ci: make vendor fails not red the status

Co-authored-by: Dylan Conway <35280289+dylan-conway@users.noreply.github.com>

.buildkite/ci.mjs

@@ -107,9 +107,9 @@ const buildPlatforms = [
   { os: "linux", arch: "aarch64", distro: "amazonlinux", release: "2023", features: ["docker"] },
   { os: "linux", arch: "x64", distro: "amazonlinux", release: "2023", features: ["docker"] },
   { os: "linux", arch: "x64", baseline: true, distro: "amazonlinux", release: "2023", features: ["docker"] },
-  { os: "linux", arch: "aarch64", abi: "musl", distro: "alpine", release: "3.20" },
-  { os: "linux", arch: "x64", abi: "musl", distro: "alpine", release: "3.20" },
-  { os: "linux", arch: "x64", abi: "musl", baseline: true, distro: "alpine", release: "3.20" },
+  { os: "linux", arch: "aarch64", abi: "musl", distro: "alpine", release: "3.21" },
+  { os: "linux", arch: "x64", abi: "musl", distro: "alpine", release: "3.21" },
+  { os: "linux", arch: "x64", abi: "musl", baseline: true, distro: "alpine", release: "3.21" },
   { os: "windows", arch: "x64", release: "2019" },
   { os: "windows", arch: "x64", baseline: true, release: "2019" },
 ];
@@ -134,9 +134,9 @@ const testPlatforms = [
   { os: "linux", arch: "x64", baseline: true, distro: "ubuntu", release: "24.04", tier: "latest" },
   { os: "linux", arch: "x64", baseline: true, distro: "ubuntu", release: "22.04", tier: "previous" },
   { os: "linux", arch: "x64", baseline: true, distro: "ubuntu", release: "20.04", tier: "oldest" },
-  { os: "linux", arch: "aarch64", abi: "musl", distro: "alpine", release: "3.20", tier: "latest" },
-  { os: "linux", arch: "x64", abi: "musl", distro: "alpine", release: "3.20", tier: "latest" },
-  { os: "linux", arch: "x64", abi: "musl", baseline: true, distro: "alpine", release: "3.20", tier: "latest" },
+  { os: "linux", arch: "aarch64", abi: "musl", distro: "alpine", release: "3.21", tier: "latest" },
+  { os: "linux", arch: "x64", abi: "musl", distro: "alpine", release: "3.21", tier: "latest" },
+  { os: "linux", arch: "x64", abi: "musl", baseline: true, distro: "alpine", release: "3.21", tier: "latest" },
   { os: "windows", arch: "x64", release: "2019", tier: "oldest" },
   { os: "windows", arch: "x64", release: "2019", baseline: true, tier: "oldest" },
 ];
@@ -471,7 +471,7 @@ function getBuildZigStep(platform, options) {
     cancel_on_build_failing: isMergeQueue(),
     env: getBuildEnv(platform, options),
     command: `bun run build:ci --target bun-zig --toolchain ${toolchain}`,
-    timeout_in_minutes: 25,
+    timeout_in_minutes: 35,
   };
 }
 

.buildkite/scripts/upload-release.sh

@@ -201,6 +201,8 @@ function create_release() {
   local artifacts=(
     bun-darwin-aarch64.zip
     bun-darwin-aarch64-profile.zip
+    bun-darwin-x64.zip
+    bun-darwin-x64-profile.zip
     bun-linux-aarch64.zip
     bun-linux-aarch64-profile.zip
     bun-linux-x64.zip

.github/workflows/update-cares.yml

@@ -89,4 +89,6 @@ jobs:
 
             Updates c-ares to version ${{ steps.check-version.outputs.tag }}
 
+            Compare: https://github.com/c-ares/c-ares/compare/${{ steps.check-version.outputs.current }}...${{ steps.check-version.outputs.latest }}
+
             Auto-updated by [this workflow](https://github.com/oven-sh/bun/actions/workflows/update-cares.yml)

.github/workflows/update-libarchive.yml

@@ -89,4 +89,6 @@ jobs:
 
             Updates libarchive to version ${{ steps.check-version.outputs.tag }}
 
+            Compare: https://github.com/libarchive/libarchive/compare/${{ steps.check-version.outputs.current }}...${{ steps.check-version.outputs.latest }}
+
             Auto-updated by [this workflow](https://github.com/oven-sh/bun/actions/workflows/update-libarchive.yml)

.github/workflows/update-libdeflate.yml

@@ -89,4 +89,6 @@ jobs:
 
             Updates libdeflate to version ${{ steps.check-version.outputs.tag }}
 
+            Compare: https://github.com/ebiggers/libdeflate/compare/${{ steps.check-version.outputs.current }}...${{ steps.check-version.outputs.latest }}
+
             Auto-updated by [this workflow](https://github.com/oven-sh/bun/actions/workflows/update-libdeflate.yml)

.github/workflows/update-lolhtml.yml

@@ -89,4 +89,6 @@ jobs:
 
             Updates lolhtml to version ${{ steps.check-version.outputs.tag }}
 
+            Compare: https://github.com/cloudflare/lol-html/compare/${{ steps.check-version.outputs.current }}...${{ steps.check-version.outputs.latest }}
+
             Auto-updated by [this workflow](https://github.com/oven-sh/bun/actions/workflows/update-lolhtml.yml)

.github/workflows/update-lshpack.yml

@@ -89,4 +89,6 @@ jobs:
 
             Updates lshpack to version ${{ steps.check-version.outputs.tag }}
 
+            Compare: https://github.com/litespeedtech/ls-hpack/compare/${{ steps.check-version.outputs.current }}...${{ steps.check-version.outputs.latest }}
+
             Auto-updated by [this workflow](https://github.com/oven-sh/bun/actions/workflows/update-lshpack.yml)

.github/workflows/update-root-certs.yml

@@ -0,0 +1,82 @@
+name: Daily Root Certs Update Check
+
+on:
+  schedule:
+    - cron: "0 0 * * *" # Runs at 00:00 UTC every day
+  workflow_dispatch: # Allows manual trigger
+
+jobs:
+  check-and-update:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Bun
+        uses: oven-sh/setup-bun@v1
+        with:
+          bun-version: latest
+
+      - name: Generate root certs and capture output
+        id: generate-certs
+        run: |
+          cd packages/bun-usockets/
+          OUTPUT=$(bun generate-root-certs.mjs -v)
+          echo "cert_output<<EOF" >> $GITHUB_ENV
+          echo "$OUTPUT" >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+
+      - name: Check for changes and stage files
+        id: check-changes
+        run: |
+          if [[ -n "$(git status --porcelain)" ]]; then
+            echo "Found changes, staging modified files..."
+            git config --global user.name "github-actions[bot]"
+            git config --global user.email "github-actions[bot]@users.noreply.github.com"
+            
+            # Get list of modified files and add them
+            git status --porcelain | while read -r status file; do
+              # Remove leading status and whitespace
+              file=$(echo "$file" | sed 's/^.* //')
+              echo "Adding changed file: $file"
+              git add "$file"
+            done
+            
+            echo "changes=true" >> $GITHUB_OUTPUT
+            
+            # Store the list of changed files
+            CHANGED_FILES=$(git status --porcelain)
+            echo "changed_files<<EOF" >> $GITHUB_ENV
+            echo "$CHANGED_FILES" >> $GITHUB_ENV
+            echo "EOF" >> $GITHUB_ENV
+          else
+            echo "No changes detected"
+            echo "changes=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Create Pull Request
+        if: steps.check-changes.outputs.changes == 'true'
+        uses: peter-evans/create-pull-request@v5
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          commit-message: "update(root_certs): Update root certificates $(date +'%Y-%m-%d')"
+          title: "update(root_certs) $(date +'%Y-%m-%d')"
+          body: |
+            Automated root certificates update
+
+            ${{ env.cert_output }}
+
+            ## Changed Files:
+            ```
+            ${{ env.changed_files }}
+            ```
+          branch: certs/update-root-certs-${{ github.run_number }}
+          base: main
+          delete-branch: true
+          labels:
+            - "automation"
+            - "root-certs"

.github/workflows/update-sqlite3.yml

@@ -106,4 +106,6 @@ jobs:
 
             Updates SQLite to version ${{ steps.check-version.outputs.latest }}
 
+            Compare: https://sqlite.org/src/vdiff?from=${{ steps.check-version.outputs.current }}&to=${{ steps.check-version.outputs.latest }}
+
             Auto-updated by [this workflow](https://github.com/oven-sh/bun/actions/workflows/update-sqlite3.yml)

.lldbinit

@@ -1,4 +1,16 @@
-# command script import vendor/zig/tools/lldb_pretty_printers.py
-command script import vendor/WebKit/Tools/lldb/lldb_webkit.py
+# Tell LLDB what to do when the debugged process receives SIGPWR: pass it through to the process
+# (-p), but do not stop the process (-s) or notify the user (-n).
+#
+# JSC's garbage collector sends this signal (as configured by Bun WebKit in
+# Thread::initializePlatformThreading() in ThreadingPOSIX.cpp) to the JS thread to suspend or resume
+# it. So stopping the process would just create noise when debugging any long-running script.
+process handle -p true -s false -n false SIGPWR
 
-# type summary add --summary-string "${var} | inner=${var[0-30]}, source=${var[33-64]}, tag=${var[31-32]}" "unsigned long"
+command script import misctools/lldb/lldb_pretty_printers.py
+type category enable zig.lang
+type category enable zig.std
+
+command script import misctools/lldb/lldb_webkit.py
+
+command script delete btjs
+command alias btjs p {printf("gathering btjs trace...\n");printf("%s\n", (char*)dumpBtjsTrace())}

.vscode/launch.json

@@ -22,7 +22,6 @@
       },
       "console": "internalConsole",
       // Don't pause when the GC runs while the debugger is open.
-      "postRunCommands": ["command source '${workspaceFolder}/misctools/lldb/lldb_commands'"],
     },
     {
       "type": "lldb",
@@ -38,7 +37,6 @@
       },
       "console": "internalConsole",
       // Don't pause when the GC runs while the debugger is open.
-      "postRunCommands": ["command source '${workspaceFolder}/misctools/lldb/lldb_commands'"],
     },
     {
       "type": "lldb",
@@ -60,7 +58,6 @@
       },
       "console": "internalConsole",
       // Don't pause when the GC runs while the debugger is open.
-      "postRunCommands": ["command source '${workspaceFolder}/misctools/lldb/lldb_commands'"],
     },
     {
       "type": "lldb",
@@ -76,7 +73,6 @@
       },
       "console": "internalConsole",
       // Don't pause when the GC runs while the debugger is open.
-      "postRunCommands": ["command source '${workspaceFolder}/misctools/lldb/lldb_commands'"],
     },
     {
       "type": "lldb",
@@ -92,7 +88,6 @@
       },
       "console": "internalConsole",
       // Don't pause when the GC runs while the debugger is open.
-      "postRunCommands": ["command source '${workspaceFolder}/misctools/lldb/lldb_commands'"],
     },
     {
       "type": "lldb",
@@ -108,7 +103,6 @@
       },
       "console": "internalConsole",
       // Don't pause when the GC runs while the debugger is open.
-      "postRunCommands": ["command source '${workspaceFolder}/misctools/lldb/lldb_commands'"],
     },
     {
       "type": "lldb",
@@ -125,7 +119,6 @@
       },
       "console": "internalConsole",
       // Don't pause when the GC runs while the debugger is open.
-      "postRunCommands": ["command source '${workspaceFolder}/misctools/lldb/lldb_commands'"],
       "serverReadyAction": {
         "pattern": "https://debug.bun.sh/#localhost:([0-9]+)/",
         "uriFormat": "https://debug.bun.sh/#ws://localhost:%s/",
@@ -147,7 +140,6 @@
       },
       "console": "internalConsole",
       // Don't pause when the GC runs while the debugger is open.
-      "postRunCommands": ["command source '${workspaceFolder}/misctools/lldb/lldb_commands'"],
       "serverReadyAction": {
         "pattern": "https://debug.bun.sh/#localhost:([0-9]+)/",
         "uriFormat": "https://debug.bun.sh/#ws://localhost:%s/",
@@ -169,7 +161,6 @@
       },
       "console": "internalConsole",
       // Don't pause when the GC runs while the debugger is open.
-      "postRunCommands": ["command source '${workspaceFolder}/misctools/lldb/lldb_commands'"],
     },
     {
       "type": "lldb",
@@ -188,7 +179,6 @@
       },
       "console": "internalConsole",
       // Don't pause when the GC runs while the debugger is open.
-      "postRunCommands": ["command source '${workspaceFolder}/misctools/lldb/lldb_commands'"],
     },
     {
       "type": "lldb",
@@ -203,7 +193,6 @@
       },
       "console": "internalConsole",
       // Don't pause when the GC runs while the debugger is open.
-      "postRunCommands": ["command source '${workspaceFolder}/misctools/lldb/lldb_commands'"],
     },
     {
       "type": "lldb",
@@ -221,7 +210,6 @@
       },
       "console": "internalConsole",
       // Don't pause when the GC runs while the debugger is open.
-      "postRunCommands": ["command source '${workspaceFolder}/misctools/lldb/lldb_commands'"],
     },
     {
       "type": "lldb",
@@ -236,7 +224,6 @@
       },
       "console": "internalConsole",
       // Don't pause when the GC runs while the debugger is open.
-      "postRunCommands": ["command source '${workspaceFolder}/misctools/lldb/lldb_commands'"],
     },
     {
       "type": "lldb",
@@ -253,7 +240,6 @@
       },
       "console": "internalConsole",
       // Don't pause when the GC runs while the debugger is open.
-      "postRunCommands": ["command source '${workspaceFolder}/misctools/lldb/lldb_commands'"],
       "serverReadyAction": {
         "pattern": "https://debug.bun.sh/#localhost:([0-9]+)/",
         "uriFormat": "https://debug.bun.sh/#ws://localhost:%s/",
@@ -275,7 +261,6 @@
       },
       "console": "internalConsole",
       // Don't pause when the GC runs while the debugger is open.
-      "postRunCommands": ["command source '${workspaceFolder}/misctools/lldb/lldb_commands'"],
       "serverReadyAction": {
         "pattern": "https://debug.bun.sh/#localhost:([0-9]+)/",
         "uriFormat": "https://debug.bun.sh/#ws://localhost:%s/",
@@ -297,7 +282,6 @@
       },
       "console": "internalConsole",
       // Don't pause when the GC runs while the debugger is open.
-      "postRunCommands": ["command source '${workspaceFolder}/misctools/lldb/lldb_commands'"],
     },
     {
       "type": "lldb",
@@ -313,7 +297,6 @@
       },
       "console": "internalConsole",
       // Don't pause when the GC runs while the debugger is open.
-      "postRunCommands": ["command source '${workspaceFolder}/misctools/lldb/lldb_commands'"],
     },
     {
       "type": "lldb",
@@ -329,7 +312,6 @@
       },
       "console": "internalConsole",
       // Don't pause when the GC runs while the debugger is open.
-      "postRunCommands": ["command source '${workspaceFolder}/misctools/lldb/lldb_commands'"],
     },
     {
       "type": "lldb",
@@ -345,7 +327,6 @@
       },
       "console": "internalConsole",
       // Don't pause when the GC runs while the debugger is open.
-      "postRunCommands": ["command source '${workspaceFolder}/misctools/lldb/lldb_commands'"],
     },
     {
       "type": "lldb",
@@ -361,7 +342,6 @@
       },
       "console": "internalConsole",
       // Don't pause when the GC runs while the debugger is open.
-      "postRunCommands": ["command source '${workspaceFolder}/misctools/lldb/lldb_commands'"],
     },
     {
       "type": "lldb",
@@ -378,7 +358,6 @@
       },
       "console": "internalConsole",
       // Don't pause when the GC runs while the debugger is open.
-      "postRunCommands": ["command source '${workspaceFolder}/misctools/lldb/lldb_commands'"],
       "serverReadyAction": {
         "pattern": "https://debug.bun.sh/#localhost:([0-9]+)/",
         "uriFormat": "https://debug.bun.sh/#ws://localhost:%s/",
@@ -400,7 +379,6 @@
       },
       "console": "internalConsole",
       // Don't pause when the GC runs while the debugger is open.
-      "postRunCommands": ["command source '${workspaceFolder}/misctools/lldb/lldb_commands'"],
       "serverReadyAction": {
         "pattern": "https://debug.bun.sh/#localhost:([0-9]+)/",
         "uriFormat": "https://debug.bun.sh/#ws://localhost:%s/",
@@ -421,7 +399,6 @@
       },
       "console": "internalConsole",
       // Don't pause when the GC runs while the debugger is open.
-      "postRunCommands": ["command source '${workspaceFolder}/misctools/lldb/lldb_commands'"],
     },
     // bun test [*]
     {
@@ -437,7 +414,6 @@
       },
       "console": "internalConsole",
       // Don't pause when the GC runs while the debugger is open.
-      "postRunCommands": ["command source '${workspaceFolder}/misctools/lldb/lldb_commands'"],
     },
     {
       "type": "lldb",
@@ -452,7 +428,6 @@
       },
       "console": "internalConsole",
       // Don't pause when the GC runs while the debugger is open.
-      "postRunCommands": ["command source '${workspaceFolder}/misctools/lldb/lldb_commands'"],
     },
     {
       "type": "lldb",
@@ -468,7 +443,6 @@
       },
       "console": "internalConsole",
       // Don't pause when the GC runs while the debugger is open.
-      "postRunCommands": ["command source '${workspaceFolder}/misctools/lldb/lldb_commands'"],
       "serverReadyAction": {
         "pattern": "https://debug.bun.sh/#localhost:([0-9]+)/",
         "uriFormat": "https://debug.bun.sh/#ws://localhost:%s/",
@@ -488,7 +462,6 @@
       },
       "console": "internalConsole",
       // Don't pause when the GC runs while the debugger is open.
-      "postRunCommands": ["command source '${workspaceFolder}/misctools/lldb/lldb_commands'"],
     },
     {
       "type": "lldb",
@@ -503,7 +476,6 @@
       },
       "console": "internalConsole",
       // Don't pause when the GC runs while the debugger is open.
-      "postRunCommands": ["command source '${workspaceFolder}/misctools/lldb/lldb_commands'"],
     },
     // Windows: bun test [file]
     {
@@ -1129,7 +1101,24 @@
       ],
       "console": "internalConsole",
       // Don't pause when the GC runs while the debugger is open.
-      "postRunCommands": ["command source '${workspaceFolder}/misctools/lldb/lldb_commands'"],
+    },
+    {
+      "type": "bun",
+      "name": "[JS] bun test [file]",
+      "runtime": "${workspaceFolder}/build/debug/bun-debug",
+      "runtimeArgs": ["test", "${file}"],
+      "cwd": "${workspaceFolder}",
+      "env": {
+        "BUN_DEBUG_QUIET_LOGS": "1",
+        "BUN_GARBAGE_COLLECTOR_LEVEL": "2",
+      },
+    },
+    {
+      "type": "midas-rr",
+      "request": "attach",
+      "name": "rr",
+      "trace": "Off",
+      "setupCommands": ["handle SIGPWR nostop noprint pass"],
     },
   ],
   "inputs": [

CONTRIBUTING.md

@@ -205,18 +205,30 @@ WebKit is not cloned by default (to save time and disk space). To clone and buil
 # Clone WebKit into ./vendor/WebKit
 $ git clone https://github.com/oven-sh/WebKit vendor/WebKit
 
+# Check out the commit hash specified in `set(WEBKIT_VERSION <commit_hash>)` in cmake/tools/SetupWebKit.cmake
+$ git -C vendor/WebKit checkout <commit_hash>
+
 # Make a debug build of JSC. This will output build artifacts in ./vendor/WebKit/WebKitBuild/Debug
 # Optionally, you can use `make jsc` for a release build
-$ make jsc-debug
+$ make jsc-debug && rm vendor/WebKit/WebKitBuild/Debug/JavaScriptCore/DerivedSources/inspector/InspectorProtocolObjects.h
 
