  jsx: {
+    importSource: 'preact',
+    runtime: 'automatic',
+  },
+})
+```
+
+```bash#CLI
+# JSX configuration is handled via bunfig.toml or tsconfig.json
+$ bun build ./app.tsx --outdir ./out
+```
+
+{% /codetabs %}
+
 ### `splitting`
 
 Whether to enable code splitting.
@@ -1519,6 +1576,15 @@ interface BuildConfig {
    * @default "esm"
    */
   format?: "esm" | "cjs" | "iife";
+  /**
+   * JSX configuration object for controlling JSX transform behavior
+   */
+  jsx?: {
+    factory?: string;
+    fragment?: string;
+    importSource?: string;
+    runtime?: "automatic" | "classic";
+  };
   naming?:
     | string
     | {
@@ -1534,7 +1600,7 @@ interface BuildConfig {
   publicPath?: string;
   define?: Record<string, string>;
   loader?: { [k in string]: Loader };
-  sourcemap?: "none" | "linked" | "inline" | "external" | "linked" | boolean; // default: "none", true -> "inline"
+  sourcemap?: "none" | "linked" | "inline" | "external" | boolean; // default: "none", true -> "inline"
   /**
    * package.json `exports` conditions used when resolving imports
    *

docs/cli/bun-install.md

@@ -176,7 +176,21 @@ When a `bun.lock` exists and `package.json` hasn’t changed, Bun downloads miss
 
 ## Platform-specific dependencies?
 
-bun stores normalized `cpu` and `os` values from npm in the lockfile, along with the resolved packages. It skips downloading, extracting, and installing packages disabled for the current target at runtime. This means the lockfile won’t change between platforms/architectures even if the packages ultimately installed do change.
+bun stores normalized `cpu` and `os` values from npm in the lockfile, along with the resolved packages. It skips downloading, extracting, and installing packages disabled for the current target at runtime. This means the lockfile won't change between platforms/architectures even if the packages ultimately installed do change.
+
+### `--cpu` and `--os` flags
+
+You can override the target platform for package selection:
+
+```bash
+bun install --cpu=x64 --os=linux
+```
+
+This installs packages for the specified platform instead of the current system. Useful for cross-platform builds or when preparing deployments for different environments.
+
+**Accepted values for `--cpu`**: `arm64`, `x64`, `ia32`, `ppc64`, `s390x`
+
+**Accepted values for `--os`**: `linux`, `darwin`, `win32`, `freebsd`, `openbsd`, `sunos`, `aix`
 
 ## Peer dependencies?
 
@@ -245,3 +259,91 @@ bun uses a binary format for caching NPM registry responses. This loads much fas
 You will see these files in `~/.bun/install/cache/*.npm`. The filename pattern is `${hash(packageName)}.npm`. It’s a hash so that extra directories don’t need to be created for scoped packages.
 
 Bun's usage of `Cache-Control` ignores `Age`. This improves performance, but means bun may be about 5 minutes out of date to receive the latest package version metadata from npm.
+
+## pnpm migration
+
+Bun automatically migrates projects from pnpm to bun. When a `pnpm-lock.yaml` file is detected and no `bun.lock` file exists, Bun will automatically migrate the lockfile to `bun.lock` during installation. The original `pnpm-lock.yaml` file remains unmodified.
+
+```bash
+bun install
+```
+
+**Note**: Migration only runs when `bun.lock` is absent. There is currently no opt-out flag for pnpm migration.
+
+The migration process handles:
+
+### Lockfile Migration
+
+- Converts `pnpm-lock.yaml` to `bun.lock` format
+- Preserves package versions and resolution information
+- Maintains dependency relationships and peer dependencies
+- Handles patched dependencies with integrity hashes
+
+### Workspace Configuration
+
+When a `pnpm-workspace.yaml` file exists, Bun migrates workspace settings to your root `package.json`:
+
+```yaml
+# pnpm-workspace.yaml
+packages:
+  - "apps/*"
+  - "packages/*"
+
+catalog:
+  react: ^18.0.0
+  typescript: ^5.0.0
+
+catalogs:
+  build:
+    webpack: ^5.0.0
+    babel: ^7.0.0
+```
+
+The workspace packages list and catalogs are moved to the `workspaces` field in `package.json`:
+
+```json
+{
+  "workspaces": {
+    "packages": ["apps/*", "packages/*"],
+    "catalog": {
+      "react": "^18.0.0",
+      "typescript": "^5.0.0"
+    },
+    "catalogs": {
+      "build": {
+        "webpack": "^5.0.0",
+        "babel": "^7.0.0"
+      }
+    }
+  }
+}
+```
+
+### Catalog Dependencies
+
+Dependencies using pnpm's `catalog:` protocol are preserved:
+
+```json
+{
+  "dependencies": {
+    "react": "catalog:",
+    "webpack": "catalog:build"
+  }
+}
+```
+
+### Configuration Migration
+
+The following pnpm configuration is migrated from both `pnpm-lock.yaml` and `pnpm-workspace.yaml`:
+
+- **Overrides**: Moved from `pnpm.overrides` to root-level `overrides` in `package.json`
+- **Patched Dependencies**: Moved from `pnpm.patchedDependencies` to root-level `patchedDependencies` in `package.json`
+- **Workspace Overrides**: Applied from `pnpm-workspace.yaml` to root `package.json`
+
+### Requirements
+
+- Requires pnpm lockfile version 7 or higher
+- Workspace packages must have a `name` field in their `package.json`
+- All catalog entries referenced by dependencies must exist in the catalogs definition
+
+After migration, you can safely remove `pnpm-lock.yaml` and `pnpm-workspace.yaml` files.

docs/cli/bunx.md

@@ -63,6 +63,15 @@ $ bunx --bun my-cli # good
 $ bunx my-cli --bun # bad
 ```
 
+## Package flag
+
+**`--package <pkg>` or `-p <pkg>`** - Run binary from specific package. Useful when binary name differs from package name:
+
+```bash
+bunx -p renovate renovate-config-validator
+bunx --package @angular/cli ng
+```
+
 To force bun to always be used with a script, use a shebang.
 
 ```

docs/cli/init.md

@@ -2,20 +2,29 @@ Scaffold an empty Bun project with the interactive `bun init` command.
 
 ```bash
 $ bun init
-bun init helps you get started with a minimal project and tries to
-guess sensible defaults. Press ^C anytime to quit.
 
-package name (quickstart):
-entry point (index.ts):
+? Select a project template - Press return to submit.
+❯ Blank
+  React
+  Library
 
-Done! A package.json file was saved in the current directory.
- + index.ts
- + .gitignore
- + tsconfig.json (for editor auto-complete)
- + README.md
+✓ Select a project template: Blank
+
++ .gitignore
++ index.ts
++ tsconfig.json (for editor autocomplete)
++ README.md
 
 To get started, run:
-  bun run index.ts
+
+    bun run index.ts
+
+bun install v$BUN_LATEST_VERSION
+
++ @types/bun@$BUN_LATEST_VERSION
++ typescript@5.9.2
+
+7 packages installed
 ```
 
 Press `enter` to accept the default answer for each prompt, or pass the `-y` flag to auto-accept the defaults.
@@ -33,6 +42,11 @@ It creates:
 - an entry point which defaults to `index.ts` unless any of `index.{tsx, jsx, js, mts, mjs}` exist or the `package.json` specifies a `module` or `main` field
 - a `README.md` file
 
+AI Agent rules (disable with `$BUN_AGENT_RULE_DISABLED=1`):
+
+- a `CLAUDE.md` file when Claude CLI is detected (disable with `CLAUDE_CODE_AGENT_RULE_DISABLED` env var)
+- a `.cursor/rules/*.mdc` file to guide [Cursor AI](https://cursor.sh) to use Bun instead of Node.js and npm when Cursor is detected
+
 If you pass `-y` or `--yes`, it will assume you want to continue without asking questions.
 
 At the end, it runs `bun install` to install `@types/bun`.

docs/cli/install.md

@@ -221,6 +221,38 @@ Bun uses a global cache at `~/.bun/install/cache/` to minimize disk usage. Packa
 
 For complete documentation refer to [Package manager > Global cache](https://bun.com/docs/install/cache).
 
+## Minimum release age
+
+To protect against supply chain attacks where malicious packages are quickly published, you can configure a minimum age requirement for npm packages. Package versions published more recently than the specified threshold (in seconds) will be filtered out during installation.
+
+```bash
+# Only install package versions published at least 3 days ago
+$ bun add @types/bun --minimum-release-age 259200 # seconds
+```
+
+You can also configure this in `bunfig.toml`:
+
+```toml
+[install]
+# Only install package versions published at least 3 days ago
+minimumReleaseAge = 259200 # seconds
+
+# Exclude trusted packages from the age gate
+minimumReleaseAgeExcludes = ["@types/node", "typescript"]
+```
+
+When the minimum age filter is active:
+
+- Only affects new package resolution - existing packages in `bun.lock` remain unchanged
+- All dependencies (direct and transitive) are filtered to meet the age requirement when being resolved
+- When versions are blocked by the age gate, a stability check detects rapid bugfix patterns
+  - If multiple versions were published close together just outside your age gate, it extends the filter to skip those potentially unstable versions and selects an older, more mature version
+  - Searches up to 7 days after the age gate, however if still finding rapid releases it ignores stability check
+  - Exact version requests (like `package@1.1.1`) still respect the age gate but bypass the stability check
+- Versions without a `time` field are treated as passing the age check (npm registry should always provide timestamps)
+
+For more advanced security scanning, including integration with services & custom filtering, see [Package manager > Security Scanner API](https://bun.com/docs/install/security-scanner-api).
+
 ## Configuration
 
 The default behavior of `bun install` can be configured in `bunfig.toml`. The default values are shown below.
@@ -255,6 +287,10 @@ concurrentScripts = 16 # (cpu count or GOMAXPROCS) x2
 # installation strategy: "hoisted" or "isolated"
 # default: "hoisted"
 linker = "hoisted"
+
+# minimum age config
+minimumReleaseAge = 259200 # seconds
+minimumReleaseAgeExcludes = ["@types/node", "typescript"]
 ```
 
 ## CI/CD

docs/cli/outdated.md

@@ -44,4 +44,47 @@ You can also pass glob patterns to filter by workspace names:
 
 {% bunOutdatedTerminal  glob="{e,t}*" displayGlob="--filter='@monorepo/{types,cli}'" /%}
 
+### Catalog Dependencies
+
+`bun outdated` supports checking catalog dependencies defined in `package.json`:
+
+```sh
+$ bun outdated -r
+┌────────────────────┬─────────┬─────────┬─────────┬────────────────────────────────┐
+│ Package            │ Current │ Update  │ Latest  │ Workspace                      │
+├────────────────────┼─────────┼─────────┼─────────┼────────────────────────────────┤
+│ body-parser        │ 1.19.0  │ 1.19.0  │ 2.2.0   │ @test/shared                   │
+├────────────────────┼─────────┼─────────┼─────────┼────────────────────────────────┤
+│ cors               │ 2.8.0   │ 2.8.0   │ 2.8.5   │ @test/shared                   │
+├────────────────────┼─────────┼─────────┼─────────┼────────────────────────────────┤
+│ chalk              │ 4.0.0   │ 4.0.0   │ 5.6.2   │ @test/utils                    │
+├────────────────────┼─────────┼─────────┼─────────┼────────────────────────────────┤
+│ uuid               │ 8.0.0   │ 8.0.0   │ 13.0.0  │ @test/utils                    │
+├────────────────────┼─────────┼─────────┼─────────┼────────────────────────────────┤
+│ axios              │ 0.21.0  │ 0.21.0  │ 1.12.2  │ catalog (@test/app)            │
+├────────────────────┼─────────┼─────────┼─────────┼────────────────────────────────┤
+│ lodash             │ 4.17.15 │ 4.17.15 │ 4.17.21 │ catalog (@test/app, @test/app) │
+├────────────────────┼─────────┼─────────┼─────────┼────────────────────────────────┤
+│ react              │ 17.0.0  │ 17.0.0  │ 19.1.1  │ catalog (@test/app)            │
+├────────────────────┼─────────┼─────────┼─────────┼────────────────────────────────┤
+│ react-dom          │ 17.0.0  │ 17.0.0  │ 19.1.1  │ catalog (@test/app)            │
+├────────────────────┼─────────┼─────────┼─────────┼────────────────────────────────┤
+│ express            │ 4.17.0  │ 4.17.0  │ 5.1.0   │ catalog (@test/shared)         │
+├────────────────────┼─────────┼─────────┼─────────┼────────────────────────────────┤
+│ moment             │ 2.24.0  │ 2.24.0  │ 2.30.1  │ catalog (@test/utils)          │
+├────────────────────┼─────────┼─────────┼─────────┼────────────────────────────────┤
+│ @types/node (dev)  │ 14.0.0  │ 14.0.0  │ 24.5.2  │ @test/shared                   │
+├────────────────────┼─────────┼─────────┼─────────┼────────────────────────────────┤
+│ @types/react (dev) │ 17.0.0  │ 17.0.0  │ 19.1.15 │ catalog:testing (@test/app)    │
+├────────────────────┼─────────┼─────────┼─────────┼────────────────────────────────┤
+│ eslint (dev)       │ 7.0.0   │ 7.0.0   │ 9.36.0  │ catalog:testing (@test/app)    │
+├────────────────────┼─────────┼─────────┼─────────┼────────────────────────────────┤
+│ typescript (dev)   │ 4.9.5   │ 4.9.5   │ 5.9.2   │ catalog:build (@test/app)      │
+├────────────────────┼─────────┼─────────┼─────────┼────────────────────────────────┤
+│ jest (dev)         │ 26.0.0  │ 26.0.0  │ 30.2.0  │ catalog:testing (@test/shared) │
+├────────────────────┼─────────┼─────────┼─────────┼────────────────────────────────┤
+│ prettier (dev)     │ 2.0.0   │ 2.0.0   │ 3.6.2   │ catalog:build (@test/utils)    │
+└────────────────────┴─────────┴─────────┴─────────┴────────────────────────────────┘
+```
+
 {% bunCLIUsage command="outdated" /%}

docs/cli/publish.md

@@ -82,6 +82,14 @@ The `--dry-run` flag can be used to simulate the publish process without actuall
 $ bun publish --dry-run
 ```
 