 # Build bun with the local JSC build
 $ bun run build:local
 ```
 
+Using `bun run build:local` will build Bun in the `./build/debug-local` directory (instead of `./build/debug`), you'll have to change a couple of places to use this new directory:
+
+- The first line in [`src/js/builtins.d.ts`](/src/js/builtins.d.ts)
+- The `CompilationDatabase` line in [`.clangd` config](/.clangd) should be `CompilationDatabase: build/debug-local`
+- In [`build.zig`](/build.zig), the `codegen_path` option should be `build/debug-local/codegen` (instead of `build/debug/codegen`)
+- In [`.vscode/launch.json`](/.vscode/launch.json), many configurations use `./build/debug/`, change them as you see fit
+
 Note that the WebKit folder, including build artifacts, is 8GB+ in size.
 
 If you are using a JSC debug build and using VScode, make sure to run the `C/C++: Select a Configuration` command to configure intellisense to find the debug headers.
 
+Note that if you change make changes to our [WebKit fork](https://github.com/oven-sh/WebKit), you will also have to change [`SetupWebKit.cmake`](/cmake/tools/SetupWebKit.cmake) to point to the commit hash.
+
 ## Troubleshooting
 
 ### 'span' file not found on Ubuntu

LATEST

@@ -1 +1 @@
-1.2.4
+1.2.5

bench/crypto/diffie-hellman.mjs

@@ -0,0 +1,53 @@
+import crypto from "node:crypto";
+import { bench, run } from "../runner.mjs";
+
+// Pre-generate DH params to avoid including setup in benchmarks
+const dhSize = 1024; // Reduced from 2048 for faster testing
+const dh = crypto.createDiffieHellman(dhSize);
+const dhPrime = dh.getPrime();
+const dhGenerator = dh.getGenerator();
+
+// Classical Diffie-Hellman
+bench("DH - generateKeys", () => {
+  const alice = crypto.createDiffieHellman(dhPrime, dhGenerator);
+  return alice.generateKeys();
+});
+
+bench("DH - computeSecret", () => {
+  // Setup
+  const alice = crypto.createDiffieHellman(dhPrime, dhGenerator);
+  const aliceKey = alice.generateKeys();
+  const bob = crypto.createDiffieHellman(dhPrime, dhGenerator);
+  const bobKey = bob.generateKeys();
+
+  // Benchmark just the secret computation
+  return alice.computeSecret(bobKey);
+});
+
+// ECDH with prime256v1 (P-256)
+bench("ECDH-P256 - generateKeys", () => {
+  const ecdh = crypto.createECDH("prime256v1");
+  return ecdh.generateKeys();
+});
+
+bench("ECDH-P256 - computeSecret", () => {
+  // Setup
+  const alice = crypto.createECDH("prime256v1");
+  const aliceKey = alice.generateKeys();
+  const bob = crypto.createECDH("prime256v1");
+  const bobKey = bob.generateKeys();
+
+  // Benchmark just the secret computation
+  return alice.computeSecret(bobKey);
+});
+
+// ECDH with secp384r1 (P-384)
+bench("ECDH-P384 - computeSecret", () => {
+  const alice = crypto.createECDH("secp384r1");
+  const aliceKey = alice.generateKeys();
+  const bob = crypto.createECDH("secp384r1");
+  const bobKey = bob.generateKeys();
+  return alice.computeSecret(bobKey);
+});
+
+await run();

bench/crypto/ecdh-convert-key.mjs

@@ -0,0 +1,44 @@
+import crypto from "node:crypto";
+import { bench, run } from "../runner.mjs";
+
+function generateTestKeyPairs() {
+  const curves = crypto.getCurves();
+  const keys = {};
+
+  for (const curve of curves) {
+    const ecdh = crypto.createECDH(curve);
+    ecdh.generateKeys();
+
+    keys[curve] = {
+      compressed: ecdh.getPublicKey("hex", "compressed"),
+      uncompressed: ecdh.getPublicKey("hex", "uncompressed"),
+      instance: ecdh,
+    };
+  }
+
+  return keys;
+}
+
+const testKeys = generateTestKeyPairs();
+
+bench("ECDH key format - P256 compressed to uncompressed", () => {
+  const publicKey = testKeys["prime256v1"].compressed;
+  return crypto.ECDH.convertKey(publicKey, "prime256v1", "hex", "hex", "uncompressed");
+});
+
+bench("ECDH key format - P256 uncompressed to compressed", () => {
+  const publicKey = testKeys["prime256v1"].uncompressed;
+  return crypto.ECDH.convertKey(publicKey, "prime256v1", "hex", "hex", "compressed");
+});
+
+bench("ECDH key format - P384 compressed to uncompressed", () => {
+  const publicKey = testKeys["secp384r1"].compressed;
+  return crypto.ECDH.convertKey(publicKey, "secp384r1", "hex", "hex", "uncompressed");
+});
+
+bench("ECDH key format - P384 uncompressed to compressed", () => {
+  const publicKey = testKeys["secp384r1"].uncompressed;
+  return crypto.ECDH.convertKey(publicKey, "secp384r1", "hex", "hex", "compressed");
+});
+
+await run();

bench/crypto/primes.mjs

@@ -0,0 +1,43 @@
+import { checkPrime, checkPrimeSync, generatePrime, generatePrimeSync } from "node:crypto";
+import { bench, run } from "../runner.mjs";
+
+const prime512 = generatePrimeSync(512);
+const prime2048 = generatePrimeSync(2048);
+
+bench("checkPrimeSync 512", () => {
+  return checkPrimeSync(prime512);
+});
+
+bench("checkPrimeSync 2048", () => {
+  return checkPrimeSync(prime2048);
+});
+
+bench("checkPrime 512", async () => {
+  const promises = Array.from({ length: 10 }, () => new Promise(resolve => checkPrime(prime512, resolve)));
+  await Promise.all(promises);
+});
+
+bench("checkPrime 2048", async () => {
+  const promises = Array.from({ length: 10 }, () => new Promise(resolve => checkPrime(prime2048, resolve)));
+  await Promise.all(promises);
+});
+
+bench("generatePrimeSync 512", () => {
+  return generatePrimeSync(512);
+});
+
+bench("generatePrimeSync 2048", () => {
+  return generatePrimeSync(2048);
+});
+
+bench("generatePrime 512", async () => {
+  const promises = Array.from({ length: 10 }, () => new Promise(resolve => generatePrime(512, resolve)));
+  await Promise.all(promises);
+});
+
+bench("generatePrime 2048", async () => {
+  const promises = Array.from({ length: 10 }, () => new Promise(resolve => generatePrime(2048, resolve)));
+  await Promise.all(promises);
+});
+
+await run();

bench/crypto/random.mjs

@@ -0,0 +1,50 @@
+import crypto from "crypto";
+import { bench, run } from "../runner.mjs";
+
+bench("randomInt - sync", () => {
+  crypto.randomInt(1000);
+});
+
+bench("randomInt - async", async () => {
+  const { promise, resolve } = Promise.withResolvers();
+  crypto.randomInt(1000, () => {
+    resolve();
+  });
+  await promise;
+});
+
+bench("randonBytes - 32", () => {
+  crypto.randomBytes(32);
+});
+
+bench("randomBytes - 256", () => {
+  crypto.randomBytes(256);
+});
+
+const buf = Buffer.alloc(256);
+
+bench("randomFill - 32", async () => {
+  const { promise, resolve } = Promise.withResolvers();
+  crypto.randomFill(buf, 0, 32, () => {
+    resolve();
+  });
+  await promise;
+});
+
+bench("randomFill - 256", async () => {
+  const { promise, resolve } = Promise.withResolvers();
+  crypto.randomFill(buf, 0, 256, () => {
+    resolve();
+  });
+  await promise;
+});
+
+bench("randomFillSync - 32", () => {
+  crypto.randomFillSync(buf, 0, 32);
+});
+
+bench("randomFillSync - 256", () => {
+  crypto.randomFillSync(buf, 0, 256);
+});
+
+await run();

bench/package.json

@@ -12,6 +12,7 @@
     "eventemitter3": "^5.0.0",
     "execa": "^8.0.1",
     "fast-glob": "3.3.1",
+    "fastify": "^5.0.0",
     "fdir": "^6.1.0",
     "mitata": "^1.0.25",
     "react": "^18.3.1",

bench/snippets/express-hello.mjs

@@ -0,0 +1,13 @@
+import express from "express";
+
+const app = express();
+const port = 3000;
+
+var i = 0;
+app.get("/", (req, res) => {
+  res.send("Hello World!" + i++);
+});
+
+app.listen(port, () => {
+  console.log(`Express app listening at http://localhost:${port}`);
+});

bench/snippets/fastify.mjs

@@ -0,0 +1,20 @@
+import Fastify from "fastify";
+
+const fastify = Fastify({
+  logger: false,
+});
+
+fastify.get("/", async (request, reply) => {
+  return { hello: "world" };
+});
+
+const start = async () => {
+  try {
+    await fastify.listen({ port: 3000 });
+  } catch (err) {
+    fastify.log.error(err);
+    process.exit(1);
+  }
+};
+
+start();

build.zig

@@ -19,17 +19,17 @@ const OperatingSystem = @import("src/env.zig").OperatingSystem;
 const pathRel = fs.path.relative;
 
 /// Do not rename this constant. It is scanned by some scripts to determine which zig version to install.
-const recommended_zig_version = "0.14.0-dev.2987+183bb8b08";
+const recommended_zig_version = "0.14.0";
 
 comptime {
     if (!std.mem.eql(u8, builtin.zig_version_string, recommended_zig_version)) {
         @compileError(
             "" ++
-                "Bun requires Zig version " ++ recommended_zig_version ++ " (found " ++
-                builtin.zig_version_string ++ "). This is " ++
-                "automatically configured via Bun's CMake setup. You likely meant to run " ++
-                "`bun setup`. If you are trying to upgrade the Zig compiler, " ++
-                "run `./scripts/download-zig.sh master` or comment this message out.",
+                "Bun requires Zig version " ++ recommended_zig_version ++ ", but you have " ++
+                builtin.zig_version_string ++ ". This is automatically configured via Bun's " ++
+                "CMake setup. You likely meant to run `bun run build`. If you are trying to " ++
+                "upgrade the Zig compiler, edit ZIG_COMMIT in cmake/tools/SetupZig.cmake or " ++
+                "comment this error out.",
         );
     }
 }
@@ -319,7 +319,21 @@ pub fn build(b: *Build) !void {
             .{ .os = .linux, .arch = .aarch64 },
             .{ .os = .linux, .arch = .x86_64, .musl = true },
             .{ .os = .linux, .arch = .aarch64, .musl = true },
-        });
+        }, &.{ .Debug, .ReleaseFast });
+    }
+
+    // zig build check-all-debug
+    {
+        const step = b.step("check-all-debug", "Check for semantic analysis errors on all supported platforms in debug mode");
+        addMultiCheck(b, step, build_options, &.{
+            .{ .os = .windows, .arch = .x86_64 },
+            .{ .os = .mac, .arch = .x86_64 },
+            .{ .os = .mac, .arch = .aarch64 },
+            .{ .os = .linux, .arch = .x86_64 },
+            .{ .os = .linux, .arch = .aarch64 },
+            .{ .os = .linux, .arch = .x86_64, .musl = true },
+            .{ .os = .linux, .arch = .aarch64, .musl = true },
+        }, &.{.Debug});
     }
 
     // zig build check-windows
@@ -327,21 +341,21 @@ pub fn build(b: *Build) !void {
         const step = b.step("check-windows", "Check for semantic analysis errors on Windows");
         addMultiCheck(b, step, build_options, &.{
             .{ .os = .windows, .arch = .x86_64 },
-        });
+        }, &.{ .Debug, .ReleaseFast });
     }
     {
         const step = b.step("check-macos", "Check for semantic analysis errors on Windows");
         addMultiCheck(b, step, build_options, &.{
             .{ .os = .mac, .arch = .x86_64 },
             .{ .os = .mac, .arch = .aarch64 },
-        });
+        }, &.{ .Debug, .ReleaseFast });
     }
     {
         const step = b.step("check-linux", "Check for semantic analysis errors on Windows");
         addMultiCheck(b, step, build_options, &.{
             .{ .os = .linux, .arch = .x86_64 },
             .{ .os = .linux, .arch = .aarch64 },
-        });
+        }, &.{ .Debug, .ReleaseFast });
     }
 
     // zig build translate-c-headers
@@ -369,9 +383,10 @@ pub fn addMultiCheck(
     parent_step: *Step,
     root_build_options: BunBuildOptions,
     to_check: []const struct { os: OperatingSystem, arch: Arch, musl: bool = false },
+    optimize: []const std.builtin.OptimizeMode,
 ) void {
     for (to_check) |check| {
-        for ([_]std.builtin.Mode{ .Debug, .ReleaseFast }) |mode| {
+        for (optimize) |mode| {
             const check_target = b.resolveTargetQuery(.{
                 .os_tag = OperatingSystem.stdOSTag(check.os),
                 .cpu_arch = check.arch,

bunfig.node-test.toml

@@ -2,3 +2,7 @@
 # https://github.com/oven-sh/bun/issues/16289
 [test]
 preload = ["./test/js/node/harness.ts", "./test/preload.ts"]
+
+[install]
+# Node.js never auto-installs modules.
+auto = "disable"

cmake/targets/BuildLolHtml.cmake

@@ -4,7 +4,7 @@ register_repository(
   REPOSITORY
     cloudflare/lol-html
   COMMIT
-    4f8becea13a0021c8b71abd2dcc5899384973b66
+    67f1d4ffd6b74db7e053fb129dcce620193c180d
 )
 
 set(LOLHTML_CWD ${VENDOR_PATH}/lolhtml/c-api)

cmake/tools/SetupWebKit.cmake

@@ -2,7 +2,7 @@ option(WEBKIT_VERSION "The version of WebKit to use")
 option(WEBKIT_LOCAL "If a local version of WebKit should be used instead of downloading")
 
 if(NOT WEBKIT_VERSION)
-  set(WEBKIT_VERSION 0d7d28b5907f628331d4a944c3436856447fbf64)
+  set(WEBKIT_VERSION 2ffd4be9f9513c30333d9e23c175cab4760584e3)
 endif()
 
 string(SUBSTRING ${WEBKIT_VERSION} 0 16 WEBKIT_VERSION_PREFIX)

cmake/tools/SetupZig.cmake

@@ -20,7 +20,7 @@ else()
   unsupported(CMAKE_SYSTEM_NAME)
 endif()
 
-set(ZIG_COMMIT "bb9d6ab2c0bbbf20cc24dad03e88f3b3ffdb7de7")
+set(ZIG_COMMIT "cd1995944508e4c946deb75bd70947d302e0db37")
 optionx(ZIG_TARGET STRING "The zig target to use" DEFAULT ${DEFAULT_ZIG_TARGET})
 
 if(CMAKE_BUILD_TYPE STREQUAL "Release")

docs/api/node-api.md

@@ -12,5 +12,3 @@ Alternatively, use `process.dlopen`:
 let mod = { exports: {} };
 process.dlopen(mod, "./my-node-module.node");
 ```
-
-Bun polyfills the [`detect-libc`](https://npmjs.com/package/detect-libc) package, which is used by many Node-API modules to detect which `.node` binding to `require`.

docs/api/spawn.md

@@ -77,6 +77,16 @@ console.log(text); // "const input = "hello world".repeat(400); ..."
 
 ---
 
+- `ReadableStream`
+- Use a readable stream as input.
+
+---
+
+- `Blob`
+- Use a blob as input.
+
+---
+
 - `number`
 - Read from the file with a given file descriptor.
 
@@ -129,13 +139,13 @@ Configure the output stream by passing one of the following values to `stdout/st
 
 ---
 
-- `Bun.file()`
-- Write to the specified file.
+- `"ignore"`
+- Discard the output.
 
 ---
 
-- `null`
-- Write to `/dev/null`.
+- `Bun.file()`
+- Write to the specified file.
 
 ---
 
@@ -174,7 +184,8 @@ const proc = Bun.spawn(["bun", "--version"]);
 proc.kill();
 proc.killed; // true
 
-proc.kill(); // specify an exit code
+proc.kill(15); // specify a signal code
+proc.kill("SIGTERM"); // specify a signal name
 ```
 
 The parent `bun` process will not terminate until all child processes have exited. Use `proc.unref()` to detach the child process from the parent.
@@ -184,6 +195,64 @@ const proc = Bun.spawn(["bun", "--version"]);
 proc.unref();
 ```
 
+## Resource usage
+
+You can get information about the process's resource usage after it has exited:
+
+```ts
+const proc = Bun.spawn(["bun", "--version"]);
+await proc.exited;
+
+const usage = proc.resourceUsage();
+console.log(`Max memory used: ${usage.maxRSS} bytes`);
+console.log(`CPU time (user): ${usage.cpuTime.user} µs`);
+console.log(`CPU time (system): ${usage.cpuTime.system} µs`);
+```
+
+## Using AbortSignal
+
+You can abort a subprocess using an `AbortSignal`:
+
+```ts
+const controller = new AbortController();
+const { signal } = controller;
+
+const proc = Bun.spawn({
+  cmd: ["sleep", "100"],
+  signal,
+});
+
+// Later, to abort the process:
+controller.abort();
+```
+
+## Using timeout and killSignal
+
+You can set a timeout for a subprocess to automatically terminate after a specific duration:
+
+```ts
+// Kill the process after 5 seconds
+const proc = Bun.spawn({
+  cmd: ["sleep", "10"],
+  timeout: 5000, // 5 seconds in milliseconds
+});
+
+await proc.exited; // Will resolve after 5 seconds
+```
+
+By default, timed-out processes are killed with the `SIGTERM` signal. You can specify a different signal with the `killSignal` option:
+
+```ts
+// Kill the process with SIGKILL after 5 seconds
+const proc = Bun.spawn({
+  cmd: ["sleep", "10"],
+  timeout: 5000,
+  killSignal: "SIGKILL", // Can be string name or signal number
+});
+```
+
+The `killSignal` option also controls which signal is sent when an AbortSignal is aborted.
+
 ## Inter-process communication (IPC)
 
 Bun supports direct inter-process communication channel between two `bun` processes. To receive messages from a spawned Bun subprocess, specify an `ipc` handler.
@@ -233,11 +302,17 @@ process.send("Hello from child as string");
 process.send({ message: "Hello from child as object" });
 ```
 
-The `ipcMode` option controls the underlying communication format between the two processes:
+The `serialization` option controls the underlying communication format between the two processes:
 
 - `advanced`: (default) Messages are serialized using the JSC `serialize` API, which supports cloning [everything `structuredClone` supports](https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API/Structured_clone_algorithm). This does not support transferring ownership of objects.
 - `json`: Messages are serialized using `JSON.stringify` and `JSON.parse`, which does not support as many object types as `advanced` does.
 
+To disconnect the IPC channel from the parent process, call:
+
+```ts
+childProc.disconnect();
+```
+
 ### IPC between Bun & Node.js
 
 To use IPC between a `bun` process and a Node.js process, set `serialization: "json"` in `Bun.spawn`. This is because Node.js and Bun use different JavaScript engines with different object serialization formats.
@@ -310,7 +385,7 @@ spawnSync echo hi    1.47 ms/iter     (1.14 ms … 2.64 ms)   1.57 ms   2.37 ms
 
 ## Reference
 
-A simple reference of the Spawn API and types are shown below. The real types have complex generics to strongly type the `Subprocess` streams with the options passed to `Bun.spawn` and `Bun.spawnSync`. For full details, find these types as defined [bun.d.ts](https://github.com/oven-sh/bun/blob/main/packages/bun-types/bun.d.ts).
+A reference of the Spawn API and types are shown below. The real types have complex generics to strongly type the `Subprocess` streams with the options passed to `Bun.spawn` and `Bun.spawnSync`. For full details, find these types as defined [bun.d.ts](https://github.com/oven-sh/bun/blob/main/packages/bun-types/bun.d.ts).
 
 ```ts
 interface Bun {
@@ -329,16 +404,25 @@ interface Bun {
 namespace SpawnOptions {
   interface OptionsObject {
     cwd?: string;
-    env?: Record<string, string>;
-    stdin?: SpawnOptions.Readable;
-    stdout?: SpawnOptions.Writable;
-    stderr?: SpawnOptions.Writable;
-    onExit?: (
-      proc: Subprocess,
+    env?: Record<string, string | undefined>;
+    stdio?: [Writable, Readable, Readable];
+    stdin?: Writable;
+    stdout?: Readable;
+    stderr?: Readable;
+    onExit?(
+      subprocess: Subprocess,
       exitCode: number | null,
-      signalCode: string | null,
-      error: Error | null,
-    ) => void;
+      signalCode: number | null,
+      error?: ErrorLike,
+    ): void | Promise<void>;
+    ipc?(message: any, subprocess: Subprocess): void;
+    serialization?: "json" | "advanced";
+    windowsHide?: boolean;
+    windowsVerbatimArguments?: boolean;
+    argv0?: string;
+    signal?: AbortSignal;
+    timeout?: number;
+    killSignal?: string | number;
   }
 
   type Readable =
@@ -366,39 +450,62 @@ namespace SpawnOptions {
     | Request;
 }
 
-interface Subprocess<Stdin, Stdout, Stderr> {
+interface Subprocess extends AsyncDisposable {
+  readonly stdin: FileSink | number | undefined;
+  readonly stdout: ReadableStream<Uint8Array> | number | undefined;
+  readonly stderr: ReadableStream<Uint8Array> | number | undefined;
+  readonly readable: ReadableStream<Uint8Array> | number | undefined;
   readonly pid: number;
-  // the exact stream types here are derived from the generic parameters
-  readonly stdin: number | ReadableStream | FileSink | undefined;
-  readonly stdout: number | ReadableStream | undefined;
-  readonly stderr: number | ReadableStream | undefined;
-
   readonly exited: Promise<number>;
-
-  readonly exitCode: number | undefined;
-  readonly signalCode: Signal | null;
+  readonly exitCode: number | null;
+  readonly signalCode: NodeJS.Signals | null;
   readonly killed: boolean;
 
+  kill(exitCode?: number | NodeJS.Signals): void;
   ref(): void;
   unref(): void;
-  kill(code?: number): void;
+
+  send(message: any): void;
+  disconnect(): void;
+  resourceUsage(): ResourceUsage | undefined;
 }
 
-interface SyncSubprocess<Stdout, Stderr> {
-  readonly pid: number;
-  readonly success: boolean;
-  // the exact buffer types here are derived from the generic parameters
-  readonly stdout: Buffer | undefined;
-  readonly stderr: Buffer | undefined;
+interface SyncSubprocess {
+  stdout: Buffer | undefined;
+  stderr: Buffer | undefined;
+  exitCode: number;
+  success: boolean;
+  resourceUsage: ResourceUsage;
+  signalCode?: string;
+  exitedDueToTimeout?: true;
+  pid: number;
 }
 
-type ReadableSubprocess = Subprocess<any, "pipe", "pipe">;
-type WritableSubprocess = Subprocess<"pipe", any, any>;
-type PipedSubprocess = Subprocess<"pipe", "pipe", "pipe">;
-type NullSubprocess = Subprocess<null, null, null>;
+interface ResourceUsage {
+  contextSwitches: {
+    voluntary: number;
+    involuntary: number;
+  };
 
-type ReadableSyncSubprocess = SyncSubprocess<"pipe", "pipe">;
-type NullSyncSubprocess = SyncSubprocess<null, null>;
+  cpuTime: {
+    user: number;
+    system: number;
+    total: number;
+  };
+  maxRSS: number;
+
+  messages: {
+    sent: number;
+    received: number;
+  };
+  ops: {
+    in: number;
+    out: number;
+  };
+  shmSize: number;
+  signalCount: number;
+  swapCount: number;
+}
 
 type Signal =
   | "SIGABRT"

docs/api/tcp.md

@@ -11,7 +11,7 @@ Bun.listen({
   socket: {
     data(socket, data) {}, // message received from client
     open(socket) {}, // socket opened
-    close(socket) {}, // socket closed
+    close(socket, error) {}, // socket closed
     drain(socket) {}, // socket ready for more data
     error(socket, error) {}, // error handler
   },
@@ -30,7 +30,7 @@ Bun.listen({
     open(socket) {},
     data(socket, data) {},
     drain(socket) {},
-    close(socket) {},
+    close(socket, error) {},
     error(socket, error) {},
   },
 });
@@ -122,7 +122,7 @@ const socket = await Bun.connect({
   socket: {
     data(socket, data) {},
     open(socket) {},
-    close(socket) {},
+    close(socket, error) {},
     drain(socket) {},
     error(socket, error) {},
 

docs/bundler/css_modules.md

@@ -0,0 +1,145 @@
+# CSS Modules
+
+Bun's bundler also supports bundling [CSS modules](https://css-tricks.com/css-modules-part-1-need/) in addition to [regular CSS](/docs/bundler/css) with support for the following features:
+
+- Automatically detecting CSS module files (`.module.css`) with zero configuration
+- Composition (`composes` property)
+- Importing CSS modules into JSX/TSX
+- Warnings/errors for invalid usages of CSS modules
+
+A CSS module is a CSS file (with the `.module.css` extension) where are all class names and animations are scoped to the file. This helps you avoid class name collisions as CSS declarations are globally scoped by default.
+
+Under the hood, Bun's bundler transforms locally scoped class names into unique identifiers.
+
+## Getting started
+
+Create a CSS file with the `.module.css` extension:
+
+```css
+/* styles.module.css */
+.button {
+  color: red;
+}
+
+/* other-styles.module.css */
+.button {
+  color: blue;
+}
+```
+
+You can then import this file, for example into a TSX file:
+
+```tsx
+import styles from "./styles.module.css";
+import otherStyles from "./other-styles.module.css";
+
+export default function App() {
+  return (
+    <>
+      <button className={styles.button}>Red button!</button>
+      <button className={otherStyles.button}>Blue button!</button>
+    </>
+  );
+}
+```
+
+The `styles` object from importing the CSS module file will be an object with all class names as keys and
+their unique identifiers as values:
+
+```tsx
+import styles from "./styles.module.css";
+import otherStyles from "./other-styles.module.css";
+
+console.log(styles);
+console.log(otherStyles);
+```
+
+This will output:
+
+```ts
+{
+  button: "button_123";
+}
+
+{
+  button: "button_456";
+}
+```
+
+As you can see, the class names are unique to each file, avoiding any collisions!
+
+### Composition
+
+CSS modules allow you to _compose_ class selectors together. This lets you reuse style rules across multiple classes.
+
+For example:
+
+```css
+/* styles.module.css */
+.button {
+  composes: background;
+  color: red;
+}
+
+.background {
+  background-color: blue;
+}
+```
+
+Would be the same as writing:
+
+```css
+.button {
+  background-color: blue;
+  color: red;
+}
+
+.background {
+  background-color: blue;
+}
+```
+
+{% callout %}
+There are a couple rules to keep in mind when using `composes`:
+
+- A `composes` property must come before any regular CSS properties or declarations
+- You can only use `composes` on a **simple selector with a single class name**:
+
+```css
+#button {
+  /* Invalid! `#button` is not a class selector */
+  composes: background;
+}
+
+.button,
+.button-secondary {
+  /* Invalid! `.button, .button-secondary` is not a simple selector */
+  composes: background;
+}
+```
+
+{% /callout %}
+
+### Composing from a separate CSS module file
+
+You can also compose from a separate CSS module file:
+
+```css
+/* background.module.css */
+.background {
+  background-color: blue;
+}
+
+/* styles.module.css */
+.button {
+  composes: background from "./background.module.css";
+  color: red;
+}
+```
+
+{% callout %}
+When composing classes from separate files, be sure that they do not contain the same properties.
+
+The CSS module spec says that composing classes from separate files with conflicting properties is
+undefined behavior, meaning that the output may differ and be unreliable.
+{% /callout %}

docs/bundler/fullstack.md

@@ -309,5 +309,4 @@ This works similarly to how [`Bun.build` processes HTML files](/docs/bundler/htm
 
 ## This is a work in progress
 
-- ~Client-side hot reloading isn't wired up yet. It will be in the future.~ New in Bun v1.2.3
 - This doesn't support `bun build` yet. It also will in the future.

docs/bundler/hmr.md

@@ -0,0 +1,234 @@
+Hot Module Replacement (HMR) allows you to update modules in a running
+application without needing a full page reload. This preserves the application
+state and improves the development experience.
+
+HMR is enabled by default when using Bun's full-stack development server.
+
+## `import.meta.hot` API Reference
+
+Bun implements a client-side HMR API modeled after [Vite's `import.meta.hot` API](https://vitejs.dev/guide/api-hmr.html). It can be checked for with `if (import.meta.hot)`, tree-shaking it in production
+
+```ts
+if (import.meta.hot) {
+  // HMR APIs are available.
+}
+```
+
+However, **this check is often not needed** as Bun will dead-code-eliminate
+calls to all of the HMR APIs in production builds.
+
+```ts
+// This entire function call will be removed in production!
+import.meta.hot.dispose(() => {
+  console.log("dispose");
+});
+```
+
+For this to work, Bun forces these APIs to be called without indirection. That means the following do not work:
+
+```ts#invalid-hmr-usage.ts
+// INVALID: Assigning `hot` to a variable
+const hot = import.meta.hot;
+hot.accept();
+
+// INVALID: Assigning `import.meta` to a variable
+const meta = import.meta;
+meta.hot.accept();
+console.log(meta.hot.data);
+
+// INVALID: Passing to a function
+doSomething(import.meta.hot.dispose);
+
+// OK: The full phrase "import.meta.hot.<API>" must be called directly:
+import.meta.hot.accept();
+
+// OK: `data` can be passed to functions:
+doSomething(import.meta.hot.data);
+```
+
+{% callout %}
+
+**Note** — The HMR API is still a work in progress. Some features are missing. HMR can be disabled in `Bun.serve` by setting the `development` option to `{ hmr: false }`.
+
+{% endcallout %}
+
+|     | Method             | Notes                                                                 |
+| --- | ------------------ | --------------------------------------------------------------------- |
+| ✅  | `hot.accept()`     | Indicate that a hot update can be replaced gracefully.                |
+| ✅  | `hot.data`         | Persist data between module evaluations.                              |
+| ✅  | `hot.dispose()`    | Add a callback function to run when a module is about to be replaced. |
+| ❌  | `hot.invalidate()` |                                                                       |
+| ✅  | `hot.on()`         | Attach an event listener                                              |
+| ✅  | `hot.off()`        | Remove an event listener from `on`.                                   |
+| ❌  | `hot.send()`       |                                                                       |
+| 🚧  | `hot.prune()`      | **NOTE**: Callback is currently never called.                         |
+| ✅  | `hot.decline()`    | No-op to match Vite's `import.meta.hot`                               |
+
+### `import.meta.hot.accept()`
+
+The `accept()` method indicates that a module can be hot-replaced. When called
+without arguments, it indicates that this module can be replaced simply by
+re-evaluating the file. After a hot update, importers of this module will be
+automatically patched.
+
+```ts#index.ts
+import { getCount } from "./foo.ts";
+
+console.log("count is ", getCount());
+
+import.meta.hot.accept();
+
+export function getNegativeCount() {
+  return -getCount();
+}
+```
+
+This creates a hot-reloading boundary for all of the files that `index.ts`
+imports. That means whenever `foo.ts` or any of its dependencies are saved, the
+update will bubble up to `index.ts` will re-evaluate. Files that import
+`index.ts` will then be patched to import the new version of
+`getNegativeCount()`. If only `index.ts` is updated, only the one file will be
+re-evaluated, and the counter in `foo.ts` is reused.
+
+This may be used in combination with `import.meta.hot.data` to transfer state
+from the previous module to the new one.
+
+When no modules call `import.meta.hot.accept()` (and there isn't React Fast
+Refresh or a plugin calling it for you), the page will reload when the file
+updates, and a console warning shows which files were invalidated. This warning
+is safe to ignore if it makes more sense to rely on full page reloads.
+
+#### With callback
+
+When provided one callback, `import.meta.hot.accept` will function how it does
+in Vite. Instead of patching the importers of this module, it will call the
+callback with the new module.
+
+```ts
+export const count = 0;
+
+import.meta.hot.accept(newModule => {
+  if (newModule) {
+    // newModule is undefined when SyntaxError happened
+    console.log("updated: count is now ", newModule.count);
+  }
+});
+```
+
+Prefer using `import.meta.hot.accept()` without an argument as it usually makes your code easier to understand.
+
+#### Accepting other modules
+
+```ts
+import { count } from "./foo";
+
+import.meta.hot.accept("./foo", () => {
+  if (!newModule) return;
+
+  console.log("updated: count is now ", count);
+});
+```
+
+Indicates that a dependency's module can be accepted. When the dependency is updated, the callback will be called with the new module.
+
+#### With multiple dependencies
+
+```ts
+import.meta.hot.accept(["./foo", "./bar"], newModules => {
+  // newModules is an array where each item corresponds to the updated module
+  // or undefined if that module had a syntax error
+});
+```
+
+Indicates that multiple dependencies' modules can be accepted. This variant accepts an array of dependencies, where the callback will receive the updated modules, and `undefined` for any that had errors.
+
+### `import.meta.hot.data`
+
+`import.meta.hot.data` maintains state between module instances during hot
+replacement, enabling data transfer from previous to new versions. When
+`import.meta.hot.data` is written into, Bun will also mark this module as
+capable of self-accepting (equivalent of calling `import.meta.hot.accept()`).
+
+```ts
+import { createRoot } from "react-dom/client";
+import { App } from "./app";
+
+const root = import.meta.hot.data.root ??= createRoot(elem);
+root.render(<App />); // re-use an existing root
+```
+
+In production, `data` is inlined to be `{}`, meaning it cannot be used as a state holder.
+
+The above pattern is recommended for stateful modules because Bun knows it can minify `{}.prop ??= value` into `value` in production.
+
+### `import.meta.hot.dispose()`
+
+Attaches an on-dispose callback. This is called:
+
+- Just before the module is replaced with another copy (before the next is loaded)
+- After the module is detached (removing all imports to this module, see `import.meta.hot.prune()`)
+
+```ts
+const sideEffect = setupSideEffect();
+
+import.meta.hot.dispose(() => {
+  sideEffect.cleanup();
+});
+```
+
+This callback is not called on route navigation or when the browser tab closes.
+
+Returning a promise will delay module replacement until the module is disposed.
+All dispose callbacks are called in parallel.
+
+### `import.meta.hot.prune()`
+
+Attaches an on-prune callback. This is called when all imports to this module
+are removed, but the module was previously loaded.
+
+This can be used to clean up resources that were created when the module was
+loaded. Unlike `import.meta.hot.dispose()`, this pairs much better with `accept`
+and `data` to manage stateful resources. A full example managing a `WebSocket`:
+
+```ts
+import { something } from "./something";
+
+// Initialize or re-use a WebSocket connection
+export const ws = (import.meta.hot.data.ws ??= new WebSocket(location.origin));
+
+// If the module's import is removed, clean up the WebSocket connection.
+import.meta.hot.prune(() => {
+  ws.close();
+});
+```
+
+If `dispose` was used instead, the WebSocket would close and re-open on every
+hot update. Both versions of the code will prevent page reloads when imported
+files are updated.
+
+### `import.meta.hot.on()` and `off()`
+
+`on()` and `off()` are used to listen for events from the HMR runtime. Event names are prefixed with a prefix so that plugins do not conflict with each other.
+
+```ts
+import.meta.hot.on("bun:beforeUpdate", () => {
+  console.log("before a hot update");
+});
+```
+
+When a file is replaced, all of its event listeners are automatically removed.
+
+A list of all built-in events:
+
+| Event                  | Emitted when                                                                                    |
+| ---------------------- | ----------------------------------------------------------------------------------------------- |
+| `bun:beforeUpdate`     | before a hot update is applied.                                                                 |
+| `bun:afterUpdate`      | after a hot update is applied.                                                                  |
+| `bun:beforeFullReload` | before a full page reload happens.                                                              |
+| `bun:beforePrune`      | before prune callbacks are called.                                                              |
+| `bun:invalidate`       | when a module is invalidated with `import.meta.hot.invalidate()`                                |
+| `bun:error`            | when a build or runtime error occurs                                                            |
+| `bun:ws:disconnect`    | when the HMR WebSocket connection is lost. This can indicate the development server is offline. |
+| `bun:ws:connect`       | when the HMR WebSocket connects or re-connects.                                                 |
+
+For compatibility with Vite, the above events are also available via `vite:*` prefix instead of `bun:*`.

docs/bundler/loaders.md

@@ -4,6 +4,12 @@ The Bun bundler implements a set of default loaders out of the box. As a rule of
 
 Bun uses the file extension to determine which built-in _loader_ should be used to parse the file. Every loader has a name, such as `js`, `tsx`, or `json`. These names are used when building [plugins](https://bun.sh/docs/bundler/plugins) that extend Bun with custom loaders.
 
+You can explicitly specify which loader to use using the 'loader' import attribute.
+
+```ts
+import my_toml from "./my_file" with { loader: "toml" };
+```
+
 ## Built-in loaders
 
 ### `js`

docs/cli/publish.md

@@ -82,6 +82,11 @@ The `--dry-run` flag can be used to simulate the publish process without actuall
 $ bun publish --dry-run
 ```
 
+### `--gzip-level`
+
+Specify the level of gzip compression to use when packing the package. Only applies to `bun publish` without a tarball path argument. Values range from `0` to `9` (default is `9`).
+{% bunCLIUsage command="publish" /%}
+
 ### `--auth-type`
 
 If you have 2FA enabled for your npm account, `bun publish` will prompt you for a one-time password. This can be done through a browser or the CLI. The `--auth-type` flag can be used to tell the npm registry which method you prefer. The possible values are `web` and `legacy`, with `web` being the default.
@@ -102,7 +107,6 @@ Provide a one-time password directly to the CLI. If the password is valid, this
 $ bun publish --otp 123456
 ```
 
-### `--gzip-level`
-
-Specify the level of gzip compression to use when packing the package. Only applies to `bun publish` without a tarball path argument. Values range from `0` to `9` (default is `9`).
-{% bunCLIUsage command="publish" /%}
+{% callout %}
+**Note** - `bun publish` respects the `NPM_CONFIG_TOKEN` environment variable which can be used when publishing in github actions or automated workflows.
+{% /callout %}

docs/nav.ts

@@ -215,12 +215,19 @@ export default {
     page("bundler", "`Bun.build`", {
       description: "Bundle code for consumption in the browser with Bun's native bundler.",
     }),
-    page("bundler/html", "Bundle frontend & static sites", {
+    page("bundler/html", "HTML & static sites", {
       description: `Zero-config HTML bundler for single-page apps and multi-page apps. Automatic bundling, TailwindCSS plugins, TypeScript, JSX, React support, and incredibly fast builds`,
     }),
+    page("bundler/css", "CSS", {
+      description: `Production ready CSS bundler with support for modern CSS features, CSS modules, and more.`,
+    }),
     page("bundler/fullstack", "Fullstack Dev Server", {
       description: "Serve your frontend and backend from the same app with Bun's dev server.",
     }),
+    page("bundler/hmr", "Hot reloading", {
+      description: `Update modules in a running application without reloading the page using import.meta.hot`,
+    }),
+
     page("bundler/loaders", "Loaders", {
       description: "Bun's built-in loaders for the bundler and runtime",
     }),

docs/runtime/nodejs-apis.md

@@ -174,7 +174,7 @@ Some methods are not optimized yet.
 
 ### [`node:test`](https://nodejs.org/api/test.html)
 
-🔴 Not implemented. Use [`bun:test`](https://bun.sh/docs/cli/test) instead.
+🟡 Partly implemented. Missing mocks, snapshots, timers. Use [`bun:test`](https://bun.sh/docs/cli/test) instead.
 
 ### [`node:trace_events`](https://nodejs.org/api/tracing.html)
 
@@ -346,7 +346,7 @@ The table below lists all globals implemented by Node.js and Bun's current compa
 
 ### [`process`](https://nodejs.org/api/process.html)
 
-🟡 Mostly implemented. `process.binding` (internal Node.js bindings some packages rely on) is partially implemented. `process.title` is a currently a no-op on macOS & Linux. `getActiveResourcesInfo` `setActiveResourcesInfo`, `getActiveResources` and `setSourceMapsEnabled` are stubs. Newer APIs like `process.loadEnvFile` and `process.getBuiltinModule` are not implemented yet.
+🟡 Mostly implemented. `process.binding` (internal Node.js bindings some packages rely on) is partially implemented. `process.title` is currently a no-op on macOS & Linux. `getActiveResourcesInfo` `setActiveResourcesInfo`, `getActiveResources` and `setSourceMapsEnabled` are stubs. Newer APIs like `process.loadEnvFile` and `process.getBuiltinModule` are not implemented yet.
 
 ### [`queueMicrotask()`](https://developer.mozilla.org/en-US/docs/Web/API/queueMicrotask)
 

docs/runtime/plugins.md

@@ -329,7 +329,7 @@ await Bun.build({
 
 {% callout %}
 
-**NOTE**: Plugin lifcycle callbacks (`onStart()`, `onResolve()`, etc.) do not have the ability to modify the `build.config` object in the `setup()` function. If you want to mutate `build.config`, you must do so directly in the `setup()` function:
+**NOTE**: Plugin lifecycle callbacks (`onStart()`, `onResolve()`, etc.) do not have the ability to modify the `build.config` object in the `setup()` function. If you want to mutate `build.config`, you must do so directly in the `setup()` function:
 
 ```ts
 await Bun.build({
@@ -400,7 +400,7 @@ type Loader = "js" | "jsx" | "ts" | "tsx" | "css" | "json" | "toml" | "object";
 
 ### Namespaces
 
-`onLoad` and `onResolve` accept an optional `namespace` string. What is a namespaace?
+`onLoad` and `onResolve` accept an optional `namespace` string. What is a namespace?
 
 Every module has a namespace. Namespaces are used to prefix the import in transpiled code; for instance, a loader with a `filter: /\.yaml$/` and `namespace: "yaml:"` will transform an import from `./myfile.yaml` into `yaml:./myfile.yaml`.
 

misctools/lldb/lldb_commands

@@ -1,13 +0,0 @@
-# Tell LLDB what to do when the debugged process receives SIGPWR: pass it through to the process
-# (-p), but do not stop the process (-s) or notify the user (-n).
-#
-# JSC's garbage collector sends this signal (as configured by Bun WebKit in
-# Thread::initializePlatformThreading() in ThreadingPOSIX.cpp) to the JS thread to suspend or resume
-# it. So stopping the process would just create noise when debugging any long-running script.
-process handle -p true -s false -n false SIGPWR
-
-command script import misctools/lldb/lldb_pretty_printers.py
-type category enable zig.lang
-type category enable zig.std
-
-command script import misctools/lldb/lldb_webkit.py

misctools/lldb/lldb_webkit.py

@@ -329,7 +329,7 @@ def btjs(debugger, command, result, internal_dict):
     addressFormat = '#0{width}x'.format(width=target.GetAddressByteSize() * 2 + 2)
     process = target.GetProcess()
     thread = process.GetSelectedThread()
-    jscModule = target.module["JavaScriptCore"]
+    jscModule = target.module["JavaScriptCore"] or target.module["bun"] or target.module["bun-debug"]
 
     if jscModule.FindSymbol("JSC::CallFrame::describeFrame").GetSize() or jscModule.FindSymbol("_ZN3JSC9CallFrame13describeFrameEv").GetSize():
         annotateJSFrames = True

package.json

@@ -1,7 +1,7 @@
 {
   "private": true,
   "name": "bun",
-  "version": "1.2.5",
+  "version": "1.2.6",
   "workspaces": [
     "./packages/bun-types"
   ],

packages/bun-plugin-svelte/README.md

@@ -8,7 +8,7 @@ The official [Svelte](https://svelte.dev/) plugin for [Bun](https://bun.sh/).
 ## Installation
 
 ```sh
-bun add -D bun-plugin-svelte
+$ bun add -D bun-plugin-svelte
 ```
 
 ## Dev Server Usage
@@ -16,52 +16,25 @@ bun add -D bun-plugin-svelte
 `bun-plugin-svelte` integrates with Bun's [Fullstack Dev Server](https://bun.sh/docs/bundler/fullstack), giving you
 HMR when developing your Svelte app.
 
-```html
-<!-- index.html -->
-<html>
-  <head>
-    <script type="module" src="./index.ts"></script>
-  </head>
-  <body>
-    <div id="root"></div>
-  </body>
-</html>
+Start by registering it in your [bunfig.toml](https://bun.sh/docs/runtime/bunfig):
+
+```toml
+[serve.static]
+plugins = ["bun-plugin-svelte"]
 ```
 
-```ts
-// index.ts
+Then start your dev server:
 
-import { mount, unmount } from "svelte";
-import App from "./App.svelte";
-
-// mount the application entrypoint to the DOM
-const root = document.getElementById("root")!;
-const app = mount(App, { target: root });
+```
+$ bun index.html
 ```
 
-```svelte
-<!-- App.svelte -->
-
-<script lang="ts">
-  // out-of-the-box typescript support
-  let name: string = "Bun";
-</script>
-
-<main class="app">
-  <h1>Cookin up apps with {name}</h1>
-</main>
-
-<style>
-  h1 {
-      color: #ff3e00;
-      text-align: center;
-      font-size: 2em;
-  }
-</style>
-```
+See the [example](https://github.com/oven-sh/bun/tree/main/packages/bun-plugin-svelte/example) for a complete example.
 
 ## Bundler Usage
 
+`bun-plugin-svelte` lets you bundle Svelte components with [`Bun.build`](https://bun.sh/docs/bundler).
+
 ```ts
 // build.ts
 // to use: bun run build.ts
@@ -70,7 +43,7 @@ import { SveltePlugin } from "bun-plugin-svelte"; // NOTE: not published to npm
 Bun.build({
   entrypoints: ["src/index.ts"],
   outdir: "dist",
-  target: "browser", // use "bun" or "node" to use Svelte components server-side
+  target: "browser",
   sourcemap: true, // sourcemaps not yet supported
   plugins: [
     SveltePlugin({
@@ -84,3 +57,13 @@ Bun.build({
 
 `bun-plugin-svelte` does not yet support server-side imports (e.g. for SSR).
 This will be added in the near future.
+
+## Not Yet Supported
+
+Support for these features will be added in the near future
+
+- Server-side imports/rendering
+- Source maps
+- CSS extensions (e.g. tailwind) in `<style>` blocks
+- TypeScript-specific features (e.g. enums and namespaces). If you're using
+  TypeScript 5.8, consider enabling [`--erasableSyntaxOnly`](https://devblogs.microsoft.com/typescript/announcing-typescript-5-8-beta/#the---erasablesyntaxonly-option)

packages/bun-plugin-svelte/example/App.svelte

@@ -0,0 +1,311 @@
+<script lang="ts">
+  import FeatureCard from "./FeatureCard.svelte";
+
+  const links = [
+    { text: "Bun Documentation", url: "https://bun.sh/docs" },
+    { text: "Svelte Documentation", url: "https://svelte.dev/docs" },
+    { text: "GitHub", url: "https://github.com/oven-sh/bun/tree/main/packages/bun-plugin-svelte" },
+  ];
+</script>
+
+<main>
+  <div class="hero">
+    <div class="logo-container">
+      <a href="https://bun.sh" class="bun-logo">
+        <img
+          src="https://github.com/user-attachments/assets/50282090-adfd-4ddb-9e27-c30753c6b161"
+          alt="Bun Logo"
+          height="42"
+        />
+      </a>
+    </div>
+    <h1><span class="highlight">bun-plugin-svelte</span></h1>
+    <p class="tagline">The official Svelte plugin for <a href="https://bun.sh" target="_blank">Bun</a></p>
+
+    <div class="cta-buttons">
+      <a href="https://bun.sh/docs/bundler/html" class="button primary">🚀 Get Started</a>
+      <a href="https://github.com/oven-sh/bun/tree/main/packages/bun-plugin-svelte/example" class="button secondary"
+        >👀 View Examples</a
+      >
+    </div>
+  </div>
+
+  <section class="usage">
+    <h2>🏃‍➡️ Quick Start</h2>
+
+    <div class="flex-grid">
+      <div>
+        <h3>1. Install from <a href="https://npmjs.com/package/bun-plugin-svelte" target="_blank">NPM</a></h3>
+        <pre><code class="language-bash">bun add -D bun-plugin-svelte</code></pre>
+      </div>
+      <div>
+        <h3>2. Add it to your <a href="https://bun.sh/docs/runtime/bunfig" target="_blank">bunfig.toml</a></h3>
+        <pre><code class="language-toml">
+[serve.static]
+plugins = ["bun-plugin-svelte"];
+        </code></pre>
+      </div>
+    </div>
+  </section>
+
+  <section class="features">
+    <h2>✨ Features</h2>
+    <div class="feature-grid">
+      <FeatureCard title="🔥 HMR Support" link="https://bun.sh/docs/bundler/html">
+        Integrates with Bun's Fullstack Dev Server for hot module replacement
+      </FeatureCard>
+      <FeatureCard title="📦 Bundling" link="https://bun.sh/docs/bundler">
+        Bundle Svelte components with <a href="https://bun.sh/docs/bundler">Bun.build</a>
+      </FeatureCard>
+    </div>
+
+    <section class="resources">
+      <h2>📖 Resources</h2>
+      <ul class="resource-links">
+        {#each links as link}
+          <li><a href={link.url} target="_blank" rel="noopener noreferrer">{link.text}</a></li>
+        {/each}
+      </ul>
+    </section>
+
+    <footer>
+      <p>Made with ❤️ by the Bun team</p>
+    </footer>
+  </section>
+</main>
+
+<style>
+  :global(body) {
+    margin: 0;
+    padding: 0;
+    font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans",
+      "Helvetica Neue", sans-serif;
+    background-color: #f9f9f9;
+    color: #333;
+  }
+  :global(a) {
+    color: #ff3e00;
+    text-decoration: none;
+    position: relative;
+  }
+
+  :global(a::after) {
+    content: "";
+    position: absolute;
+    width: 100%;
+    height: 1px;
+    bottom: 0;
+    left: 0;
+    background-color: #ff3e00;
+    transform: scaleX(0);
+    transform-origin: bottom right;
+    transition: transform 0.3s ease-out;
+  }
+
+  :global(a:hover::after) {
+    transform: scaleX(1);
+    transform-origin: bottom left;
+  }
+
+  :global(a:visited) {
+    color: #ff3e00;
+  }
+
+  :global(pre > code.hljs) {
+    padding: 0;
+  }
+
+  main {
+    max-width: 1200px;
+    margin: 0 auto;
+    padding: 2rem;
+  }
+
+  .hero {
+    text-align: center;
+    padding: 3rem 1rem;
+    margin-bottom: 2rem;
+    display: flex;
+    flex-direction: column;
+  }
+
+  .logo-container {
+    margin-bottom: 1.5rem;
+    margin: auto 25%;
+  }
+
+  .bun-logo {
+    display: block;
+    transition: transform 0.3s ease;
+  }
+
+  .bun-logo:hover {
+    transform: scale(1.05);
+  }
+
+  .bun-logo img {
+    max-width: 33vw;
+    height: auto;
+  }
+
+  h1 {
+    font-size: 2.5rem;
+    margin-bottom: 0.5rem;
+  }
+
+  .highlight {
+    color: #ff3e00;
+    font-weight: bold;
+  }
+
+  /* Don't apply the underline effect to buttons and resource links */
+  .button::after,
+  .resource-links li a::after,
+  .bun-logo::after {
+    display: none;
+  }
+
+  .tagline {
+    font-size: 1.2rem;
+    color: #666;
+    margin-bottom: 2rem;
+  }
+
+  .cta-buttons {
+    display: flex;
+    justify-content: center;
+    gap: 1rem;
+    margin-bottom: 2rem;
+  }
+
+  .button {
+    display: inline-block;
+    padding: 0.8rem 1.5rem;
+    border-radius: 4px;
+    text-decoration: none;
+    font-weight: 600;
+    transition: all 0.2s ease;
+  }
+
+  .button.primary {
+    background-color: #ff3e00;
+    color: white;
+    box-shadow: 0 2px 10px rgba(255, 62, 0, 0.2);
+  }
+
+  .button.primary:hover {
+    background-color: #e63600;
+    transform: translateY(-2px);
+    box-shadow: 0 4px 12px rgba(255, 62, 0, 0.3);
+  }
+
+  .button.secondary {
+    background-color: #f0f0f0;
+    color: #333;
+    box-shadow: 0 2px 10px rgba(0, 0, 0, 0.1);
+  }
+
+  .button.secondary:hover {
+    background-color: #e6e6e6;
+    transform: translateY(-2px);
+    box-shadow: 0 4px 12px rgba(0, 0, 0, 0.15);
+  }
+
+  section {
+    margin-bottom: 3rem;
+    padding: 2rem;
+    background-color: white;
+    border-radius: 8px;
+    box-shadow: 0 2px 15px rgba(0, 0, 0, 0.05);
+  }
+
+  h2 {
+    font-size: 1.8rem;
+    margin-bottom: 1.5rem;
+    color: #333;
+    border-bottom: 2px solid #f0f0f0;
+    padding-bottom: 0.5rem;
+  }
+
+  .flex-grid {
+    display: flex;
+    gap: 1.5rem;
+  }
+  .flex-grid > div {
+    flex: 1;
+  }
+
+  .feature-grid {
+    display: grid;
+    grid-template-columns: repeat(auto-fit, minmax(240px, 1fr));
+    gap: 1.5rem;
+    margin-bottom: 2rem;
+  }
+
+  pre {
+    background-color: #f5f5f5;
+    padding: 1rem;
+    border-radius: 4px;
+    overflow-x: auto;
+    font-family: "SFMono-Regular", Consolas, "Liberation Mono", Menlo, monospace;
+    font-size: 0.9rem;
+    line-height: 1.5;
+  }
+
+  code {
+    color: #333;
+  }
+
+  .resource-links {
+    list-style: none;
+    padding: 0;
+    display: flex;
+    flex-wrap: wrap;
+    gap: 1rem;
+  }
+
+  .resource-links li a {
+    display: inline-block;
+    padding: 0.5rem 1rem;
+    background-color: #f5f5f5;
+    color: #333;
+    text-decoration: none;
+    border-radius: 4px;
+    transition: all 0.2s ease;
+  }
+
+  .resource-links li a:hover {
+    background-color: #ff3e00;
+    color: white;
+    transform: translateY(-2px);
+  }
+
+  footer {
+    text-align: center;
+    padding: 2rem 0;
+    color: #666;
+    font-size: 0.9rem;
+  }
+
+  @media (max-width: 768px) {
+    .feature-grid {
+      grid-template-columns: 1fr;
+    }
+
+    .cta-buttons {
+      flex-direction: column;
+      align-items: center;
+    }
+
+    .button {
+      width: 100%;
+      max-width: 300px;
+      margin-bottom: 0.5rem;
+      text-align: center;
+    }
+
+    .resource-links {
+      flex-direction: column;
+    }
+  }
+</style>

packages/bun-plugin-svelte/example/FeatureCard.svelte

@@ -0,0 +1,28 @@
+<script lang="ts">
+  let { title, link, children } = $props();
+</script>
+
+<div class="feature-card">
+  <h3>
+    <a href={link}>
+      {title}
+    </a>
+  </h3>
+  <p>
+    {@render children()}
+  </p>
+</div>
+
+<style>
+  .feature-card {
+    padding: 1rem;
+    border-radius: 0.5rem;
+    background-color: #fff;
+    box-shadow: 0 2px 4px rgba(0, 0, 0, 0.1);
+    transition: transform 0.3s ease;
+  }
+
+  .feature-card h3 {
+    margin-bottom: 0.5rem;
+  }
+</style>

packages/bun-plugin-svelte/example/bunfig.toml

@@ -0,0 +1,2 @@
+[serve.static]
+plugins = ["bun-plugin-svelte"]

packages/bun-plugin-svelte/example/index.html

@@ -0,0 +1,25 @@
+<html>
+  <head>
+    <script type="module" src="./index.ts"></script>
+
+    <link rel="prefetch" href="https://bun.sh/docs/bundler/plugins" />
+    <link rel="preconnect" href="https://bun.sh" />
+    <link rel="preconnect" href="https://github.com" />
+
+    <link
+      rel="stylesheet"
+      href="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.9.0/build/styles/default.min.css"
+    />
+    <script src="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.9.0/build/highlight.min.js"></script>
+
+    <script src="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.9.0/build/languages/toml.min.js"></script>
+
+    <script>
+      hljs.highlightAll();
+    </script>
+  </head>
+
+  <body>
+    <div id="root"></div>
+  </body>
+</html>

packages/bun-plugin-svelte/example/index.ts

@@ -0,0 +1,29 @@
+import { mount, unmount } from "svelte";
+import App from "./App.svelte";
+
+declare global {
+  var didMount: boolean | undefined;
+  var hljs: any;
+}
+
+let app: Record<string, any> | undefined;
+
+// mount the application entrypoint to the DOM on first load. On subsequent hot
+// updates, the app will be unmounted and re-mounted via the accept handler.
+
+const root = document.getElementById("root")!;
+if (!globalThis.didMount) {
+  app = mount(App, { target: root });
+}
+globalThis.didMount = true;
+
+if (import.meta.hot) {
+  import.meta.hot.accept(async () => {
+    // avoid unmounting twice when another update gets accepted while outros are playing
+    if (!app) return;
+    const prevApp = app;
+    app = undefined;
+    await unmount(prevApp, { outro: true });
+    app = mount(App, { target: root });
+  });
+}

packages/bun-plugin-svelte/package.json

@@ -1,6 +1,14 @@
 {
   "name": "bun-plugin-svelte",
-  "version": "0.0.1",
+  "version": "0.0.5",
+  "description": "Official Svelte plugin for Bun",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/oven-sh/bun",
+    "directory": "packages/bun-plugin-svelte"
+  },
+  "homepage": "https://bun.sh",
+  "license": "MIT",
   "type": "module",
   "module": "src/index.ts",
   "index": "src/index.ts",
@@ -8,16 +16,18 @@
     ".": "./src/index.ts"
   },
   "scripts": {
+    "example": "bun --config=./example/bunfig.toml example/index.html",
     "lint": "oxlint .",
+    "fmt": "prettier --write .",
     "check:types": "tsc --noEmit",
     "build:types": "tsc --emitDeclarationOnly --declaration --declarationDir ./dist"
   },
   "devDependencies": {
     "bun-types": "canary",
-    "svelte": "^5.20.4"
+    "svelte": "^5.20.4",
+    "@threlte/core": "8.0.1"
   },
   "peerDependencies": {
-    "typescript": "^5",
     "svelte": "^5"
   },
   "files": [

packages/bun-plugin-svelte/src/index.ts

@@ -1,7 +1,13 @@
 import type { BunPlugin, BuildConfig, OnLoadResult } from "bun";
 import { basename } from "node:path";
 import { compile, compileModule } from "svelte/compiler";
-import { getBaseCompileOptions, validateOptions, type SvelteOptions, hash } from "./options";
+import {
+  getBaseCompileOptions,
+  validateOptions,
+  type SvelteOptions,
+  hash,
+  getBaseModuleCompileOptions,
+} from "./options";
 
 const kEmptyObject = Object.create(null);
 const virtualNamespace = "bun-svelte";
@@ -23,38 +29,52 @@ function SveltePlugin(options: SvelteOptions = kEmptyObject as SvelteOptions): B
   return {
     name: "bun-plugin-svelte",
     setup(builder) {
+      // resolve "svelte" export conditions
+      //
+      // FIXME: the dev server does not currently respect bundler configs; it
+      // just passes a fake one to plugins and then never uses it. we need to to
+      // update it to ~not~ do this.
+      if (builder?.config) {
+        var conditions = builder.config.conditions ?? [];
+        if (typeof conditions === "string") {
+          conditions = [conditions];
+        }
+        conditions.push("svelte");
+        builder.config.conditions = conditions;
+      }
+
       const { config = kEmptyObject as Partial<BuildConfig> } = builder;
       const baseCompileOptions = getBaseCompileOptions(options ?? (kEmptyObject as Partial<SvelteOptions>), config);
+      const baseModuleCompileOptions = getBaseModuleCompileOptions(
+        options ?? (kEmptyObject as Partial<SvelteOptions>),
+        config,
+      );
+
+      const ts = new Bun.Transpiler({
+        loader: "ts",
+        target: config.target,
+      });
 
       builder
-        .onLoad({ filter: /\.svelte(?:\.[tj]s)?$/ }, async args => {
+        .onLoad({ filter: /\.svelte$/ }, async function onLoadSvelte(args) {
           const { path } = args;
 