+### `--tolerate-republish`
+
+Exit with code 0 instead of 1 if the package version already exists. Useful in CI/CD where jobs may be re-run.
+
+```sh
+$ bun publish --tolerate-republish
+```
+
 ### `--gzip-level`
 
 Specify the level of gzip compression to use when packing the package. Only applies to `bun publish` without a tarball path argument. Values range from `0` to `9` (default is `9`).

docs/cli/run.md

@@ -151,6 +151,14 @@ By default, Bun respects this shebang and executes the script with `node`. Howev
 $ bun run --bun vite
 ```
 
+### `--no-addons`
+
+Disable native addons and use the `node-addons` export condition.
+
+```bash
+$ bun --no-addons run server.js
+```
+
 ### Filtering
 
 In monorepos containing multiple packages, you can use the `--filter` argument to execute scripts in many packages at once.
@@ -166,6 +174,14 @@ will execute `<script>` in both `bar` and `baz`, but not in `foo`.
 
 Find more details in the docs page for [filter](https://bun.com/docs/cli/filter#running-scripts-with-filter).
 
+### `--workspaces`
+
+Run scripts across all workspaces in the monorepo:
+
+```bash
+bun run --workspaces test
+```
+
 ## `bun run -` to pipe code from stdin
 
 `bun run -` lets you read JavaScript, TypeScript, TSX, or JSX from stdin and execute it without writing to a temporary file first.
@@ -212,6 +228,14 @@ $ bun --smol run index.tsx
 
 This causes the garbage collector to run more frequently, which can slow down execution. However, it can be useful in environments with limited memory. Bun automatically adjusts the garbage collector's heap size based on the available memory (accounting for cgroups and other memory limits) with and without the `--smol` flag, so this is mostly useful for cases where you want to make the heap size grow more slowly.
 
+## `--user-agent`
+
+**`--user-agent <string>`** - Set User-Agent header for all `fetch()` requests:
+
+```bash
+bun --user-agent "MyBot/1.0" run index.tsx
+```
+
 ## Resolution order
 
 Absolute paths and paths starting with `./` or `.\\` are always executed as source files. Unless using `bun run`, running a file with an allowed extension will prefer the file over a package.json script.
@@ -223,4 +247,15 @@ When there is a package.json script and a file with the same name, `bun run` pri
 3. Binaries from project packages, eg `bun add eslint && bun run eslint`
 4. (`bun run` only) System commands, eg `bun run ls`
 
+### `--unhandled-rejections`
+
+Configure how unhandled promise rejections are handled:
+
+```bash
+$ bun --unhandled-rejections=throw script.js  # Throw exception (terminate immediately)
+$ bun --unhandled-rejections=strict script.js # Throw exception (emit rejectionHandled if handled later)
+$ bun --unhandled-rejections=warn script.js   # Print warning to stderr (default in Node.js)
+$ bun --unhandled-rejections=none script.js   # Silently ignore
+```
+
 {% bunCLIUsage command="run" /%}

docs/cli/test.md

@@ -47,6 +47,8 @@ To filter by _test name_, use the `-t`/`--test-name-pattern` flag.
 $ bun test --test-name-pattern addition
 ```
 
+When no tests match the filter, `bun test` exits with code 1.
+
 To run a specific file in the test runner, make sure the path starts with `./` or `/` to distinguish it from a filter name.
 
 ```bash
@@ -186,6 +188,11 @@ test.serial("second serial test", () => {
 test("independent test", () => {
   expect(true).toBe(true);
 });
+
+// Chaining test qualifiers
+test.failing.each([1, 2, 3])("chained qualifiers %d", input => {
+  expect(input).toBe(0); // This test is expected to fail for each input
+});
 ```
 
 ## Rerun tests

docs/cli/update.md

@@ -90,6 +90,17 @@ Packages are organized in sections by dependency type:
 
 Within each section, individual packages may have additional suffixes (` dev`, ` peer`, ` optional`) for extra clarity.
 
+## `--recursive`
+
+Use the `--recursive` flag with `--interactive` to update dependencies across all workspaces in a monorepo:
+
+```sh
+$ bun update --interactive --recursive
+$ bun update -i -r
+```
+
+This displays an additional "Workspace" column showing which workspace each dependency belongs to.
+
 ## `--latest`
 
 By default, `bun update` will update to the latest version of a dependency that satisfies the version range specified in your `package.json`.

docs/guides/websocket/context.md

@@ -7,7 +7,7 @@ When building a WebSocket server, it's typically necessary to store some identif
 With [Bun.serve()](https://bun.com/docs/api/websockets#contextual-data), this "contextual data" is set when the connection is initially upgraded by passing a `data` parameter in the `server.upgrade()` call.
 
 ```ts
-Bun.serve<{ socketId: number }>({
+Bun.serve({
   fetch(req, server) {
     const success = server.upgrade(req, {
       data: {
@@ -20,6 +20,9 @@ Bun.serve<{ socketId: number }>({
     // ...
   },
   websocket: {
+    // TypeScript: specify the type of ws.data like this
+    data: {} as { socketId: number },
+
     // define websocket handlers
     async message(ws, message) {
       // the contextual data is available as the `data` property
@@ -41,8 +44,7 @@ type WebSocketData = {
   userId: string;
 };
 
-// TypeScript: specify the type of `data`
-Bun.serve<WebSocketData>({
+Bun.serve({
   async fetch(req, server) {
     // use a library to parse cookies
     const cookies = parseCookies(req.headers.get("Cookie"));
@@ -60,6 +62,9 @@ Bun.serve<WebSocketData>({
     if (upgraded) return undefined;
   },
   websocket: {
+    // TypeScript: specify the type of ws.data like this
+    data: {} as WebSocketData,
+
     async message(ws, message) {
       // save the message to a database
       await saveMessageToDatabase({

docs/guides/websocket/pubsub.md

@@ -7,7 +7,7 @@ Bun's server-side `WebSocket` API provides a native pub-sub API. Sockets can be
 This code snippet implements a simple single-channel chat server.
 
 ```ts
-const server = Bun.serve<{ username: string }>({
+const server = Bun.serve({
   fetch(req, server) {
     const cookies = req.headers.get("cookie");
     const username = getUsernameFromCookies(cookies);
@@ -17,6 +17,9 @@ const server = Bun.serve<{ username: string }>({
     return new Response("Hello world");
   },
   websocket: {
+    // TypeScript: specify the type of ws.data like this
+    data: {} as { username: string },
+
     open(ws) {
       const msg = `${ws.data.username} has entered the chat`;
       ws.subscribe("the-group-chat");

docs/guides/websocket/simple.md

@@ -7,7 +7,7 @@ Start a simple WebSocket server using [`Bun.serve`](https://bun.com/docs/api/htt
 Inside `fetch`, we attempt to upgrade incoming `ws:` or `wss:` requests to WebSocket connections.
 
 ```ts
-const server = Bun.serve<{ authToken: string }>({
+const server = Bun.serve({
   fetch(req, server) {
     const success = server.upgrade(req);
     if (success) {

docs/install/audit.md

@@ -24,6 +24,26 @@ To update all dependencies to the latest versions (including breaking changes):
   bun update --latest
 ```
 
+### Filtering options
+
+**`--audit-level=<low|moderate|high|critical>`** - Only show vulnerabilities at this severity level or higher:
+
+```bash
+bun audit --audit-level=high
+```
+
+**`--prod`** - Audit only production dependencies (excludes devDependencies):
+
+```bash
+bun audit --prod
+```
+
+**`--ignore <CVE>`** - Ignore specific CVEs (can be used multiple times):
+
+```bash
+bun audit --ignore CVE-2022-25883 --ignore CVE-2023-26136
+```
+
 ### `--json`
 
 Use the `--json` flag to print the raw JSON response from the registry instead of the formatted report:

docs/install/index.md

@@ -89,6 +89,12 @@ $ bun install --linker isolated
 
 Isolated installs create strict dependency isolation similar to pnpm, preventing phantom dependencies and ensuring more deterministic builds. For complete documentation, see [Isolated installs](https://bun.com/docs/install/isolated).
 
+To protect against supply chain attacks, set a minimum age (in seconds) for package versions:
+
+```bash
+$ bun install --minimum-release-age 259200 # 3 days
+```
+
 {% details summary="Configuring behavior" %}
 The default behavior of `bun install` can be configured in `bunfig.toml`:
 
@@ -122,6 +128,12 @@ concurrentScripts = 16 # (cpu count or GOMAXPROCS) x2
 # installation strategy: "hoisted" or "isolated"
 # default: "hoisted"
 linker = "hoisted"
+
+# minimum package age in seconds (protects against supply chain attacks)
+minimumReleaseAge = 259200 # 3 days
+
+# exclude packages from age requirement
+minimumReleaseAgeExcludes = ["@types/node", "typescript"]
 ```
 
 {% /details %}

docs/install/isolated.md

@@ -36,7 +36,10 @@ linker = "isolated"
 
 ### Default behavior
 
-By default, Bun uses the **hoisted** installation strategy for all projects. To use isolated installs, you must explicitly specify the `--linker isolated` flag or set it in your configuration file.
+- **Workspaces**: Bun uses **isolated** installs by default to prevent hoisting-related bugs
+- **Single projects**: Bun uses **hoisted** installs by default
+
+To override the default, use `--linker hoisted` or `--linker isolated`, or set it in your configuration file.
 
 ## How isolated installs work
 
@@ -174,14 +177,13 @@ The main difference is that Bun uses symlinks in `node_modules` while pnpm uses
 
 ## When to use isolated installs
 
-**Use isolated installs when:**
+**Isolated installs are the default for workspaces.** You may want to explicitly enable them for single projects when:
 
-- Working in monorepos with multiple packages
 - Strict dependency management is required
 - Preventing phantom dependencies is important
 - Building libraries that need deterministic dependencies
 
-**Use hoisted installs when:**
+**Switch to hoisted installs (including for workspaces) when:**
 
 - Working with legacy code that assumes flat `node_modules`
 - Compatibility with existing build tools is required

docs/install/lockfile.md

@@ -46,3 +46,13 @@ print = "yarn"
 Bun v1.2 changed the default lockfile format to the text-based `bun.lock`. Existing binary `bun.lockb` lockfiles can be migrated to the new format by running `bun install --save-text-lockfile --frozen-lockfile --lockfile-only` and deleting `bun.lockb`.
 
 More information about the new lockfile format can be found on [our blogpost](https://bun.com/blog/bun-lock-text-lockfile).
+
+#### Automatic lockfile migration
+
+When running `bun install` in a project without a `bun.lock`, Bun automatically migrates existing lockfiles:
+
+- `yarn.lock` (v1)
+- `package-lock.json` (npm)
+- `pnpm-lock.yaml` (pnpm)
+
+The original lockfile is preserved and can be removed manually after verification.

docs/install/npmrc.md

@@ -73,3 +73,33 @@ The equivalent `bunfig.toml` option is to add a key in [`install.scopes`](https:
 [install.scopes]
 myorg = { url = "http://localhost:4873/", username = "myusername", password = "$NPM_PASSWORD" }
 ```
+
+### `link-workspace-packages`: Control workspace package installation
+
+Controls how workspace packages are installed when available locally:
+
+```ini
+link-workspace-packages=true
+```
+
+The equivalent `bunfig.toml` option is [`install.linkWorkspacePackages`](https://bun.com/docs/runtime/bunfig#install-linkworkspacepackages):
+
+```toml
+[install]
+linkWorkspacePackages = true
+```
+
+### `save-exact`: Save exact versions
+
+Always saves exact versions without the `^` prefix:
+
+```ini
+save-exact=true
+```
+
+The equivalent `bunfig.toml` option is [`install.exact`](https://bun.com/docs/runtime/bunfig#install-exact):
+
+```toml
+[install]
+exact = true
+```

docs/install/workspaces.md

@@ -38,9 +38,21 @@ In the root `package.json`, the `"workspaces"` key is used to indicate which sub
 ```
 
 {% callout %}
-**Glob support** — Bun supports full glob syntax in `"workspaces"` (see [here](https://bun.com/docs/api/glob#supported-glob-patterns) for a comprehensive list of supported syntax), _except_ for exclusions (e.g. `!**/excluded/**`), which are not implemented yet.
+**Glob support** — Bun supports full glob syntax in `"workspaces"`, including negative patterns (e.g. `!**/excluded/**`). See [here](https://bun.com/docs/api/glob#supported-glob-patterns) for a comprehensive list of supported syntax.
 {% /callout %}
 
+```json
+{
+  "name": "my-project",
+  "version": "1.0.0",
+  "workspaces": [
+    "packages/**",
+    "!packages/**/test/**",
+    "!packages/**/template/**"
+  ]
+}
+```
+
 Each workspace has it's own `package.json`. When referencing other packages in the monorepo, semver or workspace protocols (e.g. `workspace:*`) can be used as the version field in your `package.json`.
 
 ```json
@@ -81,7 +93,7 @@ Workspaces have a couple major benefits.
 
 - **Code can be split into logical parts.** If one package relies on another, you can simply add it as a dependency in `package.json`. If package `b` depends on `a`, `bun install` will install your local `packages/a` directory into `node_modules` instead of downloading it from the npm registry.
 - **Dependencies can be de-duplicated.** If `a` and `b` share a common dependency, it will be _hoisted_ to the root `node_modules` directory. This reduces redundant disk usage and minimizes "dependency hell" issues associated with having multiple versions of a package installed simultaneously.
-- **Run scripts in multiple packages.** You can use the [`--filter` flag](https://bun.com/docs/cli/filter) to easily run `package.json` scripts in multiple packages in your workspace.
+- **Run scripts in multiple packages.** You can use the [`--filter` flag](https://bun.com/docs/cli/filter) to easily run `package.json` scripts in multiple packages in your workspace, or `--workspaces` to run scripts across all workspaces.
 
 ## Share versions with Catalogs
 

docs/quickstart.md

@@ -9,20 +9,29 @@ Run `bun init` to scaffold a new project. It's an interactive tool; for this tut
 
 ```bash
 $ bun init
-bun init helps you get started with a minimal project and tries to
-guess sensible defaults. Press ^C anytime to quit.
 
-package name (quickstart):
-entry point (index.ts):
+? Select a project template - Press return to submit.
+❯ Blank
+  React
+  Library
 
-Done! A package.json file was saved in the current directory.
- + index.ts
- + .gitignore
- + tsconfig.json (for editor auto-complete)
- + README.md
+✓ Select a project template: Blank
+
++ .gitignore
++ index.ts
++ tsconfig.json (for editor autocomplete)
++ README.md
 
 To get started, run:
-  bun run index.ts
+
+    bun run index.ts
+
+bun install v$BUN_LATEST_VERSION
+
++ @types/bun@$BUN_LATEST_VERSION
++ typescript@5.9.2
+
+7 packages installed
 ```
 
 Since our entry point is a `*.ts` file, Bun generates a `tsconfig.json` for you. If you're using plain JavaScript, it will generate a [`jsconfig.json`](https://code.visualstudio.com/docs/languages/jsconfig) instead.
@@ -88,11 +97,15 @@ Bun can also execute `"scripts"` from your `package.json`. Add the following scr
     "name": "quickstart",
     "module": "index.ts",
     "type": "module",
+    "private": true,
 +   "scripts": {
 +     "start": "bun run index.ts"
 +   },
     "devDependencies": {
       "@types/bun": "latest"
+    },
+    "peerDependencies": {
+      "typescript": "^5"
     }
   }
 ```

docs/runtime/bunfig.md

@@ -249,6 +249,46 @@ This is useful for:
 
 The `--concurrent` CLI flag will override this setting when specified.
 
+### `test.randomize`
+
+Run tests in random order. Default `false`.
+
+```toml
+[test]
+randomize = true
+```
+
+This helps catch bugs related to test interdependencies by running tests in a different order each time. When combined with `seed`, the random order becomes reproducible.
+
+The `--randomize` CLI flag will override this setting when specified.
+
+### `test.seed`
+
+Set the random seed for test randomization. This option requires `randomize` to be `true`.
+
+```toml
+[test]
+randomize = true
+seed = 2444615283
+```
+
+Using a seed makes the randomized test order reproducible across runs, which is useful for debugging flaky tests. When you encounter a test failure with randomization enabled, you can use the same seed to reproduce the exact test order.
+
+The `--seed` CLI flag will override this setting when specified.
+
+### `test.rerunEach`
+
+Re-run each test file a specified number of times. Default `0` (run once).
+
+```toml
+[test]
+rerunEach = 3
+```
+
+This is useful for catching flaky tests or non-deterministic behavior. Each test file will be executed the specified number of times.
+
+The `--rerun-each` CLI flag will override this setting when specified.
+
 ## Package manager
 
 Package management is a complex issue; to support a range of use cases, the behavior of `bun install` can be configured under the `[install]` section.
@@ -570,6 +610,20 @@ Valid values are:
 
 {% /table %}
 
+### `install.minimumReleaseAge`
+
+Configure a minimum age (in seconds) for npm package versions. Package versions published more recently than this threshold will be filtered out during installation. Default is `null` (disabled).
+
+```toml
+[install]
+# Only install package versions published at least 3 days ago
+minimumReleaseAge = 259200
+# These packages will bypass the 3-day minimum age requirement
+minimumReleaseAgeExcludes = ["@types/bun", "typescript"]
+```
+
+For more details see [Minimum release age](https://bun.com/docs/cli/install#minimum-release-age) in the install documentation.
+
 <!-- ## Debugging -->
 
 <!--
@@ -597,7 +651,7 @@ editor = "code"
 
 The `bun run` command can be configured under the `[run]` section. These apply to the `bun run` command and the `bun` command when running a file or executable or script.
 
-Currently, `bunfig.toml` isn't always automatically loaded for `bun run` in a local project (it does check for a global `bunfig.toml`), so you might still need to pass `-c` or `-c=bunfig.toml` to use these settings.
+Currently, `bunfig.toml` is only automatically loaded for `bun run` in a local project (it doesn't check for a global `.bunfig.toml`).
 
 ### `run.shell` - use the system shell or Bun's shell
 

docs/runtime/env.md

@@ -220,6 +220,11 @@ These environment variables are read by Bun and configure aspects of its behavio
 - `DO_NOT_TRACK`
 - Disable uploading crash reports to `bun.report` on crash. On macOS & Windows, crash report uploads are enabled by default. Otherwise, telemetry is not sent yet as of May 21st, 2024, but we are planning to add telemetry in the coming weeks. If `DO_NOT_TRACK=1`, then auto-uploading crash reports and telemetry are both [disabled](https://do-not-track.dev/).
 
+---
+
+- `BUN_OPTIONS`
+- Prepends command-line arguments to any Bun execution. For example, `BUN_OPTIONS="--hot"` makes `bun run dev` behave like `bun --hot run dev`.
+
 {% /table %}
 
 ## Runtime transpiler caching

docs/runtime/modules.md

@@ -174,6 +174,29 @@ import { stuff } from "foo";
 
 The full specification of this algorithm are officially documented in the [Node.js documentation](https://nodejs.org/api/modules.html); we won't rehash it here. Briefly: if you import `from "foo"`, Bun scans up the file system for a `node_modules` directory containing the package `foo`.
 
+### NODE_PATH
+
+Bun supports `NODE_PATH` for additional module resolution directories:
+
+```bash
+NODE_PATH=./packages bun run src/index.js
+```
+
+```ts
+// packages/foo/index.js
+export const hello = "world";
+
+// src/index.js
+import { hello } from "foo";
+```
+
+Multiple paths use the platform's delimiter (`:` on Unix, `;` on Windows):
+
+```bash
+NODE_PATH=./packages:./lib bun run src/index.js  # Unix/macOS
+NODE_PATH=./packages;./lib bun run src/index.js  # Windows
+```
+
 Once it finds the `foo` package, Bun reads the `package.json` to determine how the package should be imported. To determine the package's entrypoint, Bun first reads the `exports` field and checks for the following conditions.
 
 ```jsonc#package.json

docs/runtime/nodejs-apis.md

@@ -124,7 +124,7 @@ This page is updated regularly to reflect compatibility status of the latest ver
 
 ### [`node:perf_hooks`](https://nodejs.org/api/perf_hooks.html)
 
-🟡 Missing `createHistogram` `monitorEventLoopDelay`. It's recommended to use `performance` global instead of `perf_hooks.performance`.
+🟡 APIs are implemented, but Node.js test suite does not pass yet for this module.
 
 ### [`node:process`](https://nodejs.org/api/process.html)
 
@@ -156,7 +156,7 @@ This page is updated regularly to reflect compatibility status of the latest ver
 
 ### [`node:worker_threads`](https://nodejs.org/api/worker_threads.html)
 
-🟡 `Worker` doesn't support the following options: `stdin` `stdout` `stderr` `trackedUnmanagedFds` `resourceLimits`. Missing `markAsUntransferable` `moveMessagePortToContext` `getHeapSnapshot`.
+🟡 `Worker` doesn't support the following options: `stdin` `stdout` `stderr` `trackedUnmanagedFds` `resourceLimits`. Missing `markAsUntransferable` `moveMessagePortToContext`.
 
 ### [`node:inspector`](https://nodejs.org/api/inspector.html)
 

docs/test/configuration.md

@@ -65,6 +65,34 @@ Test files matching this pattern will behave as if the `--concurrent` flag was p
 
 The `--concurrent` CLI flag will override this setting when specified, forcing all tests to run concurrently regardless of the glob pattern.
 
+#### randomize
+
+Run tests in random order to identify tests with hidden dependencies:
+
+```toml
+[test]
+randomize = true
+```
+
+#### seed
+
+Specify a seed for reproducible random test order. Requires `randomize = true`:
+
+```toml
+[test]
+randomize = true
+seed = 2444615283
+```
+
+#### rerunEach
+
+Re-run each test file multiple times to identify flaky tests:
+
+```toml
+[test]
+rerunEach = 3
+```
+
 ### Coverage options
 
 In addition to the options documented in the [coverage documentation](./coverage.md), the following options are available:

docs/test/reporters.md

@@ -34,6 +34,15 @@ test/package-json-lint.test.ts:
 Ran 4 tests across 1 files. [0.66ms]
 ```
 
+### Dots Reporter
+
+The dots reporter shows `.` for passing tests and `F` for failures—useful for large test suites.
+
+```sh
+$ bun test --dots
+$ bun test --reporter=dots
+```
+
 ### JUnit XML Reporter
 
 For CI/CD environments, Bun supports generating JUnit XML reports. JUnit XML is a widely-adopted format for test results that can be parsed by many CI/CD systems, including GitLab, Jenkins, and others.

flake.lock

@@ -0,0 +1,61 @@
+{
+  "nodes": {
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1759831965,
+        "narHash": "sha256-vgPm2xjOmKdZ0xKA6yLXPJpjOtQPHfaZDRtH+47XEBo=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "c9b6fb798541223bbb396d287d16f43520250518",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": "nixpkgs"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -0,0 +1,175 @@
+{
+  description = "Bun - A fast all-in-one JavaScript runtime";
+
+  # Uncomment this when you set up Cachix to enable automatic binary cache
+  # nixConfig = {
+  #   extra-substituters = [
+  #     "https://bun-dev.cachix.org"
+  #   ];
+  #   extra-trusted-public-keys = [
+  #     "bun-dev.cachix.org-1:REPLACE_WITH_YOUR_PUBLIC_KEY"
+  #   ];
+  # };
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+    flake-utils.url = "github:numtide/flake-utils";
+  };
+
+  outputs = { self, nixpkgs, flake-utils }:
+    flake-utils.lib.eachDefaultSystem (system:
+      let
+        pkgs = import nixpkgs {
+          inherit system;
+          config = {
+            allowUnfree = true;
+          };
+        };
+
+        # LLVM 19 - matching the bootstrap script (targets 19.1.7, actual version from nixpkgs-unstable)
+        llvm = pkgs.llvm_19;
+        clang = pkgs.clang_19;
+        lld = pkgs.lld_19;
+
+        # Node.js 24 - matching the bootstrap script (targets 24.3.0, actual version from nixpkgs-unstable)
+        nodejs = pkgs.nodejs_24;
+
+        # Build tools and dependencies
+        packages = [
+          # Core build tools
+          pkgs.cmake # Expected: 3.30+ on nixos-unstable as of 2025-10
+          pkgs.ninja
+          pkgs.pkg-config
+          pkgs.ccache
+
+          # Compilers and toolchain - version pinned to LLVM 19
+          clang
+          llvm
+          lld
+          pkgs.gcc
+          pkgs.rustc
+          pkgs.cargo
+          pkgs.go
+
+          # Bun itself (for running build scripts via `bun bd`)
+          pkgs.bun
+
+          # Node.js - version pinned to 24
+          nodejs
+
+          # Python for build scripts
+          pkgs.python3
+
+          # Other build dependencies from bootstrap.sh
+          pkgs.libtool
+          pkgs.ruby
+          pkgs.perl
+
+          # Libraries
+          pkgs.openssl
+          pkgs.zlib
+          pkgs.libxml2
+          pkgs.libiconv
+
+          # Development tools
+          pkgs.git
+          pkgs.curl
+          pkgs.wget
+          pkgs.unzip
+          pkgs.xz
+
+          # Additional dependencies for Linux
+        ] ++ pkgs.lib.optionals pkgs.stdenv.isLinux [
+          pkgs.gdb # for debugging core dumps (from bootstrap.sh line 1535)
+
+          # Chromium dependencies for Puppeteer testing (from bootstrap.sh lines 1397-1483)
+          # X11 and graphics libraries
+          pkgs.xorg.libX11
+          pkgs.xorg.libxcb
+          pkgs.xorg.libXcomposite
+          pkgs.xorg.libXcursor
+          pkgs.xorg.libXdamage
+          pkgs.xorg.libXext
+          pkgs.xorg.libXfixes
+          pkgs.xorg.libXi
+          pkgs.xorg.libXrandr
+          pkgs.xorg.libXrender
+          pkgs.xorg.libXScrnSaver
+          pkgs.xorg.libXtst
+          pkgs.libxkbcommon
+          pkgs.mesa
+          pkgs.nspr
+          pkgs.nss
+          pkgs.cups
+          pkgs.dbus
+          pkgs.expat
+          pkgs.fontconfig
+          pkgs.freetype
+          pkgs.glib
+          pkgs.gtk3
+          pkgs.pango
+          pkgs.cairo
+          pkgs.alsa-lib
+          pkgs.at-spi2-atk
+          pkgs.at-spi2-core
+          pkgs.libgbm # for hardware acceleration
+          pkgs.liberation_ttf # fonts-liberation
+          pkgs.atk
+          pkgs.libdrm
+          pkgs.xorg.libxshmfence
+          pkgs.gdk-pixbuf
+        ] ++ pkgs.lib.optionals pkgs.stdenv.isDarwin [
+          # macOS specific dependencies
+          pkgs.darwin.apple_sdk.frameworks.CoreFoundation
+          pkgs.darwin.apple_sdk.frameworks.CoreServices
+          pkgs.darwin.apple_sdk.frameworks.Security
+        ];
+
+      in
+      {
+        devShells.default = (pkgs.mkShell.override {
+          stdenv = pkgs.clangStdenv;
+        }) {
+          inherit packages;
+
+          shellHook = ''
+            # Set up build environment
+            export CC="${pkgs.lib.getExe clang}"
+            export CXX="${pkgs.lib.getExe' clang "clang++"}"
+            export AR="${llvm}/bin/llvm-ar"
+            export RANLIB="${llvm}/bin/llvm-ranlib"
+            export CMAKE_C_COMPILER="$CC"
+            export CMAKE_CXX_COMPILER="$CXX"
+            export CMAKE_AR="$AR"
+            export CMAKE_RANLIB="$RANLIB"
+            export CMAKE_SYSTEM_PROCESSOR="$(uname -m)"
+            export TMPDIR="''${TMPDIR:-/tmp}"
+          '' + pkgs.lib.optionalString pkgs.stdenv.isLinux ''
+            export LD="${pkgs.lib.getExe' lld "ld.lld"}"
+            export NIX_CFLAGS_LINK="''${NIX_CFLAGS_LINK:+$NIX_CFLAGS_LINK }-fuse-ld=lld"
+            export LD_LIBRARY_PATH="${pkgs.lib.makeLibraryPath packages}''${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}"
+          '' + ''
+
+            # Print welcome message
+            echo "====================================="
+            echo "Bun Development Environment"
+            echo "====================================="
+            echo "Node.js: $(node --version 2>/dev/null || echo 'not found')"
+            echo "Bun: $(bun --version 2>/dev/null || echo 'not found')"
+            echo "Clang: $(clang --version 2>/dev/null | head -n1 || echo 'not found')"
+            echo "CMake: $(cmake --version 2>/dev/null | head -n1 || echo 'not found')"
+            echo "LLVM: ${llvm.version}"
+            echo ""
+            echo "Quick start:"
+            echo "  bun bd                    # Build debug binary"
+            echo "  bun bd test <test-file>   # Run tests"
+            echo "====================================="
+          '';
+
+          # Additional environment variables
+          CMAKE_BUILD_TYPE = "Debug";
+          ENABLE_CCACHE = "1";
+        };
+      }
+    );
+}

misctools/lldb/init.lldb

@@ -8,6 +8,8 @@
 # Thread::initializePlatformThreading() in ThreadingPOSIX.cpp) to the JS thread to suspend or resume
 # it. So stopping the process would just create noise when debugging any long-running script.
 process handle -p true -s false -n false SIGPWR
+process handle -p true -s false -n false SIGUSR1
+process handle -p true -s false -n false SIGUSR2
 
 command script import -c lldb_pretty_printers.py
 type category enable zig.lang

oxlint.json

@@ -78,6 +78,12 @@
         "no-empty-file": "off",
         "no-unnecessary-await": "off"
       }
+    },
+    {
+      "files": ["src/js/builtins/**"],
+      "rules": {
+        "no-unused-expressions": "off"
+      }
     }
   ]
 }

package.json

@@ -1,7 +1,7 @@
 {
   "private": true,
   "name": "bun",
-  "version": "1.2.24",
+  "version": "1.3.1",
   "workspaces": [
     "./packages/bun-types",
     "./packages/@types/bun"
@@ -11,14 +11,14 @@
     "@lezer/cpp": "^1.1.3",
     "@types/bun": "workspace:*",
     "bun-tracestrings": "github:oven-sh/bun.report#912ca63e26c51429d3e6799aa2a6ab079b188fd8",
-    "esbuild": "^0.21.4",
-    "mitata": "^0.1.11",
+    "esbuild": "^0.21.5",
+    "mitata": "^0.1.14",
     "peechy": "0.4.34",
-    "prettier": "^3.5.3",
-    "prettier-plugin-organize-imports": "^4.0.0",
+    "prettier": "^3.6.2",
+    "prettier-plugin-organize-imports": "^4.3.0",
     "react": "^18.3.1",
     "react-dom": "^18.3.1",
-    "source-map-js": "^1.2.0",
+    "source-map-js": "^1.2.1",
     "typescript": "5.9.2"
   },
   "resolutions": {

packages/bun-types/bun.ns.d.ts

@@ -3,5 +3,3 @@ import * as BunModule from "bun";
 declare global {
   export import Bun = BunModule;
 }
-
-export {};

packages/bun-types/deprecated.d.ts

@@ -98,6 +98,11 @@ declare module "bun" {
     ): void;
   }
 
+  /**
+   * @deprecated Use {@link Serve.Options Bun.Serve.Options<T, R>} instead
+   */
+  type ServeOptions<T = undefined, R extends string = never> = Serve.Options<T, R>;
+
   /** @deprecated Use {@link SQL.Query Bun.SQL.Query} */
   type SQLQuery<T = any> = SQL.Query<T>;
 

packages/bun-types/globals.d.ts

@@ -7,6 +7,13 @@ declare module "bun" {
     type LibWorkerOrBunWorker = LibDomIsLoaded extends true ? {} : Bun.Worker;
     type LibEmptyOrBunWebSocket = LibDomIsLoaded extends true ? {} : Bun.WebSocket;
 
+    type LibEmptyOrNodeStreamWebCompressionStream = LibDomIsLoaded extends true
+      ? {}
+      : import("node:stream/web").CompressionStream;
+    type LibEmptyOrNodeStreamWebDecompressionStream = LibDomIsLoaded extends true
+      ? {}
+      : import("node:stream/web").DecompressionStream;
+
     type LibPerformanceOrNodePerfHooksPerformance = LibDomIsLoaded extends true ? {} : import("perf_hooks").Performance;
     type LibEmptyOrPerformanceEntry = LibDomIsLoaded extends true ? {} : import("node:perf_hooks").PerformanceEntry;
     type LibEmptyOrPerformanceMark = LibDomIsLoaded extends true ? {} : import("node:perf_hooks").PerformanceMark;
@@ -271,6 +278,30 @@ declare var Event: {
   new (type: string, eventInitDict?: Bun.EventInit): Event;
 };
 
+/**
+ * Unimplemented in Bun
+ */
+interface CompressionStream extends Bun.__internal.LibEmptyOrNodeStreamWebCompressionStream {}
+/**
+ * Unimplemented in Bun
+ */
+declare var CompressionStream: Bun.__internal.UseLibDomIfAvailable<
+  "CompressionStream",
+  typeof import("node:stream/web").CompressionStream
+>;
+
+/**
+ * Unimplemented in Bun
+ */
+interface DecompressionStream extends Bun.__internal.LibEmptyOrNodeStreamWebCompressionStream {}
+/**
+ * Unimplemented in Bun
+ */
+declare var DecompressionStream: Bun.__internal.UseLibDomIfAvailable<
+  "DecompressionStream",
+  typeof import("node:stream/web").DecompressionStream
+>;
+
 interface EventTarget {
   /**
    * Adds a new handler for the `type` event. Any given `listener` is added only once per `type` and per `capture` option value.
@@ -860,7 +891,10 @@ interface ErrnoException extends Error {
   syscall?: string | undefined;
 }
 
-/** An abnormal event (called an exception) which occurs as a result of calling a method or accessing a property of a web API. */
+/**
+ * An abnormal event (called an exception) which occurs as a result of calling a
+ * method or accessing a property of a web API
+ */
 interface DOMException extends Error {
   readonly message: string;
   readonly name: string;
@@ -890,11 +924,35 @@ interface DOMException extends Error {
   readonly INVALID_NODE_TYPE_ERR: 24;
   readonly DATA_CLONE_ERR: 25;
 }
-
-// declare var DOMException: {
-//   prototype: DOMException;
-//   new (message?: string, name?: string): DOMException;
-// };
+declare var DOMException: {
+  prototype: DOMException;
+  new (message?: string, name?: string): DOMException;
+  readonly INDEX_SIZE_ERR: 1;
+  readonly DOMSTRING_SIZE_ERR: 2;
+  readonly HIERARCHY_REQUEST_ERR: 3;
+  readonly WRONG_DOCUMENT_ERR: 4;
+  readonly INVALID_CHARACTER_ERR: 5;
+  readonly NO_DATA_ALLOWED_ERR: 6;
+  readonly NO_MODIFICATION_ALLOWED_ERR: 7;
+  readonly NOT_FOUND_ERR: 8;
+  readonly NOT_SUPPORTED_ERR: 9;
+  readonly INUSE_ATTRIBUTE_ERR: 10;
+  readonly INVALID_STATE_ERR: 11;
+  readonly SYNTAX_ERR: 12;
+  readonly INVALID_MODIFICATION_ERR: 13;
+  readonly NAMESPACE_ERR: 14;
+  readonly INVALID_ACCESS_ERR: 15;
+  readonly VALIDATION_ERR: 16;
+  readonly TYPE_MISMATCH_ERR: 17;
+  readonly SECURITY_ERR: 18;
+  readonly NETWORK_ERR: 19;
+  readonly ABORT_ERR: 20;
+  readonly URL_MISMATCH_ERR: 21;
+  readonly QUOTA_EXCEEDED_ERR: 22;
+  readonly TIMEOUT_ERR: 23;
+  readonly INVALID_NODE_TYPE_ERR: 24;
+  readonly DATA_CLONE_ERR: 25;
+};
 
 declare function alert(message?: string): void;
 declare function confirm(message?: string): boolean;
@@ -1605,12 +1663,6 @@ declare var AbortSignal: Bun.__internal.UseLibDomIfAvailable<
   }
 >;
 
-interface DOMException {}
-declare var DOMException: Bun.__internal.UseLibDomIfAvailable<
-  "DOMException",
-  { prototype: DOMException; new (): DOMException }
->;
-
 interface FormData {
   /** [MDN Reference](https://developer.mozilla.org/docs/Web/API/FormData/append) */
   append(name: string, value: string | Blob): void;

packages/bun-types/index.d.ts

@@ -21,6 +21,7 @@
 /// <reference path="./redis.d.ts" />
 /// <reference path="./shell.d.ts" />
 /// <reference path="./experimental.d.ts" />
+/// <reference path="./serve.d.ts" />
 /// <reference path="./sql.d.ts" />
 /// <reference path="./security.d.ts" />
 

packages/bun-types/shell.d.ts

@@ -112,8 +112,9 @@ declare module "bun" {
        * By default, the shell will write to the current process's stdout and stderr, as well as buffering that output.
        *
        * This configures the shell to only buffer the output.
+       * @param isQuiet - Whether to suppress output. Defaults to true.
        */
-      quiet(): this;
+      quiet(isQuiet?: boolean): this;
 
       /**
        * Read from stdout as a string, line by line

packages/bun-types/test-globals.d.ts

@@ -15,10 +15,8 @@ declare var beforeAll: typeof import("bun:test").beforeAll;
 declare var beforeEach: typeof import("bun:test").beforeEach;
 declare var afterEach: typeof import("bun:test").afterEach;
 declare var afterAll: typeof import("bun:test").afterAll;
-declare var setDefaultTimeout: typeof import("bun:test").setDefaultTimeout;
-declare var mock: typeof import("bun:test").mock;
-declare var spyOn: typeof import("bun:test").spyOn;
 declare var jest: typeof import("bun:test").jest;
+declare var vi: typeof import("bun:test").vi;
 declare var xit: typeof import("bun:test").xit;
 declare var xtest: typeof import("bun:test").xtest;