-          var isModule = false;
-
-          switch (path.substring(path.length - 2)) {
-            case "js":
-            case "ts":
-              isModule = true;
-              break;
-          }
-
           const sourceText = await Bun.file(path).text();
 
           const side =
             args && "side" in args // "side" only passed when run from dev server
               ? (args as { side: "client" | "server" }).side
               : "server";
-          const hmr = Boolean((args as { hmr?: boolean })["hmr"] ?? process.env.NODE_ENV !== "production");
           const generate = baseCompileOptions.generate ?? side;
 
-          const compileFn = isModule ? compileModule : compile;
-          const result = compileFn(sourceText, {
+          const hmr = Boolean((args as { hmr?: boolean })["hmr"] ?? process.env.NODE_ENV !== "production");
+          const result = compile(sourceText, {
             ...baseCompileOptions,
             generate,
             filename: args.path,
             hmr,
           });
+
           var { js, css } = result;
           if (css?.code && generate != "server") {
             const uid = `${basename(path)}-${hash(path)}-style`.replaceAll(`"`, `'`);
@@ -65,11 +85,37 @@ function SveltePlugin(options: SvelteOptions = kEmptyObject as SvelteOptions): B
 
           return {
             contents: result.js.code,
-            loader: "js",
+            loader: "ts",
           } satisfies OnLoadResult;
           // TODO: allow plugins to return multiple results.
           // TODO: support layered sourcemaps
         })
+        .onLoad({ filter: /\.svelte.[tj]s$/ }, async function onLoadSvelteModule(args) {
+          const { path } = args;
+
+          const side =
+            args && "side" in args // "side" only passed when run from dev server
+              ? (args as { side: "client" | "server" }).side
+              : "server";
+          const generate = baseModuleCompileOptions.generate ?? side;
+
+          var sourceText = await Bun.file(path).text();
+          if (path.endsWith(".ts")) {
+            sourceText = await ts.transform(sourceText);
+          }
+          const result = compileModule(sourceText, {
+            ...baseModuleCompileOptions,
+            generate,
+            filename: args.path,
+          });
+
+          // NOTE: we assume js/ts modules won't have CSS blocks in them, so no
+          // virtual modules get created.
+          return {
+            contents: result.js.code,
+            loader: "js",
+          };
+        })
         .onResolve({ filter: /^bun-svelte:/ }, args => {
           return {
             path: args.path,

packages/bun-plugin-svelte/src/options.ts

@@ -1,6 +1,6 @@
 import { strict as assert } from "node:assert";
-import type { BuildConfig } from "bun";
-import type { CompileOptions } from "svelte/compiler";
+import { type BuildConfig } from "bun";
+import type { CompileOptions, ModuleCompileOptions } from "svelte/compiler";
 
 export interface SvelteOptions {
   /**
@@ -44,8 +44,8 @@ export function validateOptions(options: unknown): asserts options is SvelteOpti
  * @internal
  */
 export function getBaseCompileOptions(pluginOptions: SvelteOptions, config: Partial<BuildConfig>): CompileOptions {
-  let { forceSide, development = false } = pluginOptions;
-  const { minify = false, target } = config;
+  let { development = false } = pluginOptions;
+  const { minify = false } = config;
 
   const shouldMinify = Boolean(minify);
   const {
@@ -60,6 +60,38 @@ export function getBaseCompileOptions(pluginOptions: SvelteOptions, config: Part
         identifiers: shouldMinify,
       };
 
+  const generate = generateSide(pluginOptions, config);
+
+  return {
+    css: "external",
+    generate,
+    preserveWhitespace: !minifyWhitespace,
+    preserveComments: !shouldMinify,
+    dev: development,
+    cssHash({ css }) {
+      // same prime number seed used by svelte/compiler.
+      // TODO: ensure this provides enough entropy
+      return `svelte-${hash(css)}`;
+    },
+  };
+}
+
+export function getBaseModuleCompileOptions(
+  pluginOptions: SvelteOptions,
+  config: Partial<BuildConfig>,
+): ModuleCompileOptions {
+  const { development = false } = pluginOptions;
+  const generate = generateSide(pluginOptions, config);
+  return {
+    dev: development,
+    generate,
+  };
+}
+
+function generateSide(pluginOptions: SvelteOptions, config: Partial<BuildConfig>) {
+  let { forceSide } = pluginOptions;
+  const { target } = config;
+
   if (forceSide == null && typeof target === "string") {
     switch (target) {
       case "browser":
@@ -73,19 +105,7 @@ export function getBaseCompileOptions(pluginOptions: SvelteOptions, config: Part
       // warn? throw?
     }
   }
-
-  return {
-    css: "external",
-    generate: forceSide,
-    preserveWhitespace: !minifyWhitespace,
-    preserveComments: !shouldMinify,
-    dev: development,
-    cssHash({ css }) {
-      // same prime number seed used by svelte/compiler.
-      // TODO: ensure this provides enough entropy
-      return `svelte-${hash(css)}`;
-    },
-  };
+  return forceSide;
 }
 
 export const hash = (content: string): string => Bun.hash(content, 5381).toString(36);

packages/bun-plugin-svelte/test/fixtures/svelte-export-condition.svelte

@@ -0,0 +1,17 @@
+<script>
+  import { Canvas } from "@threlte/core";
+  let name = "Bun";
+</script>
+
+<main class="app">
+  <h1>Cookin up apps with {name}</h1>
+  <Canvas />
+</main>
+
+<style>
+  h1 {
+    color: #ff3e00;
+    text-align: center;
+    font-size: 2em;
+  }
+</style>

packages/bun-plugin-svelte/test/fixtures/todo-cjs.svelte.ts

@@ -0,0 +1,15 @@
+class Todo {
+  title: string | undefined = $state();
+  done: boolean = $state(false);
+  createdAt: Date = $state(new Date());
+
+  constructor(title: string) {
+    this.title = title;
+  }
+
+  public toggle(): void {
+    this.done = !this.done;
+  }
+}
+
+module.exports = Todo;

packages/bun-plugin-svelte/test/fixtures/todo.svelte.ts

@@ -0,0 +1,13 @@
+export class Todo {
+  title: string | undefined = $state();
+  done: boolean = $state(false);
+  createdAt: Date = $state(new Date());
+
+  constructor(title: string) {
+    this.title = title;
+  }
+
+  public toggle(): void {
+    this.done = !this.done;
+  }
+}

packages/bun-plugin-svelte/test/fixtures/with-cjs.svelte

@@ -0,0 +1,25 @@
+<script lang="ts">
+  const Todo = require("./todo-cjs.svelte.ts");
+
+  let name = "World";
+  let todo: Todo = $state(new Todo("Hello World!"));
+</script>
+
+<main class="app">
+  <h1>Hello {todo.title}!</h1>
+  <!-- clicking calls toggle -->
+  <input type="checkbox" bind:checked={todo.done} />
+  <button onclick={todo.toggle}>Toggle</button>
+</main>
+
+<style>
+  h1 {
+    color: #ff3e00;
+    text-align: center;
+    font-size: 2em;
+    font-weight: 100;
+  }
+  .app {
+    box-sizing: border-box;
+  }
+</style>

packages/bun-plugin-svelte/test/fixtures/with-modules.svelte

@@ -0,0 +1,25 @@
+<script lang="ts">
+  import { Todo } from "./todo.svelte";
+
+  let name = "World";
+  let todo: Todo = $state(new Todo("Hello World!"));
+</script>
+
+<main class="app">
+  <h1>Hello {todo.title}!</h1>
+  <!-- clicking calls toggle -->
+  <input type="checkbox" bind:checked={todo.done} />
+  <button onclick={todo.toggle}>Toggle</button>
+</main>
+
+<style>
+  h1 {
+    color: #ff3e00;
+    text-align: center;
+    font-size: 2em;
+    font-weight: 100;
+  }
+  .app {
+    box-sizing: border-box;
+  }
+</style>

packages/bun-plugin-svelte/test/index.test.ts

@@ -4,6 +4,7 @@ import fs from "node:fs";
 import os from "node:os";
 import { render } from "svelte/server";
 import { SveltePlugin } from "../src";
+import type { BuildOutput } from "bun";
 
 const fixturePath = (...segs: string[]) => path.join(import.meta.dirname, "fixtures", ...segs);
 
@@ -32,6 +33,55 @@ it("hello world component", async () => {
   expect(res.success).toBeTrue();
 });
 
+describe("when importing `.svelte.ts` files with ESM", () => {
+  let res: BuildOutput;
+
+  beforeAll(async () => {
+    res = await Bun.build({
+      entrypoints: [fixturePath("with-modules.svelte")],
+      outdir,
+      plugins: [SveltePlugin()],
+    });
+  });
+
+  it("builds successfully", () => {
+    expect(res.success).toBeTrue();
+  });
+
+  it(`handles "svelte" export condition`, async () => {
+    const res = await Bun.build({
+      entrypoints: [fixturePath("svelte-export-condition.svelte")],
+      outdir,
+      plugins: [SveltePlugin()],
+    });
+    expect(res.success).toBeTrue();
+  });
+});
+
+describe("when importing `.svelte.ts` files with CJS", () => {
+  let res: BuildOutput;
+
+  beforeAll(async () => {
+    res = await Bun.build({
+      entrypoints: [fixturePath("with-cjs.svelte")],
+      outdir,
+      plugins: [SveltePlugin()],
+    });
+  });
+
+  it("builds successfully", () => {
+    expect(res.success).toBeTrue();
+  });
+
+  it("does not double-wrap the module with function(module, exports, __filename, __dirname)", async () => {
+    const ts = res.outputs.find(output => output.loader === "ts");
+    expect(ts).toBeDefined();
+    const code = await ts!.text();
+    expect(code).toContain("require_todo_cjs_svelte");
+    expect(code).toContain("var require_todo_cjs_svelte = __commonJS((exports, module) => {\n");
+  });
+});
+
 describe("Bun.build", () => {
   it.each(["node", "bun"] as const)('Generates server-side code when targeting "node" or "bun"', async target => {
     const res = await Bun.build({

packages/bun-types/bun.d.ts

@@ -1,74 +1,3 @@
-declare class _ShellError extends Error implements ShellOutput {
-  readonly stdout: Buffer;
-  readonly stderr: Buffer;
-  readonly exitCode: number;
-
-  /**
-   * Read from stdout as a string
-   *
-   * @param encoding - The encoding to use when decoding the output
-   * @returns Stdout as a string with the given encoding
-   * @example
-   *
-   * ## Read as UTF-8 string
-   *
-   * ```ts
-   * const output = await $`echo hello`;
-   * console.log(output.text()); // "hello\n"
-   * ```
-   *
-   * ## Read as base64 string
-   *
-   * ```ts
-   * const output = await $`echo ${atob("hello")}`;
-   * console.log(output.text("base64")); // "hello\n"
-   * ```
-   *
-   */
-  text(encoding?: BufferEncoding): string;
-
-  /**
-   * Read from stdout as a JSON object
-   *
-   * @returns Stdout as a JSON object
-   * @example
-   *
-   * ```ts
-   * const output = await $`echo '{"hello": 123}'`;
-   * console.log(output.json()); // { hello: 123 }
-   * ```
-   *
-   */
-  json(): any;
-
-  /**
-   * Read from stdout as an ArrayBuffer
-   *
-   * @returns Stdout as an ArrayBuffer
-   * @example
-   *
-   * ```ts
-   * const output = await $`echo hello`;
-   * console.log(output.arrayBuffer()); // ArrayBuffer { byteLength: 6 }
-   * ```
-   */
-  arrayBuffer(): ArrayBuffer;
-
-  /**
-   * Read from stdout as a Blob
-   *
-   * @returns Stdout as a blob
-   * @example
-   * ```ts
-   * const output = await $`echo hello`;
-   * console.log(output.blob()); // Blob { size: 6, type: "" }
-   * ```
-   */
-  blob(): Blob;
-
-  bytes(): Uint8Array;
-}
-
 /**
  * Bun.js runtime APIs
  *
@@ -185,6 +114,77 @@ declare module "bun" {
     | SpawnOptions.Writable
     | ReadableStream;
 
+  class ShellError extends Error implements ShellOutput {
+    readonly stdout: Buffer;
+    readonly stderr: Buffer;
+    readonly exitCode: number;
+
+    /**
+     * Read from stdout as a string
+     *
+     * @param encoding - The encoding to use when decoding the output
+     * @returns Stdout as a string with the given encoding
+     * @example
+     *
+     * ## Read as UTF-8 string
+     *
+     * ```ts
+     * const output = await $`echo hello`;
+     * console.log(output.text()); // "hello\n"
+     * ```
+     *
+     * ## Read as base64 string
+     *
+     * ```ts
+     * const output = await $`echo ${atob("hello")}`;
+     * console.log(output.text("base64")); // "hello\n"
+     * ```
+     *
+     */
+    text(encoding?: BufferEncoding): string;
+
+    /**
+     * Read from stdout as a JSON object
+     *
+     * @returns Stdout as a JSON object
+     * @example
+     *
+     * ```ts
+     * const output = await $`echo '{"hello": 123}'`;
+     * console.log(output.json()); // { hello: 123 }
+     * ```
+     *
+     */
+    json(): any;
+
+    /**
+     * Read from stdout as an ArrayBuffer
+     *
+     * @returns Stdout as an ArrayBuffer
+     * @example
+     *
+     * ```ts
+     * const output = await $`echo hello`;
+     * console.log(output.arrayBuffer()); // ArrayBuffer { byteLength: 6 }
+     * ```
+     */
+    arrayBuffer(): ArrayBuffer;
+
+    /**
+     * Read from stdout as a Blob
+     *
+     * @returns Stdout as a blob
+     * @example
+     * ```ts
+     * const output = await $`echo hello`;
+     * console.log(output.blob()); // Blob { size: 6, type: "" }
+     * ```
+     */
+    blob(): Blob;
+
+    bytes(): Uint8Array;
+  }
+
   class ShellPromise extends Promise<ShellOutput> {
     get stdin(): WritableStream;
     /**
@@ -304,12 +304,12 @@ declare module "bun" {
     new (): Shell;
   }
 
-  type ShellError = _ShellError;
-
   export interface Shell {
     (strings: TemplateStringsArray, ...expressions: ShellExpression[]): ShellPromise;
 
-    readonly ShellError: typeof _ShellError;
+    readonly Shell: ShellConstructor;
+    readonly ShellError: typeof ShellError;
+    readonly ShellPromise: typeof ShellPromise;
 
     /**
      * Perform bash-like brace expansion on the given pattern.
@@ -362,9 +362,6 @@ declare module "bun" {
      * Configure whether or not the shell should throw an exception on non-zero exit codes.
      */
     throws(shouldThrow: boolean): this;
-
-    readonly ShellPromise: typeof ShellPromise;
-    readonly Shell: ShellConstructor;
   }
 
   export interface ShellOutput {
@@ -2309,10 +2306,68 @@ declare module "bun" {
    */
   interface SavepointSQL extends SQL {}
 
+  type CSRFAlgorithm = "blake2b256" | "blake2b512" | "sha256" | "sha384" | "sha512" | "sha512-256";
+  interface CSRFGenerateOptions {
+    /**
+     * The number of milliseconds until the token expires. 0 means the token never expires.
+     * @default 24 * 60 * 60 * 1000 (24 hours)
+     */
+    expiresIn?: number;
+    /**
+     * The encoding of the token.
+     * @default "base64url"
+     */
+    encoding?: "base64" | "base64url" | "hex";
+    /**
+     * The algorithm to use for the token.
+     * @default "sha256"
+     */
+    algorithm?: CSRFAlgorithm;
+  }
+
+  interface CSRFVerifyOptions {
+    /**
+     * The secret to use for the token. If not provided, a random default secret will be generated in memory and used.
+     */
+    secret?: string;
+    /**
+     * The encoding of the token.
+     * @default "base64url"
+     */
+    encoding?: "base64" | "base64url" | "hex";
+    /**
+     * The algorithm to use for the token.
+     * @default "sha256"
+     */
+    algorithm?: CSRFAlgorithm;
+    /**
+     * The number of milliseconds until the token expires. 0 means the token never expires.
+     * @default 24 * 60 * 60 * 1000 (24 hours)
+     */
+    maxAge?: number;
+  }
+  interface CSRF {
+    /**
+     * Generate a CSRF token.
+     * @param secret The secret to use for the token. If not provided, a random default secret will be generated in memory and used.
+     * @param options The options for the token.
+     * @returns The generated token.
+     */
+    generate(secret?: string, options?: CSRFGenerateOptions): string;
+    /**
+     * Verify a CSRF token.
+     * @param token The token to verify.
+     * @param options The options for the token.
+     * @returns True if the token is valid, false otherwise.
+     */
+    verify(token: string, options?: CSRFVerifyOptions): boolean;
+  }
+
   var sql: SQL;
   var postgres: SQL;
   var SQL: SQL;
 
+  var CSRF: CSRF;
   /**
    *   This lets you use macros as regular imports
    *   @example
@@ -2657,7 +2712,7 @@ declare module "bun" {
     loader?: { [k in string]: Loader };
     /**
      * Specifies if and how to generate source maps.
-     * 
+     *
      * - `"none"` - No source maps are generated
      * - `"linked"` - A separate `*.ext.map` file is generated alongside each
      *   `*.ext` file. A `//# sourceMappingURL` comment is added to the output
@@ -2665,11 +2720,11 @@ declare module "bun" {
      * - `"inline"` - an inline source map is appended to the output file.
      * - `"external"` - Generate a separate source map file for each input file.
      *   No `//# sourceMappingURL` comment is added to the output file.
-     * 
+     *
      * `true` and `false` are aliasees for `"inline"` and `"none"`, respectively.
-     * 
+     *
      * @default "none"
-     * 
+     *
      * @see {@link outdir} required for `"linked"` maps
      * @see {@link publicPath} to customize the base url of linked source maps
      */
@@ -2704,10 +2759,10 @@ declare module "bun" {
     env?: "inline" | "disable" | `${string}*`;
     /**
      * Whether to enable minification.
-     * 
+     *
      * Use `true`/`false` to enable/disable all minification options. Alternatively,
      * you can pass an object for granular control over certain minifications.
-     * 
+     *
      * @default false
      */
     minify?:
@@ -4265,17 +4320,7 @@ declare module "bun" {
      * Passing other options such as `port` or `hostname` won't do anything.
      */
     reload<T, R extends { [K in keyof R]: RouterTypes.RouteValue<K & string> }>(
-      options: (
-        | (Omit<ServeOptions, "fetch"> & {
-            routes: R;
-            fetch?: (this: Server, request: Request, server: Server) => Response | Promise<Response>;
-          })
-        | (Omit<ServeOptions, "routes"> & {
-            routes?: never;
-            fetch: (this: Server, request: Request, server: Server) => Response | Promise<Response>;
-          })
-        | WebSocketServeOptions<T>
-      ) & {
+      options: ServeFunctionOptions<T, R> & {
         /**
          * @deprecated Use `routes` instead in new code. This will continue to work for awhile though.
          */
@@ -4653,17 +4698,7 @@ declare module "bun" {
     @param options.routes - Route definitions mapping paths to handlers
     */
   function serve<T, R extends { [K in keyof R]: RouterTypes.RouteValue<K & string> }>(
-    options: (
-      | (DistributedOmit<Serve, "fetch"> & {
-          routes: R;
-          fetch?: (this: Server, request: Request, server: Server) => Response | Promise<Response>;
-        })
-      | (DistributedOmit<Serve, "routes"> & {
-          routes?: never;
-          fetch: (this: Server, request: Request, server: Server) => Response | Promise<Response>;
-        })
-      | WebSocketServeOptions<T>
-    ) & {
+    options: ServeFunctionOptions<T, R> & {
       /**
        * @deprecated Use `routes` instead in new code. This will continue to work for a while though.
        */
@@ -4671,6 +4706,32 @@ declare module "bun" {
     },
   ): Server;
 