 declare var xdescribe: typeof import("bun:test").xdescribe;

packages/bun-types/test.d.ts

@@ -390,11 +390,20 @@ declare module "bun:test" {
      */
     repeats?: number;
   }
-  type IsTuple<T> = T extends readonly unknown[]
-    ? number extends T["length"]
-      ? false // It's an array with unknown length, not a tuple
-      : true // It's an array with a fixed length (a tuple)
-    : false; // Not an array at all
+
+  namespace __internal {
+    type IsTuple<T> = T extends readonly unknown[]
+      ? number extends T["length"]
+        ? false // It's an array with unknown length, not a tuple
+        : true // It's an array with a fixed length (a tuple)
+      : false; // Not an array at all
+
+    /**
+     * Accepts `[1, 2, 3] | ["a", "b", "c"]` and returns `[1 | "a", 2 | "b", 3 | "c"]`
+     */
+    type Flatten<T, Copy extends T = T> = { [Key in keyof T]: Copy[Key] };
+  }
+
   /**
    * Runs a test.
    *
@@ -418,10 +427,16 @@ declare module "bun:test" {
    *
    * @category Testing
    */
-  export interface Test<T extends Readonly<any[]>> {
+  export interface Test<T extends ReadonlyArray<unknown>> {
     (
       label: string,
-      fn: (...args: IsTuple<T> extends true ? [...T, (err?: unknown) => void] : T) => void | Promise<unknown>,
+
+      fn: (
+        ...args: __internal.IsTuple<T> extends true
+          ? [...table: __internal.Flatten<T>, done: (err?: unknown) => void]
+          : T
+      ) => void | Promise<unknown>,
+
       /**
        * - If a `number`, sets the timeout for the test in milliseconds.
        * - If an `object`, sets the options for the test.
@@ -513,8 +528,8 @@ declare module "bun:test" {
      *
      * @param table Array of Arrays with the arguments that are passed into the test fn for each row.
      */
-    each<T extends Readonly<[any, ...any[]]>>(table: readonly T[]): Test<[...T]>;
-    each<T extends any[]>(table: readonly T[]): Test<[...T]>;
+    each<T extends Readonly<[unknown, ...unknown[]]>>(table: readonly T[]): Test<T>;
+    each<T extends unknown[]>(table: readonly T[]): Test<T>;
     each<T>(table: T[]): Test<[T]>;
   }
   /**

packages/bun-usockets/src/bsd.c

@@ -717,6 +717,25 @@ LIBUS_SOCKET_DESCRIPTOR bsd_accept_socket(LIBUS_SOCKET_DESCRIPTOR fd, struct bsd
             return LIBUS_SOCKET_ERROR;
         }
 
+#ifdef __APPLE__
+        /* A bug in XNU (the macOS kernel) can cause accept() to return a socket but addrlen=0.
+         * This happens when an IPv4 connection is made to an IPv6 dual-stack listener
+         * and the connection is immediately aborted (sends RST packet).
+         * However, there might be buffered data from connectx() before the abort. */
+        if (addr->len == 0) {
+            /* Check if there's any pending data before discarding the socket */
+            char peek_buf[1];
+            ssize_t has_data = recv(accepted_fd, peek_buf, 1, MSG_PEEK | MSG_DONTWAIT);
+            
+            if (has_data <= 0) {
+                /* No data available, socket is truly dead - discard it */
+                bsd_close_socket(accepted_fd);
+                continue; /* Try to accept the next connection */
+            }
+            /* If has_data > 0, let the socket through - there's buffered data to read */
+        }
+#endif
+
         break;
     }
 

packages/bun-usockets/src/libusockets.h

@@ -226,11 +226,11 @@ struct us_bun_socket_context_options_t {
     const char *ca_file_name;
     const char *ssl_ciphers;
     int ssl_prefer_low_memory_usage; /* Todo: rename to prefer_low_memory_usage and apply for TCP as well */
-    const char **key;
+    const char * const *key;
     unsigned int key_count;
-    const char **cert;
+    const char * const *cert;
     unsigned int cert_count;
-    const char **ca;
+    const char * const *ca;
     unsigned int ca_count;
     unsigned int secure_options;
     int reject_unauthorized;

packages/bun-uws/src/App.h

@@ -303,10 +303,10 @@ public:
         auto context = (struct us_socket_context_t *)this->httpContext;
         struct us_socket_t *s = context->head_sockets;
         while (s) {
-            HttpResponseData<SSL> *httpResponseData = HttpResponse<SSL>::getHttpResponseDataS(s);
-            httpResponseData->shouldCloseOnceIdle = true;
+            // no matter the type of socket will always contain the AsyncSocketData
+            auto *data = ((AsyncSocket<SSL> *) s)->getAsyncSocketData();
             struct us_socket_t *next = s->next;
-            if (httpResponseData->isIdle) {
+            if (data->isIdle) {
                 us_socket_close(SSL, s, LIBUS_SOCKET_CLOSE_CODE_CLEAN_SHUTDOWN, 0);
             }
             s = next;
@@ -641,6 +641,10 @@ public:
         httpContext->getSocketContextData()->onClientError = std::move(onClientError);
     }
 
+    void setOnSocketUpgraded(HttpContextData<SSL>::OnSocketUpgradedCallback onUpgraded) {
+        httpContext->getSocketContextData()->onSocketUpgraded = onUpgraded;
+    }
+
     TemplatedApp &&run() {
         uWS::run();
         return std::move(*this);

packages/bun-uws/src/AsyncSocketData.h

@@ -83,6 +83,7 @@ struct AsyncSocketData {
 
     /* Or empty */
     AsyncSocketData() = default;
+    bool isIdle = false;
 };
 
 }

packages/bun-uws/src/HttpContext.h

@@ -253,6 +253,7 @@ private:
             /* Mark that we are inside the parser now */
             httpContextData->flags.isParsingHttp = true;
             httpResponseData->isIdle = false;
+            
             // clients need to know the cursor after http parse, not servers!
             // how far did we read then? we need to know to continue with websocket parsing data? or?
 

packages/bun-uws/src/HttpContextData.h

@@ -43,11 +43,11 @@ struct alignas(16) HttpContextData {
     template <bool> friend struct TemplatedApp;
 private:
     std::vector<MoveOnlyFunction<void(HttpResponse<SSL> *, int)>> filterHandlers;
-    using OnSocketClosedCallback = void (*)(void* userData, int is_ssl, struct us_socket_t *rawSocket);
     using OnSocketDataCallback = void (*)(void* userData, int is_ssl, struct us_socket_t *rawSocket, const char *data, int length, bool last);
     using OnSocketDrainCallback = void (*)(void* userData, int is_ssl, struct us_socket_t *rawSocket);
+    using OnSocketUpgradedCallback = void (*)(void* userData, int is_ssl, struct us_socket_t *rawSocket);
     using OnClientErrorCallback = MoveOnlyFunction<void(int is_ssl, struct us_socket_t *rawSocket, uWS::HttpParserError errorCode, char *rawPacket, int rawPacketLength)>;
-    
+    using OnSocketClosedCallback = void (*)(void* userData, int is_ssl, struct us_socket_t *rawSocket);
 
     MoveOnlyFunction<void(const char *hostname)> missingServerNameHandler;
 
@@ -66,6 +66,7 @@ private:
     OnSocketClosedCallback onSocketClosed = nullptr;
     OnSocketDrainCallback onSocketDrain = nullptr;
     OnSocketDataCallback onSocketData = nullptr;
+    OnSocketUpgradedCallback onSocketUpgraded = nullptr;
     OnClientErrorCallback onClientError = nullptr;
 
     uint64_t maxHeaderSize = 0; // 0 means no limit
@@ -78,6 +79,7 @@ private:
     }
 
 public:
+    
     HttpFlags flags;
 };
 

packages/bun-uws/src/HttpResponse.h

@@ -316,14 +316,20 @@ public:
         HttpContext<SSL> *httpContext = (HttpContext<SSL> *) us_socket_context(SSL, (struct us_socket_t *) this);
 
         /* Move any backpressure out of HttpResponse */
-        BackPressure backpressure(std::move(((AsyncSocketData<SSL> *) getHttpResponseData())->buffer));
-
+        auto* responseData = getHttpResponseData();
+        BackPressure backpressure(std::move(((AsyncSocketData<SSL> *) responseData)->buffer));
+        
+        auto* socketData = responseData->socketData;
+        HttpContextData<SSL> *httpContextData = httpContext->getSocketContextData();
+        
         /* Destroy HttpResponseData */
-        getHttpResponseData()->~HttpResponseData();
+        responseData->~HttpResponseData();
 
         /* Before we adopt and potentially change socket, check if we are corked */
         bool wasCorked = Super::isCorked();
 
+        
+
         /* Adopting a socket invalidates it, do not rely on it directly to carry any data */
         us_socket_t *usSocket = us_socket_context_adopt_socket(SSL, (us_socket_context_t *) webSocketContext, (us_socket_t *) this, sizeof(WebSocketData) + sizeof(UserData));
         WebSocket<SSL, true, UserData> *webSocket = (WebSocket<SSL, true, UserData> *) usSocket;
@@ -334,10 +340,12 @@ public:
         }
 
         /* Initialize websocket with any moved backpressure intact */
-        webSocket->init(perMessageDeflate, compressOptions, std::move(backpressure));
+        webSocket->init(perMessageDeflate, compressOptions, std::move(backpressure), socketData, httpContextData->onSocketClosed);
+        if (httpContextData->onSocketUpgraded) {
+            httpContextData->onSocketUpgraded(socketData, SSL, usSocket);
+        }
 
         /* We should only mark this if inside the parser; if upgrading "async" we cannot set this */
-        HttpContextData<SSL> *httpContextData = httpContext->getSocketContextData();
         if (httpContextData->flags.isParsingHttp) {
             /* We need to tell the Http parser that we changed socket */
             httpContextData->upgradedWebSocket = webSocket;
@@ -351,7 +359,6 @@ public:
 
         /* Move construct the UserData right before calling open handler */
         new (webSocket->getUserData()) UserData(std::forward<UserData>(userData));
-        
 
         /* Emit open event and start the timeout */
         if (webSocketContextData->openHandler) {
@@ -471,7 +478,7 @@ public:
         return internalEnd({nullptr, 0}, 0, false, false, closeConnection);
     }
 
-    void flushHeaders() {
+    void flushHeaders(bool flushImmediately = false) {
 
         writeStatus(HTTP_200_OK);
 
@@ -492,6 +499,10 @@ public:
             Super::write("\r\n", 2);
             httpResponseData->state |= HttpResponseData<SSL>::HTTP_WRITE_CALLED;
         }
+        if (flushImmediately) {
+            /* Uncork the socket to send data to the client immediately */
+            this->uncork();
+        }
     }
     /* Write parts of the response in chunking fashion. Starts timeout if failed. */
     bool write(std::string_view data, size_t *writtenPtr = nullptr) {

packages/bun-uws/src/HttpResponseData.h

@@ -109,9 +109,6 @@ struct HttpResponseData : AsyncSocketData<SSL>, HttpParser {
     uint8_t idleTimeout = 10; // default HTTP_TIMEOUT 10 seconds
     bool fromAncientRequest = false;
     bool isConnectRequest = false;
-    bool isIdle = true;
-    bool shouldCloseOnceIdle = false;
-
 
 #ifdef UWS_WITH_PROXY
     ProxyParser proxyParser;

packages/bun-uws/src/WebSocket.h

@@ -34,8 +34,8 @@ struct WebSocket : AsyncSocket<SSL> {
 private:
     typedef AsyncSocket<SSL> Super;
 
-    void *init(bool perMessageDeflate, CompressOptions compressOptions, BackPressure &&backpressure) {
-        new (us_socket_ext(SSL, (us_socket_t *) this)) WebSocketData(perMessageDeflate, compressOptions, std::move(backpressure));
+    void *init(bool perMessageDeflate, CompressOptions compressOptions, BackPressure &&backpressure, void *socketData, WebSocketData::OnSocketClosedCallback onSocketClosed) {
+        new (us_socket_ext(SSL, (us_socket_t *) this)) WebSocketData(perMessageDeflate, compressOptions, std::move(backpressure), socketData, onSocketClosed);
         return this;
     }
 public:

packages/bun-uws/src/WebSocketContext.h

@@ -256,6 +256,9 @@ private:
 
             /* For whatever reason, if we already have emitted close event, do not emit it again */
             WebSocketData *webSocketData = (WebSocketData *) (us_socket_ext(SSL, s));
+            if (webSocketData->socketData && webSocketData->onSocketClosed) {
+                webSocketData->onSocketClosed(webSocketData->socketData, SSL, (us_socket_t *) s);
+            }
             if (!webSocketData->isShuttingDown) {
                 /* Emit close event */
                 auto *webSocketContextData = (WebSocketContextData<SSL, USERDATA> *) us_socket_context_ext(SSL, us_socket_context(SSL, (us_socket_t *) s));

packages/bun-uws/src/WebSocketContextData.h

@@ -52,7 +52,6 @@ struct WebSocketContextData {
 private:
 
 public:
-
     /* This one points to the App's shared topicTree */
     TopicTree<TopicTreeMessage, TopicTreeBigMessage> *topicTree;
 

packages/bun-uws/src/WebSocketData.h

@@ -38,6 +38,7 @@ private:
     unsigned int controlTipLength = 0;
     bool isShuttingDown = 0;
     bool hasTimedOut = false;
+    
     enum CompressionStatus : char {
         DISABLED,
         ENABLED,
@@ -52,7 +53,12 @@ private:
     /* We could be a subscriber */
     Subscriber *subscriber = nullptr;
 public:
-    WebSocketData(bool perMessageDeflate, CompressOptions compressOptions, BackPressure &&backpressure) : AsyncSocketData<false>(std::move(backpressure)), WebSocketState<true>() {
+    using OnSocketClosedCallback = void (*)(void* userData, int is_ssl, struct us_socket_t *rawSocket);
+    void *socketData = nullptr;
+    /* node http compatibility callbacks */
+    OnSocketClosedCallback onSocketClosed = nullptr;
+
+    WebSocketData(bool perMessageDeflate, CompressOptions compressOptions, BackPressure &&backpressure, void *socketData, OnSocketClosedCallback onSocketClosed) : AsyncSocketData<false>(std::move(backpressure)), WebSocketState<true>() {
         compressionStatus = perMessageDeflate ? ENABLED : DISABLED;
 
         /* Initialize the dedicated sliding window(s) */
@@ -64,6 +70,10 @@ public:
                 inflationStream = new InflationStream(compressOptions);
             }
         }
+        // never close websocket sockets when closing idle connections
+        this->isIdle = false;
+        this->socketData = socketData;
+        this->onSocketClosed = onSocketClosed;
     }
 
     ~WebSocketData() {

scripts/handle-crash-patterns.ts

@@ -15,8 +15,11 @@ interface CloseAction {
 
 let closeAction: CloseAction | null = null;
 
+// Compute lowercase once for performance
+const bodyLower = body.toLowerCase();
+
 // Check for workers_terminated
-if (body.includes("workers_terminated")) {
+if (bodyLower.includes("workers_terminated")) {