+  type ServeFunctionOptions<T, R extends { [K in keyof R]: RouterTypes.RouteValue<K & string> }> =
+    | (DistributedOmit<Exclude<Serve<T>, WebSocketServeOptions<T>>, "fetch"> & {
+        routes: R;
+        fetch?: (this: Server, request: Request, server: Server) => Response | Promise<Response>;
+      })
+    | (DistributedOmit<Exclude<Serve<T>, WebSocketServeOptions<T>>, "routes"> & {
+        routes?: never;
+        fetch: (this: Server, request: Request, server: Server) => Response | Promise<Response>;
+      })
+    | (WebSocketServeOptions<T> & {
+        routes: R;
+        fetch?: (
+          this: Server,
+          request: Request,
+          server: Server,
+        ) => Response | Promise<Response | void | undefined> | void | undefined;
+      })
+    | (WebSocketServeOptions<T> & {
+        routes?: never;
+        fetch: (
+          this: Server,
+          request: Request,
+          server: Server,
+        ) => Response | Promise<Response | void | undefined> | void | undefined;
+      });
+
   /**
    * [`Blob`](https://developer.mozilla.org/en-US/docs/Web/API/Blob) powered by the fastest system calls available for operating on files.
    *
@@ -6239,7 +6300,7 @@ declare module "bun" {
      * @param socket
      */
     open?(socket: Socket<Data>): void | Promise<void>;
-    close?(socket: Socket<Data>): void | Promise<void>;
+    close?(socket: Socket<Data>, error?: Error): void | Promise<void>;
     error?(socket: Socket<Data>, error: Error): void | Promise<void>;
     data?(socket: Socket<Data>, data: BinaryTypeList[DataBinaryType]): void | Promise<void>;
     drain?(socket: Socket<Data>): void | Promise<void>;
@@ -6638,7 +6699,8 @@ declare module "bun" {
        * This is useful for aborting a subprocess when some other part of the
        * program is aborted, such as a `fetch` response.
        *
-       * Internally, this works by calling `subprocess.kill(1)`.
+       * If the signal is aborted, the process will be killed with the signal
+       * specified by `killSignal` (defaults to SIGTERM).
        *
        * @example
        * ```ts
@@ -6657,6 +6719,41 @@ declare module "bun" {
        * ```
        */
       signal?: AbortSignal;
+
+      /**
+       * The maximum amount of time the process is allowed to run in milliseconds.
+       *
+       * If the timeout is reached, the process will be killed with the signal
+       * specified by `killSignal` (defaults to SIGTERM).
+       *
+       * @example
+       * ```ts
+       * // Kill the process after 5 seconds
+       * const subprocess = Bun.spawn({
+       *   cmd: ["sleep", "10"],
+       *   timeout: 5000,
+       * });
+       * await subprocess.exited; // Will resolve after 5 seconds
+       * ```
+       */
+      timeout?: number;
+
+      /**
+       * The signal to use when killing the process after a timeout or when the AbortSignal is aborted.
+       *
+       * @default "SIGTERM" (signal 15)
+       *
+       * @example
+       * ```ts
+       * // Kill the process with SIGKILL after 5 seconds
+       * const subprocess = Bun.spawn({
+       *   cmd: ["sleep", "10"],
+       *   timeout: 5000,
+       *   killSignal: "SIGKILL",
+       * });
+       * ```
+       */
+      killSignal?: string | number;
     }
 
     type OptionsToSubprocess<Opts extends OptionsObject> =

packages/bun-types/devserver.d.ts

@@ -1,24 +1,192 @@
 export {};
 
 declare global {
+  namespace Bun {
+    type HMREventNames =
+      | "bun:ready"
+      | "bun:beforeUpdate"
+      | "bun:afterUpdate"
+      | "bun:beforeFullReload"
+      | "bun:beforePrune"
+      | "bun:invalidate"
+      | "bun:error"
+      | "bun:ws:disconnect"
+      | "bun:ws:connect";
+
+    /**
+     * The event names for the dev server
+     */
+    type HMREvent = `bun:${HMREventNames}` | (string & {});
+  }
+
   interface ImportMeta {
     /**
-     * Hot module replacement
+     * Hot module replacement APIs. This value is `undefined` in production and
+     * can be used in an `if` statement to check if HMR APIs are available
      *
-     * https://bun.sh/docs/bundler/fullstack
+     * ```ts
+     * if (import.meta.hot) {
+     *   // HMR APIs are available
+     * }
+     * ```
+     *
+     * However, this check is usually not needed as Bun will dead-code-eliminate
+     * calls to all of the HMR APIs in production builds.
+     *
+     * https://bun.sh/docs/bundler/hmr
      */
     hot: {
       /**
-       * import.meta.hot.data maintains state between module instances during hot replacement, enabling data transfer from previous to new versions.
+       * `import.meta.hot.data` maintains state between module instances during
+       * hot replacement, enabling data transfer from previous to new versions.
+       * When `import.meta.hot.data` is written to, Bun will mark this module as
+       * capable of self-accepting (equivalent of calling `accept()`).
        *
        * @example
        * ```ts
-       * import.meta.hot.data = {
-       *   bun: 'is cool',
-       * };
+       * const root = import.meta.hot.data.root ??= createRoot(elem);
+       * root.render(<App />); // re-use an existing root
        * ```
+       *
+       * In production, `data` is inlined to be `{}`. This is handy because Bun
+       * knows it can minify `{}.prop ??= value` into `value` in production.
        */
       data: any;
+
+      /**
+       * Indicate that this module can be replaced simply by re-evaluating the
+       * file. After a hot update, importers of this module will be
+       * automatically patched.
+       *
+       * When `import.meta.hot.accept` is not used, the page will reload when
+       * the file updates, and a console message shows which files were checked.
+       *
+       * @example
+       * ```ts
+       * import { getCount } from "./foo";
+       *
+       * console.log("count is ", getCount());
+       *
+       * import.meta.hot.accept();
+       * ```
+       */
+      accept(): void;
+
+      /**
+       * Indicate that this module can be replaced by evaluating the new module,
+       * and then calling the callback with the new module. In this mode, the
+       * importers do not get patched. This is to match Vite, which is unable
+       * to patch their import statements. Prefer using `import.meta.hot.accept()`
+       * without an argument as it usually makes your code easier to understand.
+       *
+       * When `import.meta.hot.accept` is not used, the page will reload when
+       * the file updates, and a console message shows which files were checked.
+       *
+       * @example
+       * ```ts
+       * export const count = 0;
+       *
+       * import.meta.hot.accept((newModule) => {
+       *   if (newModule) {
+       *     // newModule is undefined when SyntaxError happened
+       *     console.log('updated: count is now ', newModule.count)
+       *   }
+       * });
+       * ```
+       *
+       * In production, calls to this are dead-code-eliminated.
+       */
+      accept(cb: (newModule: any | undefined) => void): void;
+
+      /**
+       * Indicate that a dependency's module can be accepted. When the dependency
+       * is updated, the callback will be called with the new module.
+       *
+       * When `import.meta.hot.accept` is not used, the page will reload when
+       * the file updates, and a console message shows which files were checked.
+       *
+       * @example
+       * ```ts
+       * import.meta.hot.accept('./foo', (newModule) => {
+       *   if (newModule) {
+       *     // newModule is undefined when SyntaxError happened
+       *     console.log('updated: count is now ', newModule.count)
+       *   }
+       * });
+       * ```
+       */
+      accept(specifier: string, callback: (newModule: any) => void): void;
+
+      /**
+       * Indicate that a dependency's module can be accepted. This variant
+       * accepts an array of dependencies, where the callback will receive
+       * the one updated module, and `undefined` for the rest.
+       *
+       * When `import.meta.hot.accept` is not used, the page will reload when
+       * the file updates, and a console message shows which files were checked.
+       */
+      accept(specifiers: string[], callback: (newModules: (any | undefined)[]) => void): void;
+
+      /**
+       * Attach an on-dispose callback. This is called:
+       * - Just before the module is replaced with another copy (before the next is loaded)
+       * - After the module is detached (removing all imports to this module)
+       *
+       * This callback is not called on route navigation or when the browser tab closes.
+       *
+       * Returning a promise will delay module replacement until the module is
+       * disposed. All dispose callbacks are called in parallel.
+       */
+      dispose(cb: (data: any) => void | Promise<void>): void;
+
+      /**
+       * No-op
+       * @deprecated
+       */
+      decline(): void;
+
+      // NOTE TO CONTRIBUTORS ////////////////////////////////////////
+      //     Callback is currently never called for `.prune()`      //
+      //     so the types are commented out until we support it.    //
+      ////////////////////////////////////////////////////////////////
+      // /**
+      //  * Attach a callback that is called when the module is removed from the module graph.
+      //  *
+      //  * This can be used to clean up resources that were created when the module was loaded.
+      //  * Unlike `import.meta.hot.dispose()`, this pairs much better with `accept` and `data` to manage stateful resources.
+      //  *
+      //  * @example
+      //  * ```ts
+      //  * export const ws = (import.meta.hot.data.ws ??= new WebSocket(location.origin));
+      //  *
+      //  * import.meta.hot.prune(() => {
+      //  *   ws.close();
+      //  * });
+      //  * ```
+      //  */
+      // prune(callback: () => void): void;
+
+      /**
+       * Listen for an event from the dev server
+       *
+       * For compatibility with Vite, event names are also available via vite:* prefix instead of bun:*.
+       *
+       * https://bun.sh/docs/bundler/hmr#import-meta-hot-on-and-off
+       * @param event The event to listen to
+       * @param callback The callback to call when the event is emitted
+       */
+      on(event: Bun.HMREvent, callback: () => void): void;
+
+      /**
+       * Stop listening for an event from the dev server
+       *
+       * For compatibility with Vite, event names are also available via vite:* prefix instead of bun:*.
+       *
+       * https://bun.sh/docs/bundler/hmr#import-meta-hot-on-and-off
+       * @param event The event to stop listening to
+       * @param callback The callback to stop listening to
+       */
+      off(event: Bun.HMREvent, callback: () => void): void;
     };
   }
 }

packages/bun-types/globals.d.ts

@@ -76,6 +76,17 @@ declare global {
       revision: string;
       reallyExit(code?: number): never;
       dlopen(module: { exports: any }, filename: string, flags?: number): void;
+      _exiting: boolean;
+      noDeprecation: boolean;
+
+      binding(m: string): object;
+      binding(m: "constants"): {
+        os: typeof import("node:os").constants;
+        fs: typeof import("node:fs").constants;
+        crypto: typeof import("node:crypto").constants;
+        zlib: typeof import("node:zlib").constants;
+        trace: typeof import("node:trace").constants;
+      };
     }
   }
 
@@ -1765,6 +1776,71 @@ declare global {
      */
     bytes(): Promise<Uint8Array>;
   }
-
   var Blob: typeof Blob;
+
+  interface Uint8Array {
+    /**
+     * Convert the Uint8Array to a base64 encoded string
+     * @returns The base64 encoded string representation of the Uint8Array
+     */
+    toBase64(options?: { alphabet?: "base64" | "base64url"; omitPadding?: boolean }): string;
+
+    /**
+     * Set the contents of the Uint8Array from a base64 encoded string
+     * @param base64 The base64 encoded string to decode into the array
+     * @param offset Optional starting index to begin setting the decoded bytes (default: 0)
+     */
+    setFromBase64(
+      base64: string,
+      offset?: number,
+    ): {
+      /**
+       * The number of bytes read from the base64 string
+       */
+      read: number;
+      /**
+       * The number of bytes written to the Uint8Array
+       * Will never be greater than the `.byteLength` of this Uint8Array
+       */
+      written: number;
+    };
+
+    /**
+     * Convert the Uint8Array to a hex encoded string
+     * @returns The hex encoded string representation of the Uint8Array
+     */
+    toHex(): string;
+
+    /**
+     * Set the contents of the Uint8Array from a hex encoded string
+     * @param hex The hex encoded string to decode into the array. The string must have
+     * an even number of characters, be valid hexadecimal characters and contain no whitespace.
+     */
+    setFromHex(hex: string): {
+      /**
+       * The number of bytes read from the hex string
+       */
+      read: number;
+      /**
+       * The number of bytes written to the Uint8Array
+       * Will never be greater than the `.byteLength` of this Uint8Array
+       */
+      written: number;
+    };
+  }
+
+  interface Uint8ArrayConstructor {
+    /**
+     * Create a new Uint8Array from a base64 encoded string
+     * @param base64 The base64 encoded string to convert to a Uint8Array
+     * @returns A new Uint8Array containing the decoded data
+     */
+    fromBase64(
+      base64: string,
+      options?: {
+        alphabet?: "base64" | "base64url";
+        lastChunkHandling?: "loose" | "strict" | "stop-before-partial";
+      },
+    ): Uint8Array;
+  }
 }

packages/bun-types/sqlite.d.ts

@@ -477,6 +477,79 @@ declare module "bun:sqlite" {
      */
     static deserialize(serialized: NodeJS.TypedArray | ArrayBufferLike, isReadOnly?: boolean): Database;
 
+    /**
+     * Load a serialized SQLite3 database. This version enables you to specify
+     * additional options such as `strict` to put the database into strict mode.
+     *
+     * Internally, this calls `sqlite3_deserialize`.
+     *
+     * @param serialized Data to load
+     * @returns `Database` instance
+     *
+     * @example
+     * ```ts
+     * test("supports serialize/deserialize", () => {
+     *     const db = Database.open(":memory:");
+     *     db.exec("CREATE TABLE test (id INTEGER PRIMARY KEY, name TEXT)");
+     *     db.exec('INSERT INTO test (name) VALUES ("Hello")');
+     *     db.exec('INSERT INTO test (name) VALUES ("World")');
+     *
+     *     const input = db.serialize();
+     *     const db2 = Database.deserialize(input, { strict: true });
+     *
+     *     const stmt = db2.prepare("SELECT * FROM test");
+     *     expect(JSON.stringify(stmt.get())).toBe(
+     *       JSON.stringify({
+     *         id: 1,
+     *         name: "Hello",
+     *       }),
+     *     );
+     *
+     *     expect(JSON.stringify(stmt.all())).toBe(
+     *       JSON.stringify([
+     *         {
+     *           id: 1,
+     *           name: "Hello",
+     *         },
+     *         {
+     *           id: 2,
+     *           name: "World",
+     *         },
+     *       ]),
+     *     );
+     *     db2.exec("insert into test (name) values ($foo)", { foo: "baz" });
+     *     expect(JSON.stringify(stmt.all())).toBe(
+     *       JSON.stringify([
+     *         {
+     *           id: 1,
+     *           name: "Hello",
+     *         },
+     *         {
+     *           id: 2,
+     *           name: "World",
+     *         },
+     *         {
+     *           id: 3,
+     *           name: "baz",
+     *         },
+     *       ]),
+     *     );
+     *
+     *     const db3 = Database.deserialize(input, { readonly: true, strict: true });
+     *     try {
+     *       db3.exec("insert into test (name) values ($foo)", { foo: "baz" });
+     *       throw new Error("Expected error");
+     *     } catch (e) {
+     *       expect(e.message).toBe("attempt to write a readonly database");
+     *     }
+     * });
+     * ```
+     */
+    static deserialize(
+      serialized: NodeJS.TypedArray | ArrayBufferLike,
+      options?: { readonly?: boolean; strict?: boolean; safeIntegers?: boolean },
+    ): Database;
+
     /**
      * See `sqlite3_file_control` for more information.
      * @link https://www.sqlite.org/c3ref/file_control.html

packages/bun-types/test.d.ts

@@ -165,8 +165,14 @@ declare module "bun:test" {
    * @param label the label for the tests
    * @param fn the function that defines the tests
    */
+
+  interface FunctionLike {
+    readonly name: string;
+  }
   export interface Describe {
-    (label: string, fn: () => void): void;
+    (fn: () => void): void;
+
+    (label: number | string | Function | FunctionLike, fn: () => void): void;
     /**
      * Skips all other tests, except this group of tests.
      *

packages/bun-usockets/certdata.txt

@@ -2347,174 +2347,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
-#
-# Certificate "SwissSign Silver CA - G2"
-#
-# Issuer: CN=SwissSign Silver CA - G2,O=SwissSign AG,C=CH
-# Serial Number:4f:1b:d4:2f:54:bb:2f:4b
-# Subject: CN=SwissSign Silver CA - G2,O=SwissSign AG,C=CH
-# Not Valid Before: Wed Oct 25 08:32:46 2006
-# Not Valid After : Sat Oct 25 08:32:46 2036
-# Fingerprint (SHA-256): BE:6C:4D:A2:BB:B9:BA:59:B6:F3:93:97:68:37:42:46:C3:C0:05:99:3F:A9:8F:02:0D:1D:ED:BE:D4:8A:81:D5
-# Fingerprint (SHA1): 9B:AA:E5:9F:56:EE:21:CB:43:5A:BE:25:93:DF:A7:F0:40:D1:1D:CB
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "SwissSign Silver CA - G2"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\107\061\013\060\011\006\003\125\004\006\023\002\103\110\061
-\025\060\023\006\003\125\004\012\023\014\123\167\151\163\163\123
-\151\147\156\040\101\107\061\041\060\037\006\003\125\004\003\023
-\030\123\167\151\163\163\123\151\147\156\040\123\151\154\166\145
-\162\040\103\101\040\055\040\107\062
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\107\061\013\060\011\006\003\125\004\006\023\002\103\110\061
-\025\060\023\006\003\125\004\012\023\014\123\167\151\163\163\123
-\151\147\156\040\101\107\061\041\060\037\006\003\125\004\003\023
-\030\123\167\151\163\163\123\151\147\156\040\123\151\154\166\145
-\162\040\103\101\040\055\040\107\062
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\010\117\033\324\057\124\273\057\113
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\005\275\060\202\003\245\240\003\002\001\002\002\010\117
-\033\324\057\124\273\057\113\060\015\006\011\052\206\110\206\367
-\015\001\001\005\005\000\060\107\061\013\060\011\006\003\125\004
-\006\023\002\103\110\061\025\060\023\006\003\125\004\012\023\014
-\123\167\151\163\163\123\151\147\156\040\101\107\061\041\060\037
-\006\003\125\004\003\023\030\123\167\151\163\163\123\151\147\156
-\040\123\151\154\166\145\162\040\103\101\040\055\040\107\062\060
-\036\027\015\060\066\061\060\062\065\060\070\063\062\064\066\132
-\027\015\063\066\061\060\062\065\060\070\063\062\064\066\132\060
-\107\061\013\060\011\006\003\125\004\006\023\002\103\110\061\025
-\060\023\006\003\125\004\012\023\014\123\167\151\163\163\123\151
-\147\156\040\101\107\061\041\060\037\006\003\125\004\003\023\030
-\123\167\151\163\163\123\151\147\156\040\123\151\154\166\145\162
-\040\103\101\040\055\040\107\062\060\202\002\042\060\015\006\011
-\052\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000
-\060\202\002\012\002\202\002\001\000\304\361\207\177\323\170\061
-\367\070\311\370\303\231\103\274\307\367\274\067\347\116\161\272
-\113\217\245\163\035\134\156\230\256\003\127\256\070\067\103\057
-\027\075\037\310\316\150\020\301\170\256\031\003\053\020\372\054
-\171\203\366\350\271\150\271\125\362\004\104\247\071\371\374\004
-\213\036\361\242\115\047\371\141\173\272\267\345\242\023\266\353
-\141\076\320\154\321\346\373\372\136\355\035\264\236\240\065\133
-\241\222\313\360\111\222\376\205\012\005\076\346\331\013\342\117
-\273\334\225\067\374\221\351\062\065\042\321\037\072\116\047\205
-\235\260\025\224\062\332\141\015\107\115\140\102\256\222\107\350
-\203\132\120\130\351\212\213\271\135\241\334\335\231\112\037\066
-\147\273\110\344\203\266\067\353\110\072\257\017\147\217\027\007
-\350\004\312\357\152\061\207\324\300\266\371\224\161\173\147\144
-\270\266\221\112\102\173\145\056\060\152\014\365\220\356\225\346
-\362\315\202\354\331\241\112\354\366\262\113\345\105\205\346\155
-\170\223\004\056\234\202\155\066\251\304\061\144\037\206\203\013
-\052\364\065\012\170\311\125\317\101\260\107\351\060\237\231\276
-\141\250\006\204\271\050\172\137\070\331\033\251\070\260\203\177
-\163\301\303\073\110\052\202\017\041\233\270\314\250\065\303\204
-\033\203\263\076\276\244\225\151\001\072\211\000\170\004\331\311
-\364\231\031\253\126\176\133\213\206\071\025\221\244\020\054\011
-\062\200\140\263\223\300\052\266\030\013\235\176\215\111\362\020
-\112\177\371\325\106\057\031\222\243\231\247\046\254\273\214\074
-\346\016\274\107\007\334\163\121\361\160\144\057\010\371\264\107
-\035\060\154\104\352\051\067\205\222\150\146\274\203\070\376\173
-\071\056\323\120\360\037\373\136\140\266\251\246\372\047\101\361
-\233\030\162\362\365\204\164\112\311\147\304\124\256\110\144\337
-\214\321\156\260\035\341\007\217\010\036\231\234\161\351\114\330
-\245\367\107\022\037\164\321\121\236\206\363\302\242\043\100\013
-\163\333\113\246\347\163\006\214\301\240\351\301\131\254\106\372
-\346\057\370\317\161\234\106\155\271\304\025\215\070\171\003\105
-\110\357\304\135\327\010\356\207\071\042\206\262\015\017\130\103
-\367\161\251\110\056\375\352\326\037\002\003\001\000\001\243\201
-\254\060\201\251\060\016\006\003\125\035\017\001\001\377\004\004
-\003\002\001\006\060\017\006\003\125\035\023\001\001\377\004\005
-\060\003\001\001\377\060\035\006\003\125\035\016\004\026\004\024
-\027\240\315\301\344\101\266\072\133\073\313\105\235\275\034\302
-\230\372\206\130\060\037\006\003\125\035\043\004\030\060\026\200
-\024\027\240\315\301\344\101\266\072\133\073\313\105\235\275\034
-\302\230\372\206\130\060\106\006\003\125\035\040\004\077\060\075
-\060\073\006\011\140\205\164\001\131\001\003\001\001\060\056\060
-\054\006\010\053\006\001\005\005\007\002\001\026\040\150\164\164
-\160\072\057\057\162\145\160\157\163\151\164\157\162\171\056\163
-\167\151\163\163\163\151\147\156\056\143\157\155\057\060\015\006
-\011\052\206\110\206\367\015\001\001\005\005\000\003\202\002\001
-\000\163\306\201\340\047\322\055\017\340\225\060\342\232\101\177
-\120\054\137\137\142\141\251\206\152\151\030\014\164\111\326\135
-\204\352\101\122\030\157\130\255\120\126\040\152\306\275\050\151
-\130\221\334\221\021\065\251\072\035\274\032\245\140\236\330\037
-\177\105\221\151\331\176\273\170\162\301\006\017\052\316\217\205
-\160\141\254\240\315\013\270\071\051\126\204\062\116\206\273\075
-\304\052\331\327\037\162\356\376\121\241\042\101\261\161\002\143
-\032\202\260\142\253\136\127\022\037\337\313\335\165\240\300\135
-\171\220\214\033\340\120\346\336\061\376\230\173\160\137\245\220
-\330\255\370\002\266\157\323\140\335\100\113\042\305\075\255\072
-\172\237\032\032\107\221\171\063\272\202\334\062\151\003\226\156
-\037\113\360\161\376\343\147\162\240\261\277\134\213\344\372\231
-\042\307\204\271\033\215\043\227\077\355\045\340\317\145\273\365
-\141\004\357\335\036\262\132\101\042\132\241\237\135\054\350\133
-\311\155\251\014\014\170\252\140\306\126\217\001\132\014\150\274
-\151\031\171\304\037\176\227\005\277\305\351\044\121\136\324\325
-\113\123\355\331\043\132\066\003\145\243\301\003\255\101\060\363
-\106\033\205\220\257\145\265\325\261\344\026\133\170\165\035\227
-\172\155\131\251\052\217\173\336\303\207\211\020\231\111\163\170
-\310\075\275\121\065\164\052\325\361\176\151\033\052\273\073\275
-\045\270\232\132\075\162\141\220\146\207\356\014\326\115\324\021
-\164\013\152\376\013\003\374\243\125\127\211\376\112\313\256\133
-\027\005\310\362\215\043\061\123\070\322\055\152\077\202\271\215
-\010\152\367\136\101\164\156\303\021\176\007\254\051\140\221\077
-\070\312\127\020\015\275\060\057\307\245\346\101\240\332\256\005
-\207\232\240\244\145\154\114\011\014\211\272\270\323\271\300\223
-\212\060\372\215\345\232\153\025\001\116\147\252\332\142\126\076
-\204\010\146\322\304\066\175\247\076\020\374\210\340\324\200\345
-\000\275\252\363\116\006\243\172\152\371\142\162\343\011\117\353
-\233\016\001\043\361\237\273\174\334\334\154\021\227\045\262\362
-\264\143\024\322\006\052\147\214\203\365\316\352\007\330\232\152
-\036\354\344\012\273\052\114\353\011\140\071\316\312\142\330\056
-\156
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
-CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
-
-# Trust for "SwissSign Silver CA - G2"
-# Issuer: CN=SwissSign Silver CA - G2,O=SwissSign AG,C=CH
-# Serial Number:4f:1b:d4:2f:54:bb:2f:4b
-# Subject: CN=SwissSign Silver CA - G2,O=SwissSign AG,C=CH
-# Not Valid Before: Wed Oct 25 08:32:46 2006
-# Not Valid After : Sat Oct 25 08:32:46 2036
-# Fingerprint (SHA-256): BE:6C:4D:A2:BB:B9:BA:59:B6:F3:93:97:68:37:42:46:C3:C0:05:99:3F:A9:8F:02:0D:1D:ED:BE:D4:8A:81:D5
-# Fingerprint (SHA1): 9B:AA:E5:9F:56:EE:21:CB:43:5A:BE:25:93:DF:A7:F0:40:D1:1D:CB
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "SwissSign Silver CA - G2"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\233\252\345\237\126\356\041\313\103\132\276\045\223\337\247\360
-\100\321\035\313
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\340\006\241\311\175\317\311\374\015\300\126\165\226\330\142\023
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\107\061\013\060\011\006\003\125\004\006\023\002\103\110\061
-\025\060\023\006\003\125\004\012\023\014\123\167\151\163\163\123
-\151\147\156\040\101\107\061\041\060\037\006\003\125\004\003\023
-\030\123\167\151\163\163\123\151\147\156\040\123\151\154\166\145
-\162\040\103\101\040\055\040\107\062
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\010\117\033\324\057\124\273\057\113
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
 #
 # Certificate "SecureTrust CA"
 #
@@ -21231,7 +21063,7 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL
 \002\011\000\326\135\233\263\170\201\056\353
 END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
@@ -21399,7 +21231,7 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL
 \154\040
 END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
@@ -21514,7 +21346,7 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL
 \112\353
 END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
@@ -25970,3 +25802,339 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "D-TRUST BR Root CA 2 2023"
+#
+# Issuer: CN=D-TRUST BR Root CA 2 2023,O=D-Trust GmbH,C=DE
+# Serial Number:73:3b:30:04:48:5b:d9:4d:78:2e:73:4b:c9:a1:dc:66
+# Subject: CN=D-TRUST BR Root CA 2 2023,O=D-Trust GmbH,C=DE
+# Not Valid Before: Tue May 09 08:56:31 2023
+# Not Valid After : Sun May 09 08:56:30 2038
+# Fingerprint (SHA-256): 05:52:E6:F8:3F:DF:65:E8:FA:96:70:E6:66:DF:28:A4:E2:13:40:B5:10:CB:E5:25:66:F9:7C:4F:B9:4B:2B:D1
+# Fingerprint (SHA1): 2D:B0:70:EE:71:94:AF:69:68:17:DB:79:CE:58:9F:A0:6B:96:F7:87
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "D-TRUST BR Root CA 2 2023"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\110\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\025\060\023\006\003\125\004\012\023\014\104\055\124\162\165\163
+\164\040\107\155\142\110\061\042\060\040\006\003\125\004\003\023
+\031\104\055\124\122\125\123\124\040\102\122\040\122\157\157\164
+\040\103\101\040\062\040\062\060\062\063
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\110\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\025\060\023\006\003\125\004\012\023\014\104\055\124\162\165\163
+\164\040\107\155\142\110\061\042\060\040\006\003\125\004\003\023
+\031\104\055\124\122\125\123\124\040\102\122\040\122\157\157\164
+\040\103\101\040\062\040\062\060\062\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\163\073\060\004\110\133\331\115\170\056\163\113\311\241
+\334\146
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\251\060\202\003\221\240\003\002\001\002\002\020\163
+\073\060\004\110\133\331\115\170\056\163\113\311\241\334\146\060
+\015\006\011\052\206\110\206\367\015\001\001\015\005\000\060\110
+\061\013\060\011\006\003\125\004\006\023\002\104\105\061\025\060
+\023\006\003\125\004\012\023\014\104\055\124\162\165\163\164\040
+\107\155\142\110\061\042\060\040\006\003\125\004\003\023\031\104
+\055\124\122\125\123\124\040\102\122\040\122\157\157\164\040\103
+\101\040\062\040\062\060\062\063\060\036\027\015\062\063\060\065
+\060\071\060\070\065\066\063\061\132\027\015\063\070\060\065\060
+\071\060\070\065\066\063\060\132\060\110\061\013\060\011\006\003
+\125\004\006\023\002\104\105\061\025\060\023\006\003\125\004\012
+\023\014\104\055\124\162\165\163\164\040\107\155\142\110\061\042
+\060\040\006\003\125\004\003\023\031\104\055\124\122\125\123\124
+\040\102\122\040\122\157\157\164\040\103\101\040\062\040\062\060
+\062\063\060\202\002\042\060\015\006\011\052\206\110\206\367\015
+\001\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202
+\002\001\000\256\377\011\131\221\200\012\112\150\346\044\077\270
+\247\344\310\072\012\072\026\315\311\043\141\240\223\161\362\253
+\213\163\217\240\147\145\140\322\124\153\143\121\157\111\063\340
+\162\007\023\175\070\315\006\222\007\051\122\153\116\167\154\004
+\323\225\372\335\114\214\331\135\301\141\175\113\347\050\263\104
+\201\173\121\257\335\063\261\150\174\326\116\114\376\053\150\271
+\312\146\151\304\354\136\127\177\367\015\307\234\066\066\345\007
+\140\254\300\114\352\010\154\357\006\174\117\133\050\172\010\374
+\223\135\233\366\234\264\213\206\272\041\271\364\360\350\131\132
+\050\241\064\204\032\045\221\266\265\217\357\262\371\200\372\371
+\075\074\021\162\330\343\057\206\166\305\171\054\301\251\220\223
+\106\230\147\313\203\152\240\120\043\247\073\366\201\071\340\355
+\360\271\277\145\361\330\313\172\373\357\163\003\316\000\364\175
+\327\340\135\073\146\270\334\216\272\203\313\207\166\003\374\045
+\331\347\043\157\006\375\147\363\340\377\204\274\107\277\265\026
+\030\106\151\024\314\005\367\333\323\111\254\153\314\253\344\265
+\013\103\044\136\113\153\115\147\337\326\265\076\117\170\037\224
+\161\044\352\336\160\374\361\223\376\236\223\132\344\224\132\227
+\124\014\065\173\137\154\356\000\037\044\354\003\272\002\365\166
+\364\237\324\232\355\205\054\070\042\057\307\330\057\166\021\117
+\375\154\134\350\365\216\047\207\177\031\112\041\107\220\035\171
+\215\034\133\370\317\112\205\344\355\263\133\215\276\304\144\050
+\135\101\304\156\254\070\132\117\043\164\164\251\022\303\366\322
+\271\021\025\063\007\221\330\073\067\072\143\060\006\321\305\042
+\066\050\142\043\020\340\106\314\227\254\326\053\135\144\044\325
+\356\034\016\336\373\010\132\165\052\366\143\155\316\013\102\276
+\321\272\160\034\234\041\345\017\061\151\027\327\374\012\264\336
+\355\200\234\313\222\264\213\365\336\131\242\130\011\245\143\107
+\013\341\101\062\064\101\331\232\261\331\250\260\033\132\336\015
+\015\364\342\262\135\065\200\271\201\324\204\151\221\002\313\165
+\320\215\305\265\075\011\221\011\217\024\241\024\164\171\076\326
+\311\025\035\244\131\131\042\334\366\212\105\075\074\022\326\076
+\135\062\057\002\003\001\000\001\243\201\216\060\201\213\060\017
+\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060
+\035\006\003\125\035\016\004\026\004\024\147\220\360\326\336\265
+\030\325\106\051\176\134\253\370\236\010\274\144\225\020\060\016
+\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060\111
+\006\003\125\035\037\004\102\060\100\060\076\240\074\240\072\206
+\070\150\164\164\160\072\057\057\143\162\154\056\144\055\164\162
+\165\163\164\056\156\145\164\057\143\162\154\057\144\055\164\162
+\165\163\164\137\142\162\137\162\157\157\164\137\143\141\137\062
+\137\062\060\062\063\056\143\162\154\060\015\006\011\052\206\110
+\206\367\015\001\001\015\005\000\003\202\002\001\000\064\367\263
+\167\123\333\060\026\271\055\245\041\361\100\041\165\353\353\110
+\026\201\075\163\340\236\047\052\353\167\251\023\244\152\012\132
+\132\024\063\075\150\037\201\256\151\375\214\237\145\154\064\102
+\331\055\320\177\170\026\261\072\254\043\061\255\136\177\256\347
+\256\053\372\272\374\074\227\225\100\223\137\303\055\003\243\355
+\244\157\123\327\372\100\016\060\365\000\040\054\000\114\214\073
+\264\243\037\266\277\221\062\253\257\222\230\323\026\346\324\321
+\124\134\103\133\056\256\357\127\052\250\264\157\244\357\015\126
+\024\332\041\253\040\166\236\003\374\046\270\236\077\076\003\046
+\346\114\333\235\137\102\204\075\105\003\003\034\131\210\312\334
+\056\141\044\132\244\352\047\013\163\022\276\122\263\012\317\062
+\027\342\036\207\032\026\225\110\155\132\340\320\317\011\222\046
+\146\221\330\243\141\016\252\201\201\177\350\122\202\321\102\347
+\340\035\030\372\244\205\066\347\206\340\015\353\274\324\311\326
+\074\103\361\135\111\156\176\201\233\151\265\211\142\217\210\122
+\330\327\376\047\301\043\305\313\053\002\273\261\137\376\373\103
+\205\003\106\276\135\306\312\041\046\377\327\002\236\164\112\334
+\370\023\025\261\201\127\066\313\145\134\321\035\061\167\351\045
+\303\303\262\062\067\325\361\230\011\344\155\143\200\010\253\006
+\222\201\324\351\160\217\247\077\262\355\206\214\202\152\065\310
+\102\132\202\321\122\032\105\017\025\245\000\360\224\173\145\047
+\127\071\103\317\174\177\346\275\065\263\173\361\031\114\336\072
+\226\317\351\166\356\003\347\302\103\122\074\152\201\350\301\132
+\200\275\021\135\223\153\373\307\346\144\077\273\151\034\351\335
+\045\213\257\164\311\124\100\312\313\223\023\012\355\373\146\222
+\021\312\365\300\372\330\203\125\003\174\323\305\042\106\165\160
+\153\171\110\006\052\202\232\277\346\353\026\016\042\105\001\274
+\335\066\224\064\251\065\046\212\327\227\271\356\010\162\277\064
+\222\160\203\200\253\070\252\131\150\335\100\244\030\220\262\363
+\325\003\312\046\312\357\325\307\340\217\123\216\360\000\343\250
+\355\237\371\255\167\340\053\143\117\236\303\356\067\273\170\011
+\204\236\271\156\373\051\231\220\350\200\323\237\044
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
+
+# Trust for "D-TRUST BR Root CA 2 2023"
+# Issuer: CN=D-TRUST BR Root CA 2 2023,O=D-Trust GmbH,C=DE
+# Serial Number:73:3b:30:04:48:5b:d9:4d:78:2e:73:4b:c9:a1:dc:66
+# Subject: CN=D-TRUST BR Root CA 2 2023,O=D-Trust GmbH,C=DE
+# Not Valid Before: Tue May 09 08:56:31 2023
+# Not Valid After : Sun May 09 08:56:30 2038
+# Fingerprint (SHA-256): 05:52:E6:F8:3F:DF:65:E8:FA:96:70:E6:66:DF:28:A4:E2:13:40:B5:10:CB:E5:25:66:F9:7C:4F:B9:4B:2B:D1
+# Fingerprint (SHA1): 2D:B0:70:EE:71:94:AF:69:68:17:DB:79:CE:58:9F:A0:6B:96:F7:87
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "D-TRUST BR Root CA 2 2023"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\055\260\160\356\161\224\257\151\150\027\333\171\316\130\237\240
+\153\226\367\207
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\341\011\355\323\140\324\126\033\107\037\267\014\137\033\137\205
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\110\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\025\060\023\006\003\125\004\012\023\014\104\055\124\162\165\163
+\164\040\107\155\142\110\061\042\060\040\006\003\125\004\003\023
+\031\104\055\124\122\125\123\124\040\102\122\040\122\157\157\164
+\040\103\101\040\062\040\062\060\062\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\163\073\060\004\110\133\331\115\170\056\163\113\311\241
+\334\146
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "D-TRUST EV Root CA 2 2023"
+#
+# Issuer: CN=D-TRUST EV Root CA 2 2023,O=D-Trust GmbH,C=DE
+# Serial Number:69:26:09:7e:80:4b:4c:a0:a7:8c:78:62:53:5f:5a:6f
+# Subject: CN=D-TRUST EV Root CA 2 2023,O=D-Trust GmbH,C=DE
+# Not Valid Before: Tue May 09 09:10:33 2023
+# Not Valid After : Sun May 09 09:10:32 2038
+# Fingerprint (SHA-256): 8E:82:21:B2:E7:D4:00:78:36:A1:67:2F:0D:CC:29:9C:33:BC:07:D3:16:F1:32:FA:1A:20:6D:58:71:50:F1:CE
+# Fingerprint (SHA1): A5:5B:D8:47:6C:8F:19:F7:4C:F4:6D:6B:B6:C2:79:82:22:DF:54:8B
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "D-TRUST EV Root CA 2 2023"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\110\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\025\060\023\006\003\125\004\012\023\014\104\055\124\162\165\163
+\164\040\107\155\142\110\061\042\060\040\006\003\125\004\003\023
+\031\104\055\124\122\125\123\124\040\105\126\040\122\157\157\164
+\040\103\101\040\062\040\062\060\062\063
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\110\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\025\060\023\006\003\125\004\012\023\014\104\055\124\162\165\163
+\164\040\107\155\142\110\061\042\060\040\006\003\125\004\003\023
+\031\104\055\124\122\125\123\124\040\105\126\040\122\157\157\164
+\040\103\101\040\062\040\062\060\062\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\151\046\011\176\200\113\114\240\247\214\170\142\123\137
+\132\157
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\251\060\202\003\221\240\003\002\001\002\002\020\151
+\046\011\176\200\113\114\240\247\214\170\142\123\137\132\157\060
+\015\006\011\052\206\110\206\367\015\001\001\015\005\000\060\110
+\061\013\060\011\006\003\125\004\006\023\002\104\105\061\025\060
+\023\006\003\125\004\012\023\014\104\055\124\162\165\163\164\040
+\107\155\142\110\061\042\060\040\006\003\125\004\003\023\031\104
+\055\124\122\125\123\124\040\105\126\040\122\157\157\164\040\103
+\101\040\062\040\062\060\062\063\060\036\027\015\062\063\060\065
+\060\071\060\071\061\060\063\063\132\027\015\063\070\060\065\060
+\071\060\071\061\060\063\062\132\060\110\061\013\060\011\006\003
+\125\004\006\023\002\104\105\061\025\060\023\006\003\125\004\012
+\023\014\104\055\124\162\165\163\164\040\107\155\142\110\061\042
+\060\040\006\003\125\004\003\023\031\104\055\124\122\125\123\124
+\040\105\126\040\122\157\157\164\040\103\101\040\062\040\062\060
+\062\063\060\202\002\042\060\015\006\011\052\206\110\206\367\015
+\001\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202
+\002\001\000\330\216\243\211\200\013\262\127\122\334\251\123\114
+\067\271\177\143\027\023\357\247\133\043\133\151\165\260\231\012
+\027\301\213\304\333\250\340\314\061\272\302\362\315\135\351\267
+\370\035\257\152\304\225\207\327\107\311\225\330\202\004\120\075
+\201\010\377\344\075\263\261\326\305\262\375\210\011\333\234\204
+\354\045\027\024\207\177\060\170\233\152\130\311\266\163\050\074
+\064\367\231\367\177\323\246\370\034\105\174\255\054\214\224\077
+\330\147\020\123\176\042\315\116\045\121\360\045\044\065\021\136
+\020\306\354\207\146\211\201\150\272\314\053\235\107\163\037\275
+\315\221\244\162\152\234\242\033\030\240\157\354\120\364\175\100
+\302\250\060\317\275\163\310\023\053\020\023\036\213\232\250\072
+\224\163\323\030\151\012\112\377\301\001\003\377\171\177\265\110
+\177\173\356\350\051\157\066\114\225\141\206\330\371\242\163\212
+\356\256\057\226\356\150\315\075\115\050\102\371\105\053\062\033
+\106\125\026\152\246\113\051\371\273\225\126\277\106\035\354\035
+\223\035\300\145\262\037\241\103\256\126\236\240\261\217\153\022
+\267\140\155\170\013\312\212\134\355\036\226\016\203\246\110\225
+\215\073\243\041\304\256\130\306\000\262\204\264\043\244\226\206
+\065\270\330\236\330\254\064\111\230\143\225\305\313\155\110\107
+\342\362\056\030\036\320\061\253\335\164\354\371\334\214\270\034
+\216\150\043\272\320\363\120\334\317\145\217\163\072\062\307\174
+\376\312\202\042\117\276\216\142\107\146\345\315\207\342\350\325
+\017\030\237\345\004\162\113\106\074\020\362\104\302\144\126\161
+\116\165\350\234\311\046\164\305\175\131\321\012\133\017\155\376
+\236\165\034\030\306\032\072\174\330\015\004\314\315\267\105\145
+\172\261\217\270\256\204\110\076\263\172\115\250\003\342\342\176
+\001\026\131\150\030\103\063\260\322\334\260\032\103\065\356\245
+\332\251\106\134\256\206\201\101\001\112\164\046\354\237\006\277
+\302\005\067\144\165\170\051\150\375\305\365\353\376\107\371\344
+\205\260\341\173\061\235\246\177\162\243\271\304\054\056\314\231
+\127\016\041\014\105\001\224\145\353\145\011\306\143\042\013\063
+\111\222\110\074\374\315\316\260\076\216\236\213\370\376\111\305
+\065\162\107\002\003\001\000\001\243\201\216\060\201\213\060\017
+\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060
+\035\006\003\125\035\016\004\026\004\024\252\374\221\020\033\207
+\221\137\026\271\277\117\113\221\136\000\034\261\062\200\060\016
+\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060\111
+\006\003\125\035\037\004\102\060\100\060\076\240\074\240\072\206
+\070\150\164\164\160\072\057\057\143\162\154\056\144\055\164\162
+\165\163\164\056\156\145\164\057\143\162\154\057\144\055\164\162
+\165\163\164\137\145\166\137\162\157\157\164\137\143\141\137\062
+\137\062\060\062\063\056\143\162\154\060\015\006\011\052\206\110
+\206\367\015\001\001\015\005\000\003\202\002\001\000\223\313\245
+\037\231\021\354\232\015\137\054\025\223\306\077\276\020\215\170
+\102\360\156\220\107\107\216\243\222\062\215\160\217\366\133\215
+\276\211\316\107\001\152\033\040\040\211\133\310\202\020\154\340
+\347\231\252\153\306\052\240\143\065\221\152\205\045\255\027\070
+\245\233\176\120\362\166\352\205\005\052\047\101\053\261\201\321
+\242\366\100\165\251\016\313\361\125\110\330\354\321\354\263\350
+\316\024\241\065\354\302\136\065\032\253\246\026\001\006\216\352
+\334\057\243\212\312\054\221\353\122\216\137\014\233\027\317\313
+\163\007\031\304\152\302\163\124\357\174\103\122\143\301\021\312
+\302\105\261\364\073\123\365\151\256\074\343\245\336\254\350\124
+\267\262\221\375\254\251\037\362\207\344\027\306\111\250\174\330
+\012\101\364\362\076\347\167\064\004\122\335\350\201\362\115\057
+\124\105\235\025\341\117\314\345\336\064\127\020\311\043\162\027
+\160\215\120\160\037\126\154\314\271\377\072\132\117\143\172\303
+\156\145\007\035\204\241\377\251\014\143\211\155\262\100\210\071
+\327\037\167\150\265\374\234\325\326\147\151\133\250\164\333\374
+\211\366\033\062\367\244\044\246\166\267\107\123\357\215\111\217
+\251\266\203\132\245\226\220\105\141\365\336\003\117\046\017\250
+\213\360\003\226\260\254\025\320\161\132\152\173\224\346\160\223
+\332\361\151\340\262\142\115\236\217\377\211\235\233\135\315\105
+\351\224\002\042\215\340\065\177\350\361\004\171\161\154\124\203
+\370\063\271\005\062\033\130\125\021\117\320\345\047\107\161\354
+\355\332\147\326\142\246\113\115\017\151\242\311\274\354\042\113
+\224\307\150\224\027\176\342\216\050\076\266\306\352\365\064\154
+\237\067\210\007\070\333\206\161\372\315\225\110\103\156\243\117
+\202\207\327\064\230\156\113\223\171\140\165\151\017\360\032\325
+\123\372\041\014\302\077\351\077\037\030\214\222\135\170\247\166
+\147\031\273\262\352\177\351\160\011\126\126\243\260\014\013\055
+\066\136\305\351\304\325\203\313\206\027\227\054\154\023\157\207
+\132\257\111\246\035\333\315\070\004\056\137\342\112\065\016\055
+\113\370\242\044\004\215\330\341\143\136\002\222\064\332\230\141
+\134\034\157\130\166\144\263\374\002\270\365\235\012
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
+
+# Trust for "D-TRUST EV Root CA 2 2023"
+# Issuer: CN=D-TRUST EV Root CA 2 2023,O=D-Trust GmbH,C=DE
+# Serial Number:69:26:09:7e:80:4b:4c:a0:a7:8c:78:62:53:5f:5a:6f
+# Subject: CN=D-TRUST EV Root CA 2 2023,O=D-Trust GmbH,C=DE
+# Not Valid Before: Tue May 09 09:10:33 2023
+# Not Valid After : Sun May 09 09:10:32 2038
+# Fingerprint (SHA-256): 8E:82:21:B2:E7:D4:00:78:36:A1:67:2F:0D:CC:29:9C:33:BC:07:D3:16:F1:32:FA:1A:20:6D:58:71:50:F1:CE
+# Fingerprint (SHA1): A5:5B:D8:47:6C:8F:19:F7:4C:F4:6D:6B:B6:C2:79:82:22:DF:54:8B
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "D-TRUST EV Root CA 2 2023"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\245\133\330\107\154\217\031\367\114\364\155\153\266\302\171\202
+\042\337\124\213
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\226\264\170\011\360\011\313\167\353\273\033\115\157\066\274\266
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\110\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\025\060\023\006\003\125\004\012\023\014\104\055\124\162\165\163
+\164\040\107\155\142\110\061\042\060\040\006\003\125\004\003\023
+\031\104\055\124\122\125\123\124\040\105\126\040\122\157\157\164
+\040\103\101\040\062\040\062\060\062\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\151\046\011\176\200\113\114\240\247\214\170\142\123\137
+\132\157
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE

packages/bun-usockets/src/crypto/root_certs.h

@@ -381,38 +381,6 @@ static struct us_cert_string_t root_certs[] = {
 "W8mw0FfB+j564ZfJ\n"
 "-----END CERTIFICATE-----",.len=2041},
 
-/* SwissSign Silver CA - G2 */
-{.str="-----BEGIN CERTIFICATE-----\n"
-"MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCQ0gx\n"
-"FTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWduIFNpbHZlciBDQSAt\n"
-"IEcyMB4XDTA2MTAyNTA4MzI0NloXDTM2MTAyNTA4MzI0NlowRzELMAkGA1UEBhMCQ0gxFTAT\n"
-"BgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWduIFNpbHZlciBDQSAtIEcy\n"
-"MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dO\n"
-"cbpLj6VzHVxumK4DV644N0MvFz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gREpzn5/ASLHvGi\n"
-"TSf5YXu6t+WiE7brYT7QbNHm+/pe7R20nqA1W6GSy/BJkv6FCgU+5tkL4k+73JU3/JHpMjUi\n"
-"0R86TieFnbAVlDLaYQ1HTWBCrpJH6INaUFjpiou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH\n"
-"6ATK72oxh9TAtvmUcXtnZLi2kUpCe2UuMGoM9ZDulebyzYLs2aFK7PayS+VFheZteJMELpyC\n"
-"bTapxDFkH4aDCyr0NQp4yVXPQbBH6TCfmb5hqAaEuSh6XzjZG6k4sIN/c8HDO0gqgg8hm7jM\n"
-"qDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5FZGkECwJMoBgs5PAKrYYC51+jUnyEEp/\n"
-"+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRHHTBsROopN4WSaGa8gzj+ezku01DwH/te\n"
-"YLappvonQfGbGHLy9YR0SslnxFSuSGTfjNFusB3hB48IHpmccelM2KX3RxIfdNFRnobzwqIj\n"
-"QAtz20um53MGjMGg6cFZrEb65i/4z3GcRm25xBWNOHkDRUjvxF3XCO6HOSKGsg0PWEP3calI\n"
-"Lv3q1h8CAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV\n"
-"HQ4EFgQUF6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRBtjpbO8tFnb0c\n"
-"wpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggrBgEFBQcCARYgaHR0cDovL3Jl\n"
-"cG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBAHPGgeAn0i0P4JUw\n"
-"4ppBf1AsX19iYamGamkYDHRJ1l2E6kFSGG9YrVBWIGrGvShpWJHckRE1qTodvBqlYJ7YH39F\n"
-"kWnZfrt4csEGDyrOj4VwYaygzQu4OSlWhDJOhrs9xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcS\n"
-"H9/L3XWgwF15kIwb4FDm3jH+mHtwX6WQ2K34ArZv02DdQEsixT2tOnqfGhpHkXkzuoLcMmkD\n"
-"lm4fS/Bx/uNncqCxv1yL5PqZIseEuRuNI5c/7SXgz2W79WEE790eslpBIlqhn10s6FvJbakM\n"
-"DHiqYMZWjwFaDGi8aRl5xB9+lwW/xekkUV7U1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHk\n"
-"Flt4dR2Xem1ZqSqPe97Dh4kQmUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQR\n"
-"dAtq/gsD/KNVV4n+SsuuWxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/OMpXEA29\n"
-"MC/HpeZBoNquBYeaoKRlbEwJDIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+hAhm0sQ2fac+EPyI\n"
-"4NSA5QC9qvNOBqN6avlicuMJT+ubDgEj8Z+7fNzcbBGXJbLytGMU0gYqZ4yD9c7qB9iaah7s\n"
-"5Aq7KkzrCWA5zspi2C5u\n"
-"-----END CERTIFICATE-----",.len=2045},
-
 /* SecureTrust CA */
 {.str="-----BEGIN CERTIFICATE-----\n"
 "MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBIMQswCQYD\n"
@@ -3625,4 +3593,66 @@ static struct us_cert_string_t root_certs[] = {
 "4E/0BdGF9jVg3PVys0Z9AjBEmEYagoUeYWmJSwdLZrWeqrqgHkHZAXQ6bkU6iYAZezKYVWOr\n"
 "62Nuk22rGwlgMU4=\n"
 "-----END CERTIFICATE-----",.len=800},
+
+/* D-TRUST BR Root CA 2 2023 */
+{.str="-----BEGIN CERTIFICATE-----\n"
+"MIIFqTCCA5GgAwIBAgIQczswBEhb2U14LnNLyaHcZjANBgkqhkiG9w0BAQ0FADBIMQswCQYD\n"
+"VQQGEwJERTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlELVRSVVNUIEJSIFJv\n"
+"b3QgQ0EgMiAyMDIzMB4XDTIzMDUwOTA4NTYzMVoXDTM4MDUwOTA4NTYzMFowSDELMAkGA1UE\n"
+"BhMCREUxFTATBgNVBAoTDEQtVHJ1c3QgR21iSDEiMCAGA1UEAxMZRC1UUlVTVCBCUiBSb290\n"
+"IENBIDIgMjAyMzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK7/CVmRgApKaOYk\n"
+"P7in5Mg6CjoWzckjYaCTcfKri3OPoGdlYNJUa2NRb0kz4HIHE304zQaSBylSa053bATTlfrd\n"
+"TIzZXcFhfUvnKLNEgXtRr90zsWh81k5M/itoucpmacTsXld/9w3HnDY25QdgrMBM6ghs7wZ8\n"
+"T1soegj8k12b9py0i4a6Ibn08OhZWiihNIQaJZG2tY/vsvmA+vk9PBFy2OMvhnbFeSzBqZCT\n"
+"Rphny4NqoFAjpzv2gTng7fC5v2Xx2Mt6++9zA84A9H3X4F07ZrjcjrqDy4d2A/wl2ecjbwb9\n"
+"Z/Pg/4S8R7+1FhhGaRTMBffb00msa8yr5LULQyReS2tNZ9/WtT5PeB+UcSTq3nD88ZP+npNa\n"
+"5JRal1QMNXtfbO4AHyTsA7oC9Xb0n9Sa7YUsOCIvx9gvdhFP/Wxc6PWOJ4d/GUohR5AdeY0c\n"
+"W/jPSoXk7bNbjb7EZChdQcRurDhaTyN0dKkSw/bSuREVMweR2Ds3OmMwBtHFIjYoYiMQ4EbM\n"
+"l6zWK11kJNXuHA7e+whadSr2Y23OC0K+0bpwHJwh5Q8xaRfX/Aq03u2AnMuStIv13lmiWAml\n"
+"Y0cL4UEyNEHZmrHZqLAbWt4NDfTisl01gLmB1IRpkQLLddCNxbU9CZEJjxShFHR5PtbJFR2k\n"
+"WVki3PaKRT08EtY+XTIvAgMBAAGjgY4wgYswDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU\n"
+"Z5Dw1t61GNVGKX5cq/ieCLxklRAwDgYDVR0PAQH/BAQDAgEGMEkGA1UdHwRCMEAwPqA8oDqG\n"
+"OGh0dHA6Ly9jcmwuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3RfYnJfcm9vdF9jYV8yXzIwMjMu\n"
+"Y3JsMA0GCSqGSIb3DQEBDQUAA4ICAQA097N3U9swFrktpSHxQCF16+tIFoE9c+CeJyrrd6kT\n"
+"pGoKWloUMz1oH4Guaf2Mn2VsNELZLdB/eBaxOqwjMa1ef67nriv6uvw8l5VAk1/DLQOj7aRv\n"
+"U9f6QA4w9QAgLABMjDu0ox+2v5Eyq6+SmNMW5tTRVFxDWy6u71cqqLRvpO8NVhTaIasgdp4D\n"
+"/Ca4nj8+AybmTNudX0KEPUUDAxxZiMrcLmEkWqTqJwtzEr5SswrPMhfiHocaFpVIbVrg0M8J\n"
+"kiZmkdijYQ6qgYF/6FKC0ULn4B0Y+qSFNueG4A3rvNTJ1jxD8V1Jbn6Bm2m1iWKPiFLY1/4n\n"
+"wSPFyysCu7Ff/vtDhQNGvl3GyiEm/9cCnnRK3PgTFbGBVzbLZVzRHTF36SXDw7IyN9XxmAnk\n"
+"bWOACKsGkoHU6XCPpz+y7YaMgmo1yEJagtFSGkUPFaUA8JR7ZSdXOUPPfH/mvTWze/EZTN46\n"
+"ls/pdu4D58JDUjxqgejBWoC9EV2Ta/vH5mQ/u2kc6d0li690yVRAysuTEwrt+2aSEcr1wPrY\n"
+"g1UDfNPFIkZ1cGt5SAYqgpq/5usWDiJFAbzdNpQ0qTUmiteXue4Icr80knCDgKs4qllo3UCk\n"
+"GJCy89UDyibK79XH4I9TjvAA46jtn/mtd+ArY0+ew+43u3gJhJ65bvspmZDogNOfJA==\n"
+"-----END CERTIFICATE-----",.len=2020},
+
+/* D-TRUST EV Root CA 2 2023 */
+{.str="-----BEGIN CERTIFICATE-----\n"
+"MIIFqTCCA5GgAwIBAgIQaSYJfoBLTKCnjHhiU19abzANBgkqhkiG9w0BAQ0FADBIMQswCQYD\n"
+"VQQGEwJERTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlELVRSVVNUIEVWIFJv\n"
+"b3QgQ0EgMiAyMDIzMB4XDTIzMDUwOTA5MTAzM1oXDTM4MDUwOTA5MTAzMlowSDELMAkGA1UE\n"
+"BhMCREUxFTATBgNVBAoTDEQtVHJ1c3QgR21iSDEiMCAGA1UEAxMZRC1UUlVTVCBFViBSb290\n"
+"IENBIDIgMjAyMzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANiOo4mAC7JXUtyp\n"
+"U0w3uX9jFxPvp1sjW2l1sJkKF8GLxNuo4MwxusLyzV3pt/gdr2rElYfXR8mV2IIEUD2BCP/k\n"
+"PbOx1sWy/YgJ25yE7CUXFId/MHibaljJtnMoPDT3mfd/06b4HEV8rSyMlD/YZxBTfiLNTiVR\n"
+"8CUkNRFeEMbsh2aJgWi6zCudR3Mfvc2RpHJqnKIbGKBv7FD0fUDCqDDPvXPIEysQEx6Lmqg6\n"
+"lHPTGGkKSv/BAQP/eX+1SH977ugpbzZMlWGG2Pmic4ruri+W7mjNPU0oQvlFKzIbRlUWaqZL\n"
+"Kfm7lVa/Rh3sHZMdwGWyH6FDrlaeoLGPaxK3YG14C8qKXO0elg6DpkiVjTujIcSuWMYAsoS0\n"
+"I6SWhjW42J7YrDRJmGOVxcttSEfi8i4YHtAxq9107PncjLgcjmgjutDzUNzPZY9zOjLHfP7K\n"
+"giJPvo5iR2blzYfi6NUPGJ/lBHJLRjwQ8kTCZFZxTnXonMkmdMV9WdEKWw9t/p51HBjGGjp8\n"
+"2A0EzM23RWV6sY+4roRIPrN6TagD4uJ+ARZZaBhDM7DS3LAaQzXupdqpRlyuhoFBAUp0Juyf\n"
+"Br/CBTdkdXgpaP3F9ev+R/nkhbDhezGdpn9yo7nELC7MmVcOIQxFAZRl62UJxmMiCzNJkkg8\n"
+"/M3OsD6Onov4/knFNXJHAgMBAAGjgY4wgYswDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU\n"
+"qvyREBuHkV8Wub9PS5FeAByxMoAwDgYDVR0PAQH/BAQDAgEGMEkGA1UdHwRCMEAwPqA8oDqG\n"
+"OGh0dHA6Ly9jcmwuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3RfZXZfcm9vdF9jYV8yXzIwMjMu\n"
+"Y3JsMA0GCSqGSIb3DQEBDQUAA4ICAQCTy6UfmRHsmg1fLBWTxj++EI14QvBukEdHjqOSMo1w\n"
+"j/Zbjb6JzkcBahsgIIlbyIIQbODnmaprxiqgYzWRaoUlrRc4pZt+UPJ26oUFKidBK7GB0aL2\n"
+"QHWpDsvxVUjY7NHss+jOFKE17MJeNRqrphYBBo7q3C+jisosketSjl8MmxfPy3MHGcRqwnNU\n"
+"73xDUmPBEcrCRbH0O1P1aa4846XerOhUt7KR/aypH/KH5BfGSah82ApB9PI+53c0BFLd6IHy\n"
+"TS9URZ0V4U/M5d40VxDJI3IXcI1QcB9WbMy5/zpaT2N6w25lBx2Eof+pDGOJbbJAiDnXH3do\n"
+"tfyc1dZnaVuodNv8ifYbMvekJKZ2t0dT741Jj6m2g1qllpBFYfXeA08mD6iL8AOWsKwV0HFa\n"
+"anuU5nCT2vFp4LJiTZ6P/4mdm13NRemUAiKN4DV/6PEEeXFsVIP4M7kFMhtYVRFP0OUnR3Hs\n"
+"7dpn1mKmS00PaaLJvOwiS5THaJQXfuKOKD62xur1NGyfN4gHONuGcfrNlUhDbqNPgofXNJhu\n"
+"S5N5YHVpD/Aa1VP6IQzCP+k/HxiMkl14p3ZnGbuy6n/pcAlWVqOwDAstNl7F6cTVg8uGF5cs\n"
+"bBNvh1qvSaYd2804BC5f4ko1Di1L+KIkBI3Y4WNeApI02phhXBxvWHZks/wCuPWdCg==\n"
+"-----END CERTIFICATE-----",.len=2020},
 };