   closeAction = {
     reason: "not_planned",
     comment: `Duplicate of #15964
@@ -25,7 +28,10 @@ We are tracking worker stability issues in https://github.com/oven-sh/bun/issues
 }
 
 // Check for better-sqlite3 with RunCommand or AutoCommand
-else if (body.includes("better-sqlite3") && (body.includes("[RunCommand]") || body.includes("[AutoCommand]"))) {
+else if (
+  bodyLower.includes("better-sqlite3") &&
+  (bodyLower.includes("runcommand") || bodyLower.includes("autocommand"))
+) {
   closeAction = {
     reason: "not_planned",
     comment: `Duplicate of #4290.
@@ -33,12 +39,45 @@ better-sqlite3 is not supported yet in Bun due to missing V8 C++ APIs. For now,
   };
 }
 
+// Check for ENOTCONN with Transport and standalone_executable on v1.2.23
+else if (
+  bodyLower.includes("enotconn") &&
+  bodyLower.includes("transport") &&
+  bodyLower.includes("standalone_executable") &&
+  /\bv?1\.2\.23\b/i.test(bodyLower)
+) {
+  closeAction = {
+    reason: "completed",
+    comment: `Duplicate of #23342.
+This issue was fixed in Bun v1.3. Please upgrade to the latest version:
+
+\`\`\`sh
+bun upgrade
+\`\`\``,
+  };
+}
+
+// Check for WASM IPInt 32 stack traces - be very specific to avoid false positives
+else if (bodyLower.includes("wasm_trampoline_wasm_ipint_call_wide32")) {
+  closeAction = {
+    reason: "not_planned",
+    comment: `Duplicate of #17841.
+This is a known issue with JavaScriptCore's WASM In-place interpreter on Linux x64. You can work around it by:
+
+1. Setting \`BUN_JSC_useWasmIPInt=0\` to disable IPInt (reverts to older Wasm interpreter)
+2. Using an aarch64 CPU instead of x86_64
+3. Using \`BUN_JSC_jitPolicyScale=0\` to force JIT compilation (may impact startup performance)
+
+We've reported this to WebKit and are tracking the issue in #17841.`,
+  };
+}
+
 // Check for CPU architecture issues (Segmentation Fault/Illegal Instruction with no_avx)
 else if (
-  (body.includes("Segmentation Fault") ||
-    body.includes("Illegal Instruction") ||
-    body.includes("IllegalInstruction")) &&
-  body.includes("no_avx")
+  (bodyLower.includes("segmentation fault") ||
+    bodyLower.includes("illegal instruction") ||
+    bodyLower.includes("illegalinstruction")) &&
+  bodyLower.includes("no_avx")
 ) {
   let comment = `Bun requires a CPU with the micro-architecture [\`nehalem\`](https://en.wikipedia.org/wiki/Nehalem_(microarchitecture)) or later (released in 2008). If you're using a CPU emulator like qemu, then try enabling x86-64-v2.`;
 

scripts/runner.node.mjs

@@ -80,6 +80,7 @@ function getNodeParallelTestTimeout(testPath) {
   if (testPath.includes("test-dns")) {
     return 90_000;
   }
+  if (!isCI) return 60_000; // everything slower in debug mode
   return 20_000;
 }
 
@@ -449,7 +450,7 @@ async function runTests() {
 
       if (parallelism > 1) {
         console.log(grouptitle);
-        result = await fn();
+        result = await fn(index);
       } else {
         result = await startGroup(grouptitle, fn);
       }
@@ -469,6 +470,7 @@ async function runTests() {
       const label = `${getAnsi(color)}[${index}/${total}] ${title} - ${error}${getAnsi("reset")}`;
       startGroup(label, () => {
         if (parallelism > 1) return;
+        if (!isCI) return;
         process.stderr.write(stdoutPreview);
       });
 
@@ -579,8 +581,11 @@ async function runTests() {
           const title = relative(cwd, absoluteTestPath).replaceAll(sep, "/");
           if (isNodeTest(testPath)) {
             const testContent = readFileSync(absoluteTestPath, "utf-8");
-            const runWithBunTest =
-              title.includes("needs-test") || testContent.includes("bun:test") || testContent.includes("node:test");
+            let runWithBunTest = title.includes("needs-test") || testContent.includes("node:test");
+            // don't wanna have a filter for includes("bun:test") but these need our mocks
+            runWithBunTest ||= title === "test/js/node/test/parallel/test-fs-append-file-flush.js";
+            runWithBunTest ||= title === "test/js/node/test/parallel/test-fs-write-file-flush.js";
+            runWithBunTest ||= title === "test/js/node/test/parallel/test-fs-write-stream-flush.js";
             const subcommand = runWithBunTest ? "test" : "run";
             const env = {
               FORCE_COLOR: "0",
@@ -668,7 +673,9 @@ async function runTests() {
         const title = join(relative(cwd, vendorPath), testPath).replace(/\\/g, "/");
 
         if (testRunner === "bun") {
-          await runTest(title, () => spawnBunTest(execPath, testPath, { cwd: vendorPath }));
+          await runTest(title, index =>
+            spawnBunTest(execPath, testPath, { cwd: vendorPath, env: { TEST_SERIAL_ID: index } }),
+          );
         } else {
           const testRunnerPath = join(cwd, "test", "runners", `${testRunner}.ts`);
           if (!existsSync(testRunnerPath)) {
@@ -1295,6 +1302,7 @@ async function spawnBun(execPath, { args, cwd, timeout, env, stdout, stderr }) {
  * @param {object} [opts]
  * @param {string} [opts.cwd]
  * @param {string[]} [opts.args]
+ * @param {object} [opts.env]
  * @returns {Promise<TestResult>}
  */
 async function spawnBunTest(execPath, testPath, opts = { cwd }) {
@@ -1328,6 +1336,7 @@ async function spawnBunTest(execPath, testPath, opts = { cwd }) {
 
   const env = {
     GITHUB_ACTIONS: "true", // always true so annotations are parsed
+    ...opts["env"],
   };
   if ((basename(execPath).includes("asan") || !isCI) && shouldValidateExceptions(relative(cwd, absPath))) {
     env.BUN_JSC_validateExceptionChecks = "1";

scripts/update-sqlite-amalgamation.sh

@@ -0,0 +1,60 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# This script updates SQLite amalgamation files with the required compiler flags.
+# It downloads the SQLite source, configures it with necessary flags, builds the
+# amalgamation, and copies the generated files to the Bun source tree.
+#
+# Usage:
+#   ./scripts/update-sqlite-amalgamation.sh <version_number> <year>
+#
+# Example:
+#   ./scripts/update-sqlite-amalgamation.sh 3500400 2025
+#
+# The version number is a 7-digit SQLite version (e.g., 3500400 for 3.50.4)
+# The year is the release year found in the download URL
+
+if [ $# -ne 2 ]; then
+  echo "Usage: $0 <version_number> <year>"
+  echo "Example: $0 3500400 2025"
+  exit 1
+fi
+
+VERSION_NUM="$1"
+YEAR="$2"
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+REPO_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
+
+# Create temporary directory
+TEMP_DIR=$(mktemp -d)
+trap 'rm -rf "$TEMP_DIR"' EXIT
+
+cd "$TEMP_DIR"
+
+echo "Downloading SQLite source version $VERSION_NUM from year $YEAR..."
+DOWNLOAD_URL="https://sqlite.org/$YEAR/sqlite-src-$VERSION_NUM.zip"
+echo "URL: $DOWNLOAD_URL"
+
+wget -q "$DOWNLOAD_URL"
+unzip -q "sqlite-src-$VERSION_NUM.zip"
+cd "sqlite-src-$VERSION_NUM"
+
+echo "Configuring SQLite with required flags..."
+# These flags must be set during amalgamation generation for them to take effect
+# in the parser and other compile-time generated code
+CFLAGS="-DSQLITE_ENABLE_UPDATE_DELETE_LIMIT=1 -DSQLITE_ENABLE_COLUMN_METADATA=1"
+./configure CFLAGS="$CFLAGS" > /dev/null 2>&1
+
+echo "Building amalgamation..."
+make sqlite3.c > /dev/null 2>&1
+
+echo "Copying files to Bun source tree..."
+# Add clang-format off directive and copy the amalgamation
+echo "// clang-format off" > "$REPO_ROOT/src/bun.js/bindings/sqlite/sqlite3.c"
+cat sqlite3.c >> "$REPO_ROOT/src/bun.js/bindings/sqlite/sqlite3.c"
+
+echo "// clang-format off" > "$REPO_ROOT/src/bun.js/bindings/sqlite/sqlite3_local.h"
+cat sqlite3.h >> "$REPO_ROOT/src/bun.js/bindings/sqlite/sqlite3_local.h"
+
+echo "✓ Successfully updated SQLite amalgamation files"

shell.nix

@@ -0,0 +1,103 @@
+# Simple shell.nix for users without flakes enabled
+# For reproducible builds with locked dependencies, use: nix develop
+# This uses unpinned <nixpkgs> for simplicity; flake.nix provides version pinning via flake.lock
+{ pkgs ? import <nixpkgs> {} }:
+
+pkgs.mkShell rec {
+  packages = with pkgs; [
+    # Core build tools (matching bootstrap.sh)
+    cmake
+    ninja
+    clang_19
+    llvm_19
+    lld_19
+    nodejs_24
+    bun
+    rustc
+    cargo
+    go
+    python3
+    ccache
+    pkg-config
+    gnumake
+    libtool
+    ruby
+    perl
+
+    # Libraries
+    openssl
+    zlib
+    libxml2
+
+    # Development tools
+    git
+    curl
+    wget
+    unzip
+    xz
+
+    # Linux-specific: gdb and Chromium deps for testing
+  ] ++ pkgs.lib.optionals pkgs.stdenv.isLinux [
+    gdb
+    # Chromium dependencies for Puppeteer tests
+    xorg.libX11
+    xorg.libxcb
+    xorg.libXcomposite
+    xorg.libXcursor
+    xorg.libXdamage
+    xorg.libXext
+    xorg.libXfixes
+    xorg.libXi
+    xorg.libXrandr
+    xorg.libXrender
+    xorg.libXScrnSaver
+    xorg.libXtst
+    libxkbcommon
+    mesa
+    nspr
+    nss
+    cups
+    dbus
+    expat
+    fontconfig
+    freetype
+    glib
+    gtk3
+    pango
+    cairo
+    alsa-lib
+    at-spi2-atk
+    at-spi2-core
+    libgbm
+    liberation_ttf
+    atk
+    libdrm
+    xorg.libxshmfence
+    gdk-pixbuf
+  ];
+
+  shellHook = ''
+    export CC="${pkgs.lib.getExe pkgs.clang_19}"
+    export CXX="${pkgs.lib.getExe' pkgs.clang_19 "clang++"}"
+    export AR="${pkgs.llvm_19}/bin/llvm-ar"
+    export RANLIB="${pkgs.llvm_19}/bin/llvm-ranlib"
+    export CMAKE_C_COMPILER="$CC"
+    export CMAKE_CXX_COMPILER="$CXX"
+    export CMAKE_AR="$AR"
+    export CMAKE_RANLIB="$RANLIB"
+    export CMAKE_SYSTEM_PROCESSOR=$(uname -m)
+    export TMPDIR=''${TMPDIR:-/tmp}
+  '' + pkgs.lib.optionalString pkgs.stdenv.isLinux ''
+    export LD="${pkgs.lib.getExe' pkgs.lld_19 "ld.lld"}"
+    export NIX_CFLAGS_LINK="''${NIX_CFLAGS_LINK:+$NIX_CFLAGS_LINK }-fuse-ld=lld"
+    export LD_LIBRARY_PATH="${pkgs.lib.makeLibraryPath packages}''${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}"
+  '' + ''
+
+    echo "====================================="
+    echo "Bun Development Environment (Nix)"
+    echo "====================================="
+    echo "To build: bun bd"
+    echo "To test:  bun bd test <test-file>"
+    echo "====================================="
+  '';
+}

src/AGENTS.md

@@ -0,0 +1 @@
+CLAUDE.md

src/CLAUDE.md

@@ -0,0 +1,12 @@
+## Zig
+
+Syntax reminders:
+
+- Private fields are fully supported in Zig with the `#` prefix. `struct { #foo: u32 };` makes a struct with a private field named `#foo`.
+- Decl literals in Zig are recommended. `const decl: Decl = .{ .binding = 0, .value = 0 };`
+
+Conventions:
+
+- Prefer `@import` at the **bottom** of the file, but the auto formatter will move them so you don't need to worry about it.
+- Prefer `@import("bun")`. Not `@import("root").bun` or `@import("../bun.zig")`.
+- You must be patient with the build.

src/StandaloneModuleGraph.zig

@@ -431,6 +431,27 @@ pub const StandaloneModuleGraph = struct {
                 }
             };
 
+            if (comptime bun.Environment.is_canary or bun.Environment.isDebug) {
+                if (bun.getenvZ("BUN_FEATURE_FLAG_DUMP_CODE")) |dump_code_dir| {
+                    const buf = bun.path_buffer_pool.get();
+                    defer bun.path_buffer_pool.put(buf);
+                    const dest_z = bun.path.joinAbsStringBufZ(dump_code_dir, buf, &.{dest_path}, .auto);
+
+                    // Scoped block to handle dump failures without skipping module emission
+                    dump: {
+                        const file = bun.sys.File.makeOpen(dest_z, bun.O.WRONLY | bun.O.CREAT | bun.O.TRUNC, 0o664).unwrap() catch |err| {
+                            Output.prettyErrorln("<r><red>error<r><d>:<r> failed to open {s}: {s}", .{ dest_path, @errorName(err) });
+                            break :dump;
+                        };
+                        defer file.close();
+                        file.writeAll(output_file.value.buffer.bytes).unwrap() catch |err| {
+                            Output.prettyErrorln("<r><red>error<r><d>:<r> failed to write {s}: {s}", .{ dest_path, @errorName(err) });
+                            break :dump;
+                        };
+                    }
+                }
+            }
+
             var module = CompiledModuleGraphFile{
                 .name = string_builder.fmtAppendCountZ("{s}{s}", .{
                     prefix,
@@ -504,25 +525,58 @@ pub const StandaloneModuleGraph = struct {
 
     pub const CompileResult = union(enum) {
         success: void,
-        error_message: []const u8,
 
-        pub fn fail(msg: []const u8) CompileResult {
-            return .{ .error_message = msg };
+        err: Error,
+
+        const Error = union(enum) {
+            message: []const u8,
+            reason: Reason,
+
+            pub const Reason = enum {
+                no_entry_point,
+                no_output_files,
+
+                pub fn message(this: Reason) []const u8 {
+                    return switch (this) {
+                        .no_entry_point => "No entry point found for compilation",
+                        .no_output_files => "No output files to bundle",
+                    };
+                }
+            };
+
+            pub fn slice(this: *const Error) []const u8 {
+                return switch (this.*) {
+                    .message => this.message,
+                    .reason => this.reason.message(),
+                };
+            }
+        };
+
+        pub fn fail(reason: Error.Reason) CompileResult {
+            return .{ .err = .{ .reason = reason } };
+        }
+
+        pub fn failFmt(comptime fmt: []const u8, args: anytype) CompileResult {
+            return .{ .err = .{ .message = bun.handleOom(std.fmt.allocPrint(bun.default_allocator, fmt, args)) } };
         }
 
         pub fn deinit(this: *const @This()) void {
-            if (this.* == .error_message) {
-                bun.default_allocator.free(this.error_message);
+            switch (this.*) {
+                .success => {},
+                .err => switch (this.err) {
+                    .message => bun.default_allocator.free(this.err.message),
+                    .reason => {},
+                },
             }
         }
     };
 
     pub fn inject(bytes: []const u8, self_exe: [:0]const u8, inject_options: InjectOptions, target: *const CompileTarget) bun.FileDescriptor {
         var buf: bun.PathBuffer = undefined;
-        var zname: [:0]const u8 = bun.span(bun.fs.FileSystem.instance.tmpname("bun-build", &buf, @as(u64, @bitCast(std.time.milliTimestamp()))) catch |err| {
+        var zname: [:0]const u8 = bun.fs.FileSystem.tmpname("bun-build", &buf, @as(u64, @bitCast(std.time.milliTimestamp()))) catch |err| {
             Output.prettyErrorln("<r><red>error<r><d>:<r> failed to get temporary file name: {s}", .{@errorName(err)});
             return bun.invalid_fd;
-        });
+        };
 
         const cleanup = struct {
             pub fn toClean(name: [:0]const u8, fd: bun.FileDescriptor) void {
@@ -930,9 +984,9 @@ pub const StandaloneModuleGraph = struct {
         self_exe_path: ?[]const u8,
     ) !CompileResult {
         const bytes = toBytes(allocator, module_prefix, output_files, output_format, compile_exec_argv) catch |err| {
-            return CompileResult.fail(std.fmt.allocPrint(allocator, "failed to generate module graph bytes: {s}", .{@errorName(err)}) catch "failed to generate module graph bytes");
+            return CompileResult.failFmt("failed to generate module graph bytes: {s}", .{@errorName(err)});
         };
-        if (bytes.len == 0) return CompileResult.fail("no output files to bundle");
+        if (bytes.len == 0) return CompileResult.fail(.no_output_files);
         defer allocator.free(bytes);
 
         var free_self_exe = false;
@@ -941,28 +995,26 @@ pub const StandaloneModuleGraph = struct {
             break :brk bun.handleOom(allocator.dupeZ(u8, path));
         } else if (target.isDefault())
             bun.selfExePath() catch |err| {
-                return CompileResult.fail(std.fmt.allocPrint(allocator, "failed to get self executable path: {s}", .{@errorName(err)}) catch "failed to get self executable path");
+                return CompileResult.failFmt("failed to get self executable path: {s}", .{@errorName(err)});
             }
         else blk: {
             var exe_path_buf: bun.PathBuffer = undefined;
-            var version_str_buf: [1024]u8 = undefined;
-            const version_str = std.fmt.bufPrintZ(&version_str_buf, "{}", .{target}) catch {
-                return CompileResult.fail("failed to format target version string");
-            };
+            const version_str = bun.handleOom(std.fmt.allocPrintZ(allocator, "{}", .{target}));
+            defer allocator.free(version_str);
+
             var needs_download: bool = true;
             const dest_z = target.exePath(&exe_path_buf, version_str, env, &needs_download);
 
             if (needs_download) {
                 target.downloadToPath(env, allocator, dest_z) catch |err| {
-                    const msg = switch (err) {
-                        error.TargetNotFound => std.fmt.allocPrint(allocator, "Target platform '{}' is not available for download. Check if this version of Bun supports this target.", .{target}) catch "Target platform not available for download",
-                        error.NetworkError => std.fmt.allocPrint(allocator, "Network error downloading executable for '{}'. Check your internet connection and proxy settings.", .{target}) catch "Network error downloading executable",
-                        error.InvalidResponse => std.fmt.allocPrint(allocator, "Downloaded file for '{}' appears to be corrupted. Please try again.", .{target}) catch "Downloaded file is corrupted",
-                        error.ExtractionFailed => std.fmt.allocPrint(allocator, "Failed to extract executable for '{}'. The download may be incomplete.", .{target}) catch "Failed to extract downloaded executable",
-                        error.UnsupportedTarget => std.fmt.allocPrint(allocator, "Target '{}' is not supported", .{target}) catch "Unsupported target",
-                        else => std.fmt.allocPrint(allocator, "Failed to download '{}': {s}", .{ target, @errorName(err) }) catch "Download failed",
+                    return switch (err) {
+                        error.TargetNotFound => CompileResult.failFmt("Target platform '{}' is not available for download. Check if this version of Bun supports this target.", .{target}),
+                        error.NetworkError => CompileResult.failFmt("Network error downloading executable for '{}'. Check your internet connection and proxy settings.", .{target}),
+                        error.InvalidResponse => CompileResult.failFmt("Downloaded file for '{}' appears to be corrupted. Please try again.", .{target}),
+                        error.ExtractionFailed => CompileResult.failFmt("Failed to extract executable for '{}'. The download may be incomplete.", .{target}),
+                        error.UnsupportedTarget => CompileResult.failFmt("Target '{}' is not supported", .{target}),
+                        else => CompileResult.failFmt("Failed to download '{}': {s}", .{ target, @errorName(err) }),
                     };
-                    return CompileResult.fail(msg);
                 };
             }
 
@@ -992,7 +1044,7 @@ pub const StandaloneModuleGraph = struct {
             // Get the current path of the temp file
             var temp_buf: bun.PathBuffer = undefined;
             const temp_path = bun.getFdPath(fd, &temp_buf) catch |err| {
-                return CompileResult.fail(std.fmt.allocPrint(allocator, "Failed to get temp file path: {s}", .{@errorName(err)}) catch "Failed to get temp file path");
+                return CompileResult.failFmt("Failed to get temp file path: {s}", .{@errorName(err)});
             };
 
             // Build the absolute destination path
@@ -1000,7 +1052,7 @@ pub const StandaloneModuleGraph = struct {
             // Get the current working directory and join with outfile
             var cwd_buf: bun.PathBuffer = undefined;
             const cwd_path = bun.getcwd(&cwd_buf) catch |err| {
-                return CompileResult.fail(std.fmt.allocPrint(allocator, "Failed to get current directory: {s}", .{@errorName(err)}) catch "Failed to get current directory");
+                return CompileResult.failFmt("Failed to get current directory: {s}", .{@errorName(err)});
             };
             const dest_path = if (std.fs.path.isAbsolute(outfile))
                 outfile
@@ -1028,12 +1080,12 @@ pub const StandaloneModuleGraph = struct {
                 const err = bun.windows.Win32Error.get();
                 if (err.toSystemErrno()) |sys_err| {
                     if (sys_err == .EISDIR) {
-                        return CompileResult.fail(std.fmt.allocPrint(allocator, "{s} is a directory. Please choose a different --outfile or delete the directory", .{outfile}) catch "outfile is a directory");
+                        return CompileResult.failFmt("{s} is a directory. Please choose a different --outfile or delete the directory", .{outfile});
                     } else {
-                        return CompileResult.fail(std.fmt.allocPrint(allocator, "failed to move executable to {s}: {s}", .{ dest_path, @tagName(sys_err) }) catch "failed to move executable");
+                        return CompileResult.failFmt("failed to move executable to {s}: {s}", .{ dest_path, @tagName(sys_err) });
                     }
                 } else {
-                    return CompileResult.fail(std.fmt.allocPrint(allocator, "failed to move executable to {s}", .{dest_path}) catch "failed to move executable");
+                    return CompileResult.failFmt("failed to move executable to {s}", .{dest_path});
                 }
             }
 
@@ -1055,7 +1107,7 @@ pub const StandaloneModuleGraph = struct {
                     windows_options.description,
                     windows_options.copyright,
                 ) catch |err| {
-                    return CompileResult.fail(std.fmt.allocPrint(allocator, "Failed to set Windows metadata: {s}", .{@errorName(err)}) catch "Failed to set Windows metadata");
+                    return CompileResult.failFmt("Failed to set Windows metadata: {s}", .{@errorName(err)});
                 };
             }
             return .success;
@@ -1063,14 +1115,14 @@ pub const StandaloneModuleGraph = struct {
 
         var buf: bun.PathBuffer = undefined;
         const temp_location = bun.getFdPath(fd, &buf) catch |err| {
-            return CompileResult.fail(std.fmt.allocPrint(allocator, "failed to get path for fd: {s}", .{@errorName(err)}) catch "failed to get path for file descriptor");
+            return CompileResult.failFmt("failed to get path for fd: {s}", .{@errorName(err)});
         };
         const temp_posix = std.posix.toPosixPath(temp_location) catch |err| {
-            return CompileResult.fail(std.fmt.allocPrint(allocator, "path too long: {s}", .{@errorName(err)}) catch "path too long");
+            return CompileResult.failFmt("path too long: {s}", .{@errorName(err)});
         };
         const outfile_basename = std.fs.path.basename(outfile);
         const outfile_posix = std.posix.toPosixPath(outfile_basename) catch |err| {
-            return CompileResult.fail(std.fmt.allocPrint(allocator, "outfile name too long: {s}", .{@errorName(err)}) catch "outfile name too long");
+            return CompileResult.failFmt("outfile name too long: {s}", .{@errorName(err)});
         };
 
         bun.sys.moveFileZWithHandle(
@@ -1086,9 +1138,9 @@ pub const StandaloneModuleGraph = struct {
             _ = Syscall.unlink(&temp_posix);
 
             if (err == error.IsDir or err == error.EISDIR) {
-                return CompileResult.fail(std.fmt.allocPrint(allocator, "{s} is a directory. Please choose a different --outfile or delete the directory", .{outfile}) catch "outfile is a directory");
+                return CompileResult.failFmt("{s} is a directory. Please choose a different --outfile or delete the directory", .{outfile});
             } else {
-                return CompileResult.fail(std.fmt.allocPrint(allocator, "failed to rename {s} to {s}: {s}", .{ temp_location, outfile, @errorName(err) }) catch "failed to rename file");
+                return CompileResult.failFmt("failed to rename {s} to {s}: {s}", .{ temp_location, outfile, @errorName(err) });
             }
         };
 

src/Watcher.zig

@@ -95,9 +95,18 @@ pub fn init(comptime T: type, ctx: *T, fs: *bun.fs.FileSystem, allocator: std.me
 
     try Platform.init(&watcher.platform, fs.top_level_dir);
 
+    // Initialize trace file if BUN_WATCHER_TRACE env var is set
+    WatcherTrace.init();
+
     return watcher;
 }
 
+/// Write trace events to the trace file if enabled.
+/// This runs on the watcher thread, so no locking is needed.
+pub fn writeTraceEvents(this: *Watcher, events: []WatchEvent, changed_files: []?[:0]u8) void {
+    WatcherTrace.writeEvents(this, events, changed_files);
+}
+
 pub fn start(this: *Watcher) !void {
     bun.assert(this.watchloop_handle == null);
     this.thread = try std.Thread.spawn(.{}, threadMain, .{this});
@@ -244,6 +253,9 @@ fn threadMain(this: *Watcher) !void {
     }
     this.watchlist.deinit(this.allocator);
 
+    // Close trace file if open
+    WatcherTrace.deinit();
+
     const allocator = this.allocator;
     allocator.destroy(this);
 }
@@ -300,6 +312,48 @@ fn watchLoop(this: *Watcher) bun.sys.Maybe(void) {
     return .success;
 }
 
+/// Register a file descriptor with kqueue on macOS without validation.
+///
+/// Preconditions (caller must ensure):
+/// - `fd` is a valid, open file descriptor
+/// - `fd` is not already registered with this kqueue
+/// - `watchlist_id` matches the entry's index in the watchlist
+///
+/// Note: This function does not propagate kevent registration errors.
+/// If registration fails, the file will not be watched but no error is returned.
+pub fn addFileDescriptorToKQueueWithoutChecks(this: *Watcher, fd: bun.FileDescriptor, watchlist_id: usize) void {
+    const KEvent = std.c.Kevent;
+
+    // https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man2/kqueue.2.html
+    var event = std.mem.zeroes(KEvent);
+
+    event.flags = std.c.EV.ADD | std.c.EV.CLEAR | std.c.EV.ENABLE;
+    // we want to know about the vnode
+    event.filter = std.c.EVFILT.VNODE;
+
+    event.fflags = std.c.NOTE.WRITE | std.c.NOTE.RENAME | std.c.NOTE.DELETE;
+
+    // id
+    event.ident = @intCast(fd.native());
+
+    // Store the index for fast filtering later
+    event.udata = @as(usize, @intCast(watchlist_id));
+    var events: [1]KEvent = .{event};
+
+    // This took a lot of work to figure out the right permutation
+    // Basically:
+    // - We register the event here.
+    // our while(true) loop above receives notification of changes to any of the events created here.
+    _ = std.posix.system.kevent(
+        this.platform.fd.unwrap().?.native(),
+        @as([]KEvent, events[0..1]).ptr,
+        1,
+        @as([]KEvent, events[0..1]).ptr,
+        0,
+        null,
+    );
+}
+
 fn appendFileAssumeCapacity(
     this: *Watcher,
     fd: bun.FileDescriptor,
@@ -338,36 +392,7 @@ fn appendFileAssumeCapacity(
     };
 
     if (comptime Environment.isMac) {
-        const KEvent = std.c.Kevent;
-
-        // https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man2/kqueue.2.html
-        var event = std.mem.zeroes(KEvent);
-
-        event.flags = std.c.EV.ADD | std.c.EV.CLEAR | std.c.EV.ENABLE;
-        // we want to know about the vnode
-        event.filter = std.c.EVFILT.VNODE;
-
-        event.fflags = std.c.NOTE.WRITE | std.c.NOTE.RENAME | std.c.NOTE.DELETE;
-
-        // id
-        event.ident = @intCast(fd.native());
-
-        // Store the hash for fast filtering later
-        event.udata = @as(usize, @intCast(watchlist_id));
-        var events: [1]KEvent = .{event};
-
-        // This took a lot of work to figure out the right permutation
-        // Basically:
-        // - We register the event here.
-        // our while(true) loop above receives notification of changes to any of the events created here.
-        _ = std.posix.system.kevent(
-            this.platform.fd.unwrap().?.native(),
-            @as([]KEvent, events[0..1]).ptr,
-            1,
-            @as([]KEvent, events[0..1]).ptr,