packages/bun-usockets/src/eventing/epoll_kqueue.c

@@ -270,7 +270,6 @@ void us_loop_run_bun_tick(struct us_loop_t *loop, const struct timespec* timeout
 
     /* Fetch ready polls */
 #ifdef LIBUS_USE_EPOLL
-    
     loop->num_ready_polls = bun_epoll_pwait2(loop->fd, loop->ready_polls, 1024, timeout);
 #else
     do {

packages/bun-usockets/src/socket.c

@@ -22,7 +22,6 @@
 #include <string.h>
 #include <stdint.h>
 #include <errno.h>
-
 #ifndef WIN32
 #include <fcntl.h>
 #endif
@@ -175,6 +174,9 @@ struct us_socket_t *us_socket_close(int ssl, struct us_socket_t *s, int code, vo
         return (struct us_socket_t *)us_internal_ssl_socket_close((struct us_internal_ssl_socket_t *) s, code, reason);
     }
     if (!us_socket_is_closed(0, s)) {
+        /* make sure the context is alive until the callback ends */
+        us_socket_context_ref(ssl, s->context);
+
         if (s->low_prio_state == 1) {
             /* Unlink this socket from the low-priority queue */
             if (!s->prev) s->context->loop->data.low_prio_head = s->next;
@@ -186,7 +188,6 @@ struct us_socket_t *us_socket_close(int ssl, struct us_socket_t *s, int code, vo
             s->next = 0;
             s->low_prio_state = 0;
             us_socket_context_unref(ssl, s->context);
-
         } else {
             us_internal_socket_context_unlink_socket(ssl, s->context, s);
         }
@@ -207,16 +208,25 @@ struct us_socket_t *us_socket_close(int ssl, struct us_socket_t *s, int code, vo
 
         bsd_close_socket(us_poll_fd((struct us_poll_t *) s));
 
-        /* Link this socket to the close-list and let it be deleted after this iteration */
-        s->next = s->context->loop->data.closed_head;
-        s->context->loop->data.closed_head = s;
 
         /* Any socket with prev = context is marked as closed */
         s->prev = (struct us_socket_t *) s->context;
 
+        /* mark it as closed and call the callback */
+        struct us_socket_t *res = s;
         if (!(us_internal_poll_type(&s->p) & POLL_TYPE_SEMI_SOCKET)) {
-            return s->context->on_close(s, code, reason);
+            res = s->context->on_close(s, code, reason);
         }
+
+        /* Link this socket to the close-list and let it be deleted after this iteration */
+        s->next = s->context->loop->data.closed_head;
+        s->context->loop->data.closed_head = s;
+
+        /* unref the context after the callback ends */
+        us_socket_context_unref(ssl, s->context);
+
+        /* preserve the return value from on_close if its called */
+        return res;
         
     }
     return s;
@@ -503,9 +513,14 @@ void us_socket_nodelay(struct us_socket_t *s, int enabled) {
     }
 }
 
+/// Returns 0 on success. Returned error values depend on the platform.
+/// - on posix, returns `errno`
+/// - on windows, when libuv is used, returns a UV err code
+/// - on windows, LIBUS_USE_LIBUV is set, returns `WSAGetLastError()`
+/// - on windows, otherwise returns result of `WSAGetLastError`
 int us_socket_keepalive(us_socket_r s, int enabled, unsigned int delay){
     if (!us_socket_is_shut_down(0, s)) {
-        bsd_socket_keepalive(us_poll_fd((struct us_poll_t *) s), enabled, delay);
+        return bsd_socket_keepalive(us_poll_fd((struct us_poll_t *) s), enabled, delay);
     }
     return 0;
 }
@@ -544,4 +559,4 @@ void us_socket_resume(int ssl, struct us_socket_t *s) {
     }
     // we are readable and writable so we resume everything
     us_poll_change(&s->p, s->context->loop, LIBUS_SOCKET_READABLE | LIBUS_SOCKET_WRITABLE);
-  }
+  }

packages/bun-uws/src/App.h

@@ -189,6 +189,10 @@ public:
      * This function should probably be optimized a lot in future releases,
      * it could be O(1) with a hash map of fullnames and their counts. */
     unsigned int numSubscribers(std::string_view topic) {
+        if (!topicTree) {
+            return 0;
+        }
+
         Topic *t = topicTree->lookupTopic(topic);
         if (t) {
             return (unsigned int) t->size();
@@ -606,6 +610,10 @@ public:
         return std::move(*this);
     }
 
+    void setOnClose(HttpContextData<SSL>::OnSocketClosedCallback onClose) {
+        httpContext->getSocketContextData()->onSocketClosed = onClose;
+    }
+
     TemplatedApp &&run() {
         uWS::run();
         return std::move(*this);

packages/bun-uws/src/AsyncSocket.h

@@ -30,6 +30,9 @@
 #include <iostream>
 
 #include "libusockets.h"
+#include "bun-usockets/src/internal/internal.h"
+
+
 
 #include "LoopData.h"
 #include "AsyncSocketData.h"
@@ -54,28 +57,6 @@ struct AsyncSocket {
     template <typename, typename> friend struct TopicTree;
     template <bool> friend struct HttpResponse;
 
-private:
-    /* Helper, do not use directly (todo: move to uSockets or de-crazify) */
-    void throttle_helper(int toggle) {
-        /* These should be exposed by uSockets */
-        static thread_local int us_events[2] = {0, 0};
-
-        struct us_poll_t *p = (struct us_poll_t *) this;
-        struct us_loop_t *loop = us_socket_context_loop(SSL, us_socket_context(SSL, (us_socket_t *) this));
-
-        if (toggle) {
-            /* Pause */
-            int events = us_poll_events(p);
-            if (events) {
-                us_events[getBufferedAmount() ? 1 : 0] = events;
-            }
-            us_poll_change(p, loop, 0);
-        } else {
-            /* Resume */
-            int events = us_events[getBufferedAmount() ? 1 : 0];
-            us_poll_change(p, loop, events);
-        }
-    }
 
 public:
     /* Returns SSL pointer or FD as pointer */
@@ -105,13 +86,13 @@ public:
 
     /* Experimental pause */
     us_socket_t *pause() {
-        throttle_helper(1);
+        us_socket_pause(SSL, (us_socket_t *) this);
         return (us_socket_t *) this;
     }
 
     /* Experimental resume */
     us_socket_t *resume() {
-        throttle_helper(0);
+        us_socket_resume(SSL, (us_socket_t *) this);
         return (us_socket_t *) this;
     }
 

packages/bun-uws/src/HttpContext.h

@@ -115,9 +115,8 @@ private:
         us_socket_context_on_close(SSL, getSocketContext(), [](us_socket_t *s, int /*code*/, void */*reason*/) {
             ((AsyncSocket<SSL> *)s)->uncorkWithoutSending();
 
-
             /* Get socket ext */
-            HttpResponseData<SSL> *httpResponseData = (HttpResponseData<SSL> *) us_socket_ext(SSL, s);
+            auto *httpResponseData = reinterpret_cast<HttpResponseData<SSL> *>(us_socket_ext(SSL, s));
 
             /* Call filter */
             HttpContextData<SSL> *httpContextData = getSocketContextDataS(s);
@@ -130,6 +129,9 @@ private:
                 httpResponseData->onAborted((HttpResponse<SSL> *)s, httpResponseData->userData);
             }
 
+            if (httpResponseData->socketData && httpContextData->onSocketClosed) {
+                httpContextData->onSocketClosed(httpResponseData->socketData, SSL, s);
+            }
 
             /* Destruct socket ext */
             httpResponseData->~HttpResponseData<SSL>();
@@ -171,7 +173,7 @@ private:
             proxyParser = &httpResponseData->proxyParser;
 #endif
 
-            /* The return value is entirely up to us to interpret. The HttpParser only care for whether the returned value is DIFFERENT or not from passed user */
+            /* The return value is entirely up to us to interpret. The HttpParser cares only for whether the returned value is DIFFERENT from passed user */
             auto [err, returnedSocket] = httpResponseData->consumePostPadded(data, (unsigned int) length, s, proxyParser, [httpContextData](void *s, HttpRequest *httpRequest) -> void * {
                 /* For every request we reset the timeout and hang until user makes action */
                 /* Warning: if we are in shutdown state, resetting the timer is a security issue! */
@@ -182,7 +184,7 @@ private:
                 httpResponseData->offset = 0;
 
                 /* Are we not ready for another request yet? Terminate the connection.
-                 * Important for denying async pipelining until, if ever, we want to suppot it.
+                 * Important for denying async pipelining until, if ever, we want to support it.
                  * Otherwise requests can get mixed up on the same connection. We still support sync pipelining. */
                 if (httpResponseData->state & HttpResponseData<SSL>::HTTP_RESPONSE_PENDING) {
                     us_socket_close(SSL, (us_socket_t *) s, 0, nullptr);
@@ -416,7 +418,7 @@ private:
 
             /* Force close rather than gracefully shutdown and risk confusing the client with a complete download */
             AsyncSocket<SSL> *asyncSocket = (AsyncSocket<SSL> *) s;
-            // Node.js by default sclose the connection but they emit the timeout event before that
+            // Node.js by default closes the connection but they emit the timeout event before that
             HttpResponseData<SSL> *httpResponseData = (HttpResponseData<SSL> *) asyncSocket->getAsyncSocketData();
 
             if (httpResponseData->onTimeout) {

packages/bun-uws/src/HttpContextData.h

@@ -27,6 +27,7 @@ namespace uWS {
 template<bool> struct HttpResponse;
 struct HttpRequest;
 
+
 template <bool SSL>
 struct alignas(16) HttpContextData {
     template <bool> friend struct HttpContext;
@@ -34,6 +35,7 @@ struct alignas(16) HttpContextData {
     template <bool> friend struct TemplatedApp;
 private:
     std::vector<MoveOnlyFunction<void(HttpResponse<SSL> *, int)>> filterHandlers;
+    using OnSocketClosedCallback = void (*)(void* userData, int is_ssl, struct us_socket_t *rawSocket);
 
     MoveOnlyFunction<void(const char *hostname)> missingServerNameHandler;
 
@@ -51,6 +53,9 @@ private:
     bool isParsingHttp = false;
     bool rejectUnauthorized = false;
 
+    /* Used to simulate Node.js socket events. */
+    OnSocketClosedCallback onSocketClosed = nullptr;
+
     // TODO: SNI
     void clearRoutes() {
         this->router = HttpRouter<RouterData>{};

packages/bun-uws/src/HttpParser.h

@@ -239,7 +239,7 @@ namespace uWS
             }
             return unsignedIntegerValue;
         }
-        
+
         static inline uint64_t hasLess(uint64_t x, uint64_t n) {
             return (((x)-~0ULL/255*(n))&~(x)&~0ULL/255*128);
         }
@@ -283,7 +283,7 @@ namespace uWS
             }
             return false;
         }
-        
+
         static inline void *consumeFieldName(char *p) {
             /* Best case fast path (particularly useful with clang) */
             while (true) {
@@ -323,14 +323,14 @@ namespace uWS
 
             uint64_t http;
             __builtin_memcpy(&http, data, sizeof(uint64_t));
-            
+
             uint32_t first_four_bytes = http & static_cast<uint32_t>(0xFFFFFFFF);
             // check if any of the first four bytes are > non-ascii
             if ((first_four_bytes & 0x80808080) != 0) [[unlikely]] {
                 return 0;
             }
             first_four_bytes |= 0x20202020; // Lowercase the first four bytes
-            
+
             static constexpr char http_lowercase_bytes[4] = {'h', 't', 't', 'p'};
             static constexpr uint32_t http_lowercase_bytes_int = __builtin_bit_cast(uint32_t, http_lowercase_bytes);
             if (first_four_bytes == http_lowercase_bytes_int) [[likely]] {
@@ -343,7 +343,7 @@ namespace uWS
 
                 static constexpr char S_colon_slash_slash[4] = {'S', ':', '/', '/'};
                 static constexpr uint32_t S_colon_slash_slash_int = __builtin_bit_cast(uint32_t, S_colon_slash_slash);
-              
+
                 // Extract the last four bytes from the uint64_t
                 const uint32_t last_four_bytes = (http >> 32) & static_cast<uint32_t>(0xFFFFFFFF);
                 return (last_four_bytes == s_colon_slash_slash_int) || (last_four_bytes == S_colon_slash_slash_int);
@@ -361,7 +361,7 @@ namespace uWS
             if (&data[1] == end) [[unlikely]] {
                 return nullptr;
             }
-            
+
             if (data[0] == 32 && (__builtin_expect(data[1] == '/', 1) || isHTTPorHTTPSPrefixForProxies(data + 1, end) == 1)) [[likely]] {
                 header.key = {start, (size_t) (data - start)};
                 data++;
@@ -536,7 +536,7 @@ namespace uWS
                     while (headers->value.length() && headers->value.front() < 33) {
                         headers->value.remove_prefix(1);
                     }
-                    
+
                     headers++;
 
                     /* We definitely have at least one header (or request line), so check if we are done */
@@ -598,7 +598,7 @@ namespace uWS
             for (HttpRequest::Header *h = req->headers; (++h)->key.length(); ) {
                 req->bf.add(h->key);
             }
-            
+
             /* Break if no host header (but we can have empty string which is different from nullptr) */
             if (!req->getHeader("host").data()) {
                 return {HTTP_ERROR_400_BAD_REQUEST, FULLPTR};
@@ -611,11 +611,12 @@ namespace uWS
             * ought to be handled as an error. */
             std::string_view transferEncodingString = req->getHeader("transfer-encoding");
             std::string_view contentLengthString = req->getHeader("content-length");
+
             auto transferEncodingStringLen = transferEncodingString.length();
             auto contentLengthStringLen = contentLengthString.length();
             if (transferEncodingStringLen && contentLengthStringLen) {
                 /* Returning fullptr is the same as calling the errorHandler */
-                /* We could be smart and set an error in the context along with this, to indicate what 
+                /* We could be smart and set an error in the context along with this, to indicate what
                  * http error response we might want to return */
                 return {HTTP_ERROR_400_BAD_REQUEST, FULLPTR};
             }
@@ -623,7 +624,7 @@ namespace uWS
             /* Parse query */
             const char *querySeparatorPtr = (const char *) memchr(req->headers->value.data(), '?', req->headers->value.length());
             req->querySeparator = (unsigned int) ((querySeparatorPtr ? querySeparatorPtr : req->headers->value.data() + req->headers->value.length()) - req->headers->value.data());
-            
+
             // lets check if content len is valid before calling requestHandler
             if(contentLengthStringLen) {
                 remainingStreamingBytes = toUnsignedInteger(contentLengthString);
@@ -633,6 +634,14 @@ namespace uWS
                 }
             }
 
+            // lets check if content len is valid before calling requestHandler
+            if(contentLengthStringLen) {
+                remainingStreamingBytes = toUnsignedInteger(contentLengthString);
+                if (remainingStreamingBytes == UINT64_MAX) {
+                    /* Parser error */
+                    return {HTTP_ERROR_400_BAD_REQUEST, FULLPTR};
+                }
+            }
             /* If returned socket is not what we put in we need
              * to break here as we either have upgraded to
              * WebSockets or otherwise closed the socket. */
@@ -654,7 +663,7 @@ namespace uWS
             if (transferEncodingStringLen) {
 
                 /* If a proxy sent us the transfer-encoding header that 100% means it must be chunked or else the proxy is
-                 * not RFC 9112 compliant. Therefore it is always better to assume this is the case, since that entirely eliminates 
+                 * not RFC 9112 compliant. Therefore it is always better to assume this is the case, since that entirely eliminates
                  * all forms of transfer-encoding obfuscation tricks. We just rely on the header. */
 
                 /* RFC 9112 6.3
@@ -683,7 +692,6 @@ namespace uWS
                     consumedTotal += consumed;
                 }
             } else if (contentLengthStringLen) {
-              
                 if constexpr (!ConsumeMinimally) {
                     unsigned int emittable = (unsigned int) std::min<uint64_t>(remainingStreamingBytes, length);
                     dataHandler(user, std::string_view(data, emittable), emittable == remainingStreamingBytes);

packages/bun-uws/src/HttpResponse.h

@@ -81,8 +81,12 @@ public:
 
     /* Called only once per request */
     void writeMark() {
+        if (getHttpResponseData()->state & HttpResponseData<SSL>::HTTP_WROTE_DATE_HEADER) {
+            return;
+        }
         /* Date is always written */
         writeHeader("Date", std::string_view(((LoopData *) us_loop_ext(us_socket_context_loop(SSL, (us_socket_context(SSL, (us_socket_t *) this)))))->date, 29));
+        getHttpResponseData()->state |= HttpResponseData<SSL>::HTTP_WROTE_DATE_HEADER;
     }
 
     /* Returns true on success, indicating that it might be feasible to write more data.
@@ -113,7 +117,8 @@ public:
             httpResponseData->state |= HttpResponseData<SSL>::HTTP_CONNECTION_CLOSE;
         }
 
-        if (httpResponseData->state & HttpResponseData<SSL>::HTTP_WRITE_CALLED) {
+        /* if write was called and there was previously no Content-Length header set */
+        if (httpResponseData->state & HttpResponseData<SSL>::HTTP_WRITE_CALLED && !(httpResponseData->state & HttpResponseData<SSL>::HTTP_WROTE_CONTENT_LENGTH_HEADER)) {
 
             /* We do not have tryWrite-like functionalities, so ignore optional in this path */
 
@@ -145,6 +150,8 @@ public:
                         }
                     }
                 }
+            } else {
+                this->uncork();
             }
 
             /* tryEnd can never fail when in chunked mode, since we do not have tryWrite (yet), only write */
@@ -152,7 +159,7 @@ public:
             return true;
         } else {
             /* Write content-length on first call */
-            if (!(httpResponseData->state & HttpResponseData<SSL>::HTTP_END_CALLED)) {
+            if (!(httpResponseData->state & (HttpResponseData<SSL>::HTTP_END_CALLED))) {
                 /* Write mark, this propagates to WebSockets too */
                 writeMark();
 
@@ -162,7 +169,8 @@ public:
                     Super::write("Content-Length: ", 16);
                     writeUnsigned64(totalSize);
                     Super::write("\r\n\r\n", 4);
-                } else {
+                    httpResponseData->state |= HttpResponseData<SSL>::HTTP_WROTE_CONTENT_LENGTH_HEADER;
+                } else if (!(httpResponseData->state & (HttpResponseData<SSL>::HTTP_WRITE_CALLED))) {
                     Super::write("\r\n", 2);
                 }
 
@@ -207,6 +215,8 @@ public:
                             }
                         }
                     }
+                }  else {
+                    this->uncork();
                 }
             }
 
@@ -231,7 +241,7 @@ public:
     /* Manually upgrade to WebSocket. Typically called in upgrade handler. Immediately calls open handler.
      * NOTE: Will invalidate 'this' as socket might change location in memory. Throw away after use. */
     template <typename UserData>
-    void upgrade(UserData &&userData, std::string_view secWebSocketKey, std::string_view secWebSocketProtocol,
+    us_socket_t *upgrade(UserData &&userData, std::string_view secWebSocketKey, std::string_view secWebSocketProtocol,
             std::string_view secWebSocketExtensions,
             struct us_socket_context_t *webSocketContext) {
 
@@ -313,8 +323,8 @@ public:
         bool wasCorked = Super::isCorked();
 
         /* Adopting a socket invalidates it, do not rely on it directly to carry any data */
-        WebSocket<SSL, true, UserData> *webSocket = (WebSocket<SSL, true, UserData> *) us_socket_context_adopt_socket(SSL,
-                    (us_socket_context_t *) webSocketContext, (us_socket_t *) this, sizeof(WebSocketData) + sizeof(UserData));
+        us_socket_t *usSocket = us_socket_context_adopt_socket(SSL, (us_socket_context_t *) webSocketContext, (us_socket_t *) this, sizeof(WebSocketData) + sizeof(UserData));
+        WebSocket<SSL, true, UserData> *webSocket = (WebSocket<SSL, true, UserData> *) usSocket;
 