-            0,
-            null,
-        );
+        this.addFileDescriptorToKQueueWithoutChecks(fd, watchlist_id);
     } else if (comptime Environment.isLinux) {
         // var file_path_to_use_ = std.mem.trimRight(u8, file_path_, "/");
         // var buf: [bun.MAX_PATH_BYTES+1]u8 = undefined;
@@ -600,6 +625,78 @@ pub fn addDirectory(
     return this.appendDirectoryAssumeCapacity(fd, file_path, hash, clone_file_path);
 }
 
+/// Lazily watch a file by path (slow path).
+///
+/// This function is used when a file needs to be watched but was not
+/// encountered during the normal import graph traversal. On macOS, it
+/// opens a file descriptor with O_EVTONLY to obtain an inode reference.
+///
+/// Thread-safe: uses internal locking to prevent race conditions.
+///
+/// Returns:
+/// - true if the file is successfully added to the watchlist or already watched
+/// - false if the file cannot be opened or added to the watchlist
+pub fn addFileByPathSlow(
+    this: *Watcher,
+    file_path: string,
+    loader: options.Loader,
+) bool {
+    if (file_path.len == 0) return false;
+    const hash = getHash(file_path);
+
+    // Check if already watched (with lock to avoid race with removal)
+    {
+        this.mutex.lock();
+        const already_watched = this.indexOf(hash) != null;
+        this.mutex.unlock();
+
+        if (already_watched) {
+            return true;
+        }
+    }
+
+    // Only open fd if we might need it
+    var fd: bun.FileDescriptor = bun.invalid_fd;
+    if (Environment.isMac) {
+        const path_z = std.posix.toPosixPath(file_path) catch return false;
+        switch (bun.sys.open(&path_z, bun.c.O_EVTONLY, 0)) {
+            .result => |opened| fd = opened,
+            .err => return false,
+        }
+    }
+
+    const res = this.addFile(fd, file_path, hash, loader, bun.invalid_fd, null, true);
+    switch (res) {
+        .result => {
+            // On macOS, addFile may have found the file already watched (race)
+            // and returned success without using our fd. Close it if unused.
+            if ((comptime Environment.isMac) and fd.isValid()) {
+                this.mutex.lock();
+                const maybe_idx = this.indexOf(hash);
+                const stored_fd = if (maybe_idx) |idx|
+                    this.watchlist.items(.fd)[idx]
+                else
+                    bun.invalid_fd;
+                this.mutex.unlock();
+
+                // Only close if entry exists and stored fd differs from ours.
+                // Race scenarios:
+                // 1. Entry removed (maybe_idx == null): our fd was stored then closed by flushEvictions → don't close
+                // 2. Entry exists with different fd: another thread added entry, addFile didn't use our fd → close ours
+                // 3. Entry exists with same fd: our fd was stored → don't close
+                if (maybe_idx != null and stored_fd.native() != fd.native()) {
+                    fd.close();
+                }
+            }
+            return true;
+        },
+        .err => {
+            if (fd.isValid()) fd.close();
+            return false;
+        },
+    }
+}
+
 pub fn addFile(
     this: *Watcher,
     fd: bun.FileDescriptor,
@@ -676,6 +773,7 @@ pub fn onMaybeWatchDirectory(watch: *Watcher, file_path: string, dir_fd: bun.Sto
 
 const string = []const u8;
 
+const WatcherTrace = @import("./watcher/WatcherTrace.zig");
 const WindowsWatcher = @import("./watcher/WindowsWatcher.zig");
 const options = @import("./options.zig");
 const std = @import("std");

src/allocators/allocation_scope.zig

@@ -506,6 +506,12 @@ pub fn AllocationScopeIn(comptime Allocator: type) type {
         pub fn setPointerExtra(self: Self, ptr: *anyopaque, extra: Extra) void {
             return self.borrow().setPointerExtra(ptr, extra);
         }
+
+        pub fn leakSlice(self: Self, memory: anytype) void {
+            if (comptime !Self.enabled) return;
+            _ = @typeInfo(@TypeOf(memory)).pointer;
+            self.trackExternalFree(memory, null) catch @panic("tried to free memory that was not allocated by the allocation scope");
+        }
     };
 }
 

src/allocators/mimalloc.zig

@@ -216,8 +216,7 @@ pub extern fn mi_new_reallocn(p: ?*anyopaque, newcount: usize, size: usize) ?*an
 pub const MI_SMALL_WSIZE_MAX = @as(c_int, 128);
 pub const MI_SMALL_SIZE_MAX = MI_SMALL_WSIZE_MAX * @import("std").zig.c_translation.sizeof(?*anyopaque);
 pub const MI_ALIGNMENT_MAX = (@as(c_int, 16) * @as(c_int, 1024)) * @as(c_ulong, 1024);
-
-const MI_MAX_ALIGN_SIZE = 16;
+pub const MI_MAX_ALIGN_SIZE = 16;
 
 pub fn mustUseAlignedAlloc(alignment: std.mem.Alignment) bool {
     return alignment.toByteUnits() > MI_MAX_ALIGN_SIZE;

src/api/schema.zig

@@ -321,8 +321,9 @@ pub const ByteWriter = Writer(*std.io.FixedBufferStream([]u8));
 pub const FileWriter = Writer(std.fs.File);
 
 pub const api = struct {
+    // these are in sync with BunLoaderType in headers-handwritten.h
     pub const Loader = enum(u8) {
-        _none = 255,
+        _none = 254,
         jsx = 1,
         js = 2,
         ts = 3,
@@ -3052,173 +3053,8 @@ pub const api = struct {
 
         security_scanner: ?[]const u8 = null,
 
-        pub fn decode(reader: anytype) anyerror!BunInstall {
-            var this = std.mem.zeroes(BunInstall);
-
-            while (true) {
-                switch (try reader.readByte()) {
-                    0 => {
-                        return this;
-                    },
-
-                    1 => {
-                        this.default_registry = try reader.readValue(NpmRegistry);
-                    },
-                    2 => {
-                        this.scoped = try reader.readValue(NpmRegistryMap);
-                    },
-                    3 => {
-                        this.lockfile_path = try reader.readValue([]const u8);
-                    },
-                    4 => {
-                        this.save_lockfile_path = try reader.readValue([]const u8);
-                    },
-                    5 => {
-                        this.cache_directory = try reader.readValue([]const u8);
-                    },
-                    6 => {
-                        this.dry_run = try reader.readValue(bool);
-                    },
-                    7 => {
-                        this.force = try reader.readValue(bool);
-                    },
-                    8 => {
-                        this.save_dev = try reader.readValue(bool);
-                    },
-                    9 => {
-                        this.save_optional = try reader.readValue(bool);
-                    },
-                    10 => {
-                        this.save_peer = try reader.readValue(bool);
-                    },
-                    11 => {
-                        this.save_lockfile = try reader.readValue(bool);
-                    },
-                    12 => {
-                        this.production = try reader.readValue(bool);
-                    },
-                    13 => {
-                        this.save_yarn_lockfile = try reader.readValue(bool);
-                    },
-                    14 => {
-                        this.native_bin_links = try reader.readArray([]const u8);
-                    },
-                    15 => {
-                        this.disable_cache = try reader.readValue(bool);
-                    },
-                    16 => {
-                        this.disable_manifest_cache = try reader.readValue(bool);
-                    },
-                    17 => {
-                        this.global_dir = try reader.readValue([]const u8);
-                    },
-                    18 => {
-                        this.global_bin_dir = try reader.readValue([]const u8);
-                    },
-                    19 => {
-                        this.frozen_lockfile = try reader.readValue(bool);
-                    },
-                    20 => {
-                        this.exact = try reader.readValue(bool);
-                    },
-                    21 => {
-                        this.concurrent_scripts = try reader.readValue(u32);
-                    },
-                    else => {
-                        return error.InvalidMessage;
-                    },
-                }
-            }
-            unreachable;
-        }
-
-        pub fn encode(this: *const @This(), writer: anytype) anyerror!void {
-            if (this.default_registry) |default_registry| {
-                try writer.writeFieldID(1);
-                try writer.writeValue(@TypeOf(default_registry), default_registry);
-            }
-            if (this.scoped) |scoped| {
-                try writer.writeFieldID(2);
-                try writer.writeValue(@TypeOf(scoped), scoped);
-            }
-            if (this.lockfile_path) |lockfile_path| {
-                try writer.writeFieldID(3);
-                try writer.writeValue(@TypeOf(lockfile_path), lockfile_path);
-            }
-            if (this.save_lockfile_path) |save_lockfile_path| {
-                try writer.writeFieldID(4);
-                try writer.writeValue(@TypeOf(save_lockfile_path), save_lockfile_path);
-            }
-            if (this.cache_directory) |cache_directory| {
-                try writer.writeFieldID(5);
-                try writer.writeValue(@TypeOf(cache_directory), cache_directory);
-            }
-            if (this.dry_run) |dry_run| {
-                try writer.writeFieldID(6);
-                try writer.writeInt(@as(u8, @intFromBool(dry_run)));
-            }
-            if (this.force) |force| {
-                try writer.writeFieldID(7);
-                try writer.writeInt(@as(u8, @intFromBool(force)));
-            }
-            if (this.save_dev) |save_dev| {
-                try writer.writeFieldID(8);
-                try writer.writeInt(@as(u8, @intFromBool(save_dev)));
-            }
-            if (this.save_optional) |save_optional| {
-                try writer.writeFieldID(9);
-                try writer.writeInt(@as(u8, @intFromBool(save_optional)));
-            }
-            if (this.save_peer) |save_peer| {
-                try writer.writeFieldID(10);
-                try writer.writeInt(@as(u8, @intFromBool(save_peer)));
-            }
-            if (this.save_lockfile) |save_lockfile| {
-                try writer.writeFieldID(11);
-                try writer.writeInt(@as(u8, @intFromBool(save_lockfile)));
-            }
-            if (this.production) |production| {
-                try writer.writeFieldID(12);
-                try writer.writeInt(@as(u8, @intFromBool(production)));
-            }
-            if (this.save_yarn_lockfile) |save_yarn_lockfile| {
-                try writer.writeFieldID(13);
-                try writer.writeInt(@as(u8, @intFromBool(save_yarn_lockfile)));
-            }
-            if (this.native_bin_links) |native_bin_links| {
-                try writer.writeFieldID(14);
-                try writer.writeArray([]const u8, native_bin_links);
-            }
-            if (this.disable_cache) |disable_cache| {
-                try writer.writeFieldID(15);
-                try writer.writeInt(@as(u8, @intFromBool(disable_cache)));
-            }
-            if (this.disable_manifest_cache) |disable_manifest_cache| {
-                try writer.writeFieldID(16);
-                try writer.writeInt(@as(u8, @intFromBool(disable_manifest_cache)));
-            }
-            if (this.global_dir) |global_dir| {
-                try writer.writeFieldID(17);
-                try writer.writeValue(@TypeOf(global_dir), global_dir);
-            }
-            if (this.global_bin_dir) |global_bin_dir| {
-                try writer.writeFieldID(18);
-                try writer.writeValue(@TypeOf(global_bin_dir), global_bin_dir);
-            }
-            if (this.frozen_lockfile) |frozen_lockfile| {
-                try writer.writeFieldID(19);
-                try writer.writeInt(@as(u8, @intFromBool(frozen_lockfile)));
-            }
-            if (this.exact) |exact| {
-                try writer.writeFieldID(20);
-                try writer.writeInt(@as(u8, @intFromBool(exact)));
-            }
-            if (this.concurrent_scripts) |concurrent_scripts| {
-                try writer.writeFieldID(21);
-                try writer.writeInt(concurrent_scripts);
-            }
-            try writer.endMessage();
-        }
+        minimum_release_age_ms: ?f64 = null,
+        minimum_release_age_excludes: ?[]const []const u8 = null,
     };
 
     pub const ClientServerModule = struct {

src/ast.zig

@@ -345,6 +345,18 @@ pub const ExportsKind = enum {
     pub fn jsonStringify(self: @This(), writer: anytype) !void {
         return try writer.write(@tagName(self));
     }
+
+    pub fn toModuleType(self: @This()) bun.options.ModuleType {
+        return switch (self) {
+            .none => .unknown,
+            .cjs => .cjs,
+
+            .esm_with_dynamic_fallback,
+            .esm_with_dynamic_fallback_from_cjs,
+            .esm,
+            => .esm,
+        };
+    }
 };
 
 pub const DeclaredSymbol = struct {
@@ -610,6 +622,7 @@ pub const ToJSError = error{
     MacroError,
     OutOfMemory,
     JSError,
+    JSTerminated,
 };
 
 /// Say you need to allocate a bunch of tiny arrays

src/ast/Macro.zig

@@ -51,7 +51,7 @@ pub const MacroContext = struct {
         bun.assert(!isMacroPath(import_record_path_without_macro_prefix));
 
         const input_specifier = brk: {
-            if (jsc.ModuleLoader.HardcodedModule.Alias.get(import_record_path, .bun)) |replacement| {
+            if (jsc.ModuleLoader.HardcodedModule.Alias.get(import_record_path, .bun, .{})) |replacement| {
                 break :brk replacement.path;
             }
 
@@ -591,9 +591,7 @@ pub const Runner = struct {
             }
         };
 
-        // TODO: can change back to `return CallData.callWrapper(.{`
-        // when https://github.com/ziglang/zig/issues/16242 is fixed
-        return CallData.callWrapper(CallArgs{
+        return CallData.callWrapper(.{
             macro,
             log,
             allocator,