         /* For whatever reason we were corked, update cork to the new socket */
         if (wasCorked) {
@@ -344,6 +354,8 @@ public:
         if (webSocketContextData->openHandler) {
             webSocketContextData->openHandler(webSocket);
         }
+
+        return usSocket;
     }
 
     /* Immediately terminate this Http response */
@@ -427,7 +439,7 @@ public:
 
     /* End the response with an optional data chunk. Always starts a timeout. */
     void end(std::string_view data = {}, bool closeConnection = false) {
-        internalEnd(data, data.length(), false, true, closeConnection);
+        internalEnd(data, data.length(), false, !(this->getHttpResponseData()->state & HttpResponseData<SSL>::HTTP_WROTE_CONTENT_LENGTH_HEADER), closeConnection);
     }
 
     /* Try and end the response. Returns [true, true] on success.
@@ -441,12 +453,12 @@ public:
     bool sendTerminatingChunk(bool closeConnection = false) {
         writeStatus(HTTP_200_OK);
         HttpResponseData<SSL> *httpResponseData = getHttpResponseData();
-        if (!(httpResponseData->state & HttpResponseData<SSL>::HTTP_WRITE_CALLED)) {
+        if (!(httpResponseData->state & (HttpResponseData<SSL>::HTTP_WRITE_CALLED | HttpResponseData<SSL>::HTTP_WROTE_CONTENT_LENGTH_HEADER))) {
             /* Write mark on first call to write */
             writeMark();
 
             writeHeader("Transfer-Encoding", "chunked");
-            httpResponseData->state |= HttpResponseData<SSL>::HTTP_WRITE_CALLED; 
+            httpResponseData->state |= HttpResponseData<SSL>::HTTP_WRITE_CALLED;
         }
 
         /* This will be sent always when state is HTTP_WRITE_CALLED inside internalEnd, so no need to write the terminating 0 chunk here */
@@ -456,33 +468,46 @@ public:
     }
 
     /* Write parts of the response in chunking fashion. Starts timeout if failed. */
-    bool write(std::string_view data) {
+    bool write(std::string_view data, size_t *writtenPtr = nullptr) {
         writeStatus(HTTP_200_OK);
 
         /* Do not allow sending 0 chunks, they mark end of response */
         if (data.empty()) {
+            if (writtenPtr) {
+                *writtenPtr = 0;
+            }
             /* If you called us, then according to you it was fine to call us so it's fine to still call us */
             return true;
         }
 
         HttpResponseData<SSL> *httpResponseData = getHttpResponseData();
 
-        if (!(httpResponseData->state & HttpResponseData<SSL>::HTTP_WRITE_CALLED)) {
-            /* Write mark on first call to write */
-            writeMark();
+        if (!(httpResponseData->state & HttpResponseData<SSL>::HTTP_WROTE_CONTENT_LENGTH_HEADER)) {
+            if (!(httpResponseData->state & HttpResponseData<SSL>::HTTP_WRITE_CALLED)) {
+                /* Write mark on first call to write */
+                writeMark();
 
-            writeHeader("Transfer-Encoding", "chunked");
+                writeHeader("Transfer-Encoding", "chunked");
+                httpResponseData->state |= HttpResponseData<SSL>::HTTP_WRITE_CALLED;
+            }
+
+            Super::write("\r\n", 2);
+            writeUnsignedHex((unsigned int) data.length());
+            Super::write("\r\n", 2);
+        } else if (!(httpResponseData->state & HttpResponseData<SSL>::HTTP_WRITE_CALLED)) {
+            writeMark();
+            Super::write("\r\n", 2);
             httpResponseData->state |= HttpResponseData<SSL>::HTTP_WRITE_CALLED;
         }
 
-        Super::write("\r\n", 2);
-        writeUnsignedHex((unsigned int) data.length());
-        Super::write("\r\n", 2);
-
         auto [written, failed] = Super::write(data.data(), (int) data.length());
         /* Reset timeout on each sended chunk */
         this->resetTimeout();
 
+        if (writtenPtr) {
+            *writtenPtr = written;
+        }
+
         /* If we did not fail the write, accept more */
         return !failed;
     }
@@ -515,7 +540,7 @@ public:
             Super::cork();
             handler();
 
-            /* The only way we could possibly have changed the corked socket during handler call, would be if 
+            /* The only way we could possibly have changed the corked socket during handler call, would be if
              * the HTTP socket was upgraded to WebSocket and caused a realloc. Because of this we cannot use "this"
              * from here downwards. The corking is done with corkUnchecked() in upgrade. It steals cork. */
             auto *newCorkedSocket = loopData->getCorkedSocket();
@@ -582,7 +607,7 @@ public:
     /* Attach handler for aborted HTTP request */
     HttpResponse *onAborted(void* userData,  HttpResponseData<SSL>::OnAbortedCallback handler) {
         HttpResponseData<SSL> *httpResponseData = getHttpResponseData();
-        
+
         httpResponseData->userData = userData;
         httpResponseData->onAborted = handler;
         return this;
@@ -590,7 +615,7 @@ public:
 
     HttpResponse *onTimeout(void* userData,  HttpResponseData<SSL>::OnTimeoutCallback handler) {
         HttpResponseData<SSL> *httpResponseData = getHttpResponseData();
-        
+
         httpResponseData->userData = userData;
         httpResponseData->onTimeout = handler;
         return this;
@@ -620,7 +645,7 @@ public:
         return this;
     }
     /* Attach a read handler for data sent. Will be called with FIN set true if last segment. */
-    void onData(void* userData, HttpResponseData<SSL>::OnDataCallback handler) { 
+    void onData(void* userData, HttpResponseData<SSL>::OnDataCallback handler) {
         HttpResponseData<SSL> *data = getHttpResponseData();
         data->userData = userData;
         data->inStream = handler;
@@ -629,6 +654,17 @@ public:
         data->received_bytes_per_timeout = 0;
     }
 
+    void* getSocketData() {
+        HttpResponseData<SSL> *httpResponseData = getHttpResponseData();
+
+        return httpResponseData->socketData;
+    }
+
+    void setSocketData(void* socketData) {
+        HttpResponseData<SSL> *httpResponseData = getHttpResponseData();
+
+        httpResponseData->socketData = socketData;
+    }
 
     void setWriteOffset(uint64_t offset) {
         HttpResponseData<SSL> *httpResponseData = getHttpResponseData();

packages/bun-uws/src/HttpResponseData.h

@@ -77,11 +77,14 @@ struct HttpResponseData : AsyncSocketData<SSL>, HttpParser {
         HTTP_WRITE_CALLED = 2, // used
         HTTP_END_CALLED = 4, // used
         HTTP_RESPONSE_PENDING = 8, // used
-        HTTP_CONNECTION_CLOSE = 16 // used
+        HTTP_CONNECTION_CLOSE = 16, // used
+        HTTP_WROTE_CONTENT_LENGTH_HEADER = 32, // used
+        HTTP_WROTE_DATE_HEADER = 64, // used
     };
 
     /* Shared context pointer */
     void* userData = nullptr;
+    void* socketData = nullptr;
 
     /* Per socket event handlers */
     OnWritableCallback onWritable = nullptr;

packages/bun-uws/src/Loop.h

@@ -24,6 +24,7 @@
 #include "LoopData.h"
 #include <libusockets.h>
 #include <iostream>
+#include "AsyncSocket.h"
 
 extern "C" int bun_is_exiting();
 
@@ -52,6 +53,15 @@ private:
         for (auto &p : loopData->preHandlers) {
             p.second((Loop *) loop);
         }
+
+        void *corkedSocket = loopData->getCorkedSocket();
+        if (corkedSocket) {
+            if (loopData->isCorkedSSL()) {
+                ((uWS::AsyncSocket<true> *) corkedSocket)->uncork();
+            } else {
+                ((uWS::AsyncSocket<false> *) corkedSocket)->uncork();
+            }
+        }
     }
 
     static void postCb(us_loop_t *loop) {
@@ -148,6 +158,10 @@ public:
         getLazyLoop().loop = nullptr;
     }
 
+    static LoopData* data(struct us_loop_t *loop) {
+        return (LoopData *) us_loop_ext(loop);
+    }
+
     void addPostHandler(void *key, MoveOnlyFunction<void(Loop *)> &&handler) {
         LoopData *loopData = (LoopData *) us_loop_ext((us_loop_t *) this);
 

packages/bun-uws/src/LoopData.h

@@ -63,6 +63,7 @@ public:
         }
         delete [] corkBuffer;
     }
+
     void* getCorkedSocket() {
         return this->corkedSocket;
     }

packages/bun-vscode/example/example.test.ts

@@ -28,4 +28,9 @@ describe("example", () => {
       };
     }).toThrow();
   });
+
+  test("can run with special chars :)", () => {
+    // if this test runs, it's a success.
+    // a failure is if it's either skipped or fails the runner
+  })
 });

packages/bun-vscode/src/features/tests/index.ts

@@ -171,11 +171,12 @@ export function registerTestRunner(context: vscode.ExtensionContext) {
       }
 
       if (testName && testName.length) {
+        const escapedTestName = escapeRegex(testName);
         if (customScriptSetting.length) {
           // escape the quotes in the test name
-          command += ` -t "${testName}"`;
+          command += ` -t "${escapedTestName}"`;
         } else {
-          command += ` -t "${testName}"`;
+          command += ` -t "${escapedTestName}"`;
         }
       }
 
@@ -202,3 +203,14 @@ export function registerTestRunner(context: vscode.ExtensionContext) {
   context.subscriptions.push(runTestCommand);
   context.subscriptions.push(watchTestCommand);
 }
+
+
+/**
+ * Escape any special characters in the input string, so that regex-matching on it
+ * will work as expected.
+ * i.e `new RegExp(escapeRegex("hi (:").test("hi (:")` will return true, instead of throwing
+ * an invalid regex error.
+ */
+function escapeRegex(source: string) {
+  return source.replaceAll(/[^a-zA-Z0-9_+\-'"\ ]/g, "\\$&");
+}

scripts/bootstrap.sh

@@ -1,5 +1,5 @@
 #!/bin/sh
-# Version: 9
+# Version: 10
 
 # A script that installs the dependencies needed to build and test Bun.
 # This should work on macOS and Linux with a POSIX shell.
@@ -919,10 +919,7 @@ install_llvm() {
 			"llvm$(llvm_version)" \
 			"clang$(llvm_version)" \
 			"scudo-malloc" \
-			--repository "http://dl-cdn.alpinelinux.org/alpine/edge/main"
-		install_packages \
-			"lld$(llvm_version)" \
-			--repository "http://dl-cdn.alpinelinux.org/alpine/edge/community"
+			"lld$(llvm_version)"
 		;;
 	esac
 }
@@ -1132,6 +1129,35 @@ install_tailscale() {
 	esac
 }
 
+install_fuse_python() {
+	# only linux needs this
+	case "$pm" in
+	apk)
+		# Build and install from source (https://github.com/libfuse/python-fuse/blob/master/INSTALL)
+		install_packages \
+			python3-dev \
+			fuse-dev \
+			pkgconf \
+			py3-setuptools
+		python_fuse_version="1.0.9"
+		python_fuse_tarball=$(download_file "https://github.com/libfuse/python-fuse/archive/refs/tags/v$python_fuse_version.tar.gz")
+		python_fuse_tmpdir="$(dirname "$python_fuse_tarball")"
+		execute tar -xzf "$python_fuse_tarball" -C "$python_fuse_tmpdir"
+		execute sh -c "cd '$python_fuse_tmpdir/python-fuse-$python_fuse_version' && python setup.py build"
+		execute_sudo sh -c "cd '$python_fuse_tmpdir/python-fuse-$python_fuse_version' && python setup.py install"
+
+		# For Alpine we also need to make sure the kernel module is automatically loaded
+		execute_sudo sh -c "echo fuse >> /etc/modules-load.d/fuse.conf"
+
+		# Check that it was actually installed
+		execute python -c 'import fuse'
+		;;
+	apt | dnf | yum)
+		install_packages python3-fuse
+		;;
+	esac
+}
+
 create_buildkite_user() {
 	if ! [ "$ci" = "1" ] || ! [ "$os" = "linux" ]; then
 		return
@@ -1323,6 +1349,7 @@ main() {
 	install_common_software
 	install_build_essentials
 	install_chromium
+	install_fuse_python
 	clean_system
 }
 

scripts/runner.node.mjs

@@ -191,7 +191,8 @@ async function runTests() {
         break;
       }
 
-      const color = attempt >= maxAttempts ? "red" : "yellow";
+      const neverFail = title.startsWith("vendor/");
+      const color = attempt >= maxAttempts && !neverFail ? "red" : "yellow";
       const label = `${getAnsi(color)}[${index}/${total}] ${title} - ${error}${getAnsi("reset")}`;
       startGroup(label, () => {
         process.stderr.write(stdoutPreview);
@@ -201,7 +202,7 @@ async function runTests() {
       flaky ||= true;
 
       if (attempt >= maxAttempts || isAlwaysFailure(error)) {
-        flaky = false;
+        if (!neverFail) flaky = false;
         failedResults.push(failure);
       }
     }
@@ -256,13 +257,15 @@ async function runTests() {
     for (const testPath of tests) {
       const absoluteTestPath = join(testsPath, testPath);
       const title = relative(cwd, absoluteTestPath).replaceAll(sep, "/");
-      if (isNodeParallelTest(testPath)) {
-        const runWithBunTest = title.includes("needs-test") || readFileSync(absoluteTestPath, "utf-8").includes('bun:test');
+      if (isNodeTest(testPath)) {
+        const testContent = readFileSync(absoluteTestPath, "utf-8");
+        const runWithBunTest =
+          title.includes("needs-test") || testContent.includes("bun:test") || testContent.includes("node:test");
         const subcommand = runWithBunTest ? "test" : "run";
         await runTest(title, async () => {
           const { ok, error, stdout } = await spawnBun(execPath, {
             cwd: cwd,
-            args: [subcommand, "--config=./bunfig.node-test.toml", absoluteTestPath],
+            args: [subcommand, "--config=" + join(import.meta.dirname, "../bunfig.node-test.toml"), absoluteTestPath],
             timeout: getNodeParallelTestTimeout(title),
             env: {
               FORCE_COLOR: "0",
@@ -870,11 +873,26 @@ function isJavaScriptTest(path) {
 }
 
 /**
- * @param {string} testPath
+ * @param {string} path
  * @returns {boolean}
  */
-function isNodeParallelTest(testPath) {
-  return testPath.replaceAll(sep, "/").includes("js/node/test/parallel/");
+function isNodeTest(path) {
+  // Do not run node tests on macOS x64 in CI
+  // TODO: Unclear why we decided to do this?
+  if (isCI && isMacOS && isX64) {
+    return false;
+  }
+  const unixPath = path.replaceAll(sep, "/");
+  return unixPath.includes("js/node/test/parallel/") || unixPath.includes("js/node/test/sequential/");
+}
+
+/**
+ * @param {string} path
+ * @returns {boolean}
+ */
+function isClusterTest(path) {
+  const unixPath = path.replaceAll(sep, "/");
+  return unixPath.includes("js/node/cluster/test-") && unixPath.endsWith(".ts");
 }
 
 /**
@@ -882,20 +900,17 @@ function isNodeParallelTest(testPath) {
  * @returns {boolean}
  */
 function isTest(path) {
-  if (isNodeParallelTest(path) && targetDoesRunNodeTests()) return true;
-  if (path.replaceAll(sep, "/").startsWith("js/node/cluster/test-") && path.endsWith(".ts")) return true;
-  return isTestStrict(path);
+  return isNodeTest(path) || isClusterTest(path) ? true : isTestStrict(path);
 }
 
+/**
+ * @param {string} path
+ * @returns {boolean}
+ */
 function isTestStrict(path) {
   return isJavaScript(path) && /\.test|spec\./.test(basename(path));
 }
 
-function targetDoesRunNodeTests() {
-  if (isMacOS && isX64) return false;
-  return true;
-}
-
 /**
  * @param {string} path
  * @returns {boolean}

src/StandaloneModuleGraph.zig

@@ -466,11 +466,7 @@ pub const StandaloneModuleGraph = struct {
         return output_bytes;
     }
 
-    const page_size = if (Environment.isLinux and Environment.isAarch64)
-        // some linux distros do 64 KB pages on aarch64
-        64 * 1024
-    else
-        std.mem.page_size;
+    const page_size = std.heap.page_size_max;
 
     pub const InjectOptions = struct {
         windows_hide_console: bool = false,

src/allocators/AllocationScope.zig

@@ -74,16 +74,17 @@ pub fn allocator(scope: *AllocationScope) Allocator {
 const vtable: Allocator.VTable = .{
     .alloc = alloc,
     .resize = resize,
+    .remap = remap,
     .free = free,
 };
 
-fn alloc(ctx: *anyopaque, len: usize, ptr_align: u8, ret_addr: usize) ?[*]u8 {
+fn alloc(ctx: *anyopaque, len: usize, alignment: std.mem.Alignment, ret_addr: usize) ?[*]u8 {
     const scope: *AllocationScope = @ptrCast(@alignCast(ctx));
     scope.state.mutex.lock();
     defer scope.state.mutex.unlock();
     scope.state.allocations.ensureUnusedCapacity(scope.parent, 1) catch
         return null;
-    const result = scope.parent.vtable.alloc(scope.parent.ptr, len, ptr_align, ret_addr) orelse
+    const result = scope.parent.vtable.alloc(scope.parent.ptr, len, alignment, ret_addr) orelse
         return null;
     const trace = StoredTrace.capture(ret_addr);
     scope.state.allocations.putAssumeCapacityNoClobber(result, .{
@@ -94,12 +95,17 @@ fn alloc(ctx: *anyopaque, len: usize, ptr_align: u8, ret_addr: usize) ?[*]u8 {
     return result;
 }
 
-fn resize(ctx: *anyopaque, buf: []u8, buf_align: u8, new_len: usize, ret_addr: usize) bool {
+fn resize(ctx: *anyopaque, buf: []u8, alignment: std.mem.Alignment, new_len: usize, ret_addr: usize) bool {
     const scope: *AllocationScope = @ptrCast(@alignCast(ctx));
-    return scope.parent.vtable.resize(scope.parent.ptr, buf, buf_align, new_len, ret_addr);
+    return scope.parent.vtable.resize(scope.parent.ptr, buf, alignment, new_len, ret_addr);
 }
 
-fn free(ctx: *anyopaque, buf: []u8, buf_align: u8, ret_addr: usize) void {
+fn remap(ctx: *anyopaque, buf: []u8, alignment: std.mem.Alignment, new_len: usize, ret_addr: usize) ?[*]u8 {
+    const scope: *AllocationScope = @ptrCast(@alignCast(ctx));
+    return scope.parent.vtable.remap(scope.parent.ptr, buf, alignment, new_len, ret_addr);
+}
+
+fn free(ctx: *anyopaque, buf: []u8, alignment: std.mem.Alignment, ret_addr: usize) void {
     const scope: *AllocationScope = @ptrCast(@alignCast(ctx));
     scope.state.mutex.lock();
     defer scope.state.mutex.unlock();
@@ -137,7 +143,7 @@ fn free(ctx: *anyopaque, buf: []u8, buf_align: u8, ret_addr: usize) void {
         // sanitizer does not catch the invalid free.
     }
 
-    scope.parent.vtable.free(scope.parent.ptr, buf, buf_align, ret_addr);
+    scope.parent.vtable.free(scope.parent.ptr, buf, alignment, ret_addr);
 
     // If asan did not catch the free, panic now.
     if (invalid) @panic("Invalid free");

src/allocators/NullableAllocator.zig

@@ -33,7 +33,7 @@ pub fn free(this: *const NullableAllocator, bytes: []const u8) void {
     if (this.get()) |allocator| {
         if (bun.String.isWTFAllocator(allocator)) {
             // workaround for https://github.com/ziglang/zig/issues/4298
-            bun.String.StringImplAllocator.free(allocator.ptr, @constCast(bytes), 0, 0);
+            bun.String.StringImplAllocator.free(allocator.ptr, @constCast(bytes), .fromByteUnits(1), 0);
             return;
         }
 

src/allocators/linux_memfd_allocator.zig

@@ -62,19 +62,15 @@ pub const LinuxMemFdAllocator = struct {
     }
 
     const AllocatorInterface = struct {
-        fn alloc(_: *anyopaque, _: usize, _: u8, _: usize) ?[*]u8 {
+        fn alloc(_: *anyopaque, _: usize, _: std.mem.Alignment, _: usize) ?[*]u8 {
             // it should perform no allocations or resizes
             return null;
         }
 
-        fn resize(_: *anyopaque, _: []u8, _: u8, _: usize, _: usize) bool {
-            return false;
-        }
-
         fn free(
             ptr: *anyopaque,
             buf: []u8,
-            _: u8,
+            _: std.mem.Alignment,
             _: usize,
         ) void {
             var this: *LinuxMemFdAllocator = @alignCast(@ptrCast(ptr));
@@ -86,7 +82,8 @@ pub const LinuxMemFdAllocator = struct {
 
         pub const VTable = &std.mem.Allocator.VTable{
             .alloc = &AllocatorInterface.alloc,
-            .resize = &resize,
+            .resize = &std.mem.Allocator.noResize,
+            .remap = &std.mem.Allocator.noRemap,
             .free = &free,
         };
     };
@@ -95,7 +92,7 @@ pub const LinuxMemFdAllocator = struct {
         var size = len;
 
         // size rounded up to nearest page
-        size += (size + std.mem.page_size - 1) & std.mem.page_size;
+        size = std.mem.alignForward(usize, size, std.heap.pageSize());
 
         var flags_mut = flags;
         flags_mut.TYPE = .SHARED;

src/allocators/max_heap_allocator.zig

@@ -4,9 +4,10 @@ const std = @import("std");
 /// Single allocation only.
 ///
 pub const MaxHeapAllocator = struct {
-    array_list: std.ArrayList(u8),
+    array_list: std.ArrayListAligned(u8, @alignOf(std.c.max_align_t)),
 
-    fn alloc(ptr: *anyopaque, len: usize, _: u8, _: usize) ?[*]u8 {
+    fn alloc(ptr: *anyopaque, len: usize, alignment: std.mem.Alignment, _: usize) ?[*]u8 {
+        bun.assert(alignment.toByteUnits() <= @alignOf(std.c.max_align_t));
         var this = bun.cast(*MaxHeapAllocator, ptr);
         this.array_list.items.len = 0;
         this.array_list.ensureTotalCapacity(len) catch return null;
@@ -14,7 +15,7 @@ pub const MaxHeapAllocator = struct {
         return this.array_list.items.ptr;
     }
 
-    fn resize(_: *anyopaque, buf: []u8, _: u8, new_len: usize, _: usize) bool {
+    fn resize(_: *anyopaque, buf: []u8, _: std.mem.Alignment, new_len: usize, _: usize) bool {
         _ = new_len;
         _ = buf;
         @panic("not implemented");
@@ -23,7 +24,7 @@ pub const MaxHeapAllocator = struct {
     fn free(
         _: *anyopaque,
         _: []u8,
-        _: u8,
+        _: std.mem.Alignment,
         _: usize,
     ) void {}
 
@@ -39,9 +40,10 @@ pub const MaxHeapAllocator = struct {
         .alloc = &alloc,
         .free = &free,
         .resize = &resize,
+        .remap = &std.mem.Allocator.noRemap,
     };
     pub fn init(this: *MaxHeapAllocator, allocator: std.mem.Allocator) std.mem.Allocator {
-        this.array_list = std.ArrayList(u8).init(allocator);
+        this.array_list = .init(allocator);
 
         return std.mem.Allocator{
             .ptr = this,

src/allocators/memory_allocator.zig

@@ -12,7 +12,7 @@ const Environment = @import("../env.zig");
 fn mimalloc_free(
     _: *anyopaque,
     buf: []u8,
-    buf_align: u8,
+    alignment: mem.Alignment,
     _: usize,
 ) void {
     if (comptime Environment.enable_logs)
@@ -23,8 +23,8 @@ fn mimalloc_free(
     // let's only enable it in debug mode
     if (comptime Environment.isDebug) {
         assert(mimalloc.mi_is_in_heap_region(buf.ptr));
-        if (mimalloc.canUseAlignedAlloc(buf.len, buf_align))
-            mimalloc.mi_free_size_aligned(buf.ptr, buf.len, buf_align)
+        if (mimalloc.canUseAlignedAlloc(buf.len, alignment.toByteUnits()))
+            mimalloc.mi_free_size_aligned(buf.ptr, buf.len, alignment.toByteUnits())
         else
             mimalloc.mi_free_size(buf.ptr, buf.len);
     } else {
@@ -35,12 +35,12 @@ fn mimalloc_free(
 const CAllocator = struct {
     pub const supports_posix_memalign = true;
 
-    fn alignedAlloc(len: usize, alignment: usize) ?[*]u8 {
+    fn alignedAlloc(len: usize, alignment: mem.Alignment) ?[*]u8 {
         if (comptime Environment.enable_logs)
-            log("mi_alloc({d}, {d})", .{ len, alignment });
+            log("mi_alloc({d}, {d})", .{ len, alignment.toByteUnits() });
 
-        const ptr: ?*anyopaque = if (mimalloc.canUseAlignedAlloc(len, alignment))
-            mimalloc.mi_malloc_aligned(len, alignment)
+        const ptr: ?*anyopaque = if (mimalloc.canUseAlignedAlloc(len, alignment.toByteUnits()))
+            mimalloc.mi_malloc_aligned(len, alignment.toByteUnits())
         else
             mimalloc.mi_malloc(len);
 
@@ -60,16 +60,11 @@ const CAllocator = struct {
         return mimalloc.mi_malloc_size(ptr);
     }
 
-    fn alloc(_: *anyopaque, len: usize, log2_align: u8, _: usize) ?[*]u8 {
-        if (comptime FeatureFlags.alignment_tweak) {
-            return alignedAlloc(len, log2_align);
-        }
-
-        const alignment = @as(usize, 1) << @as(Allocator.Log2Align, @intCast(log2_align));
+    fn alloc(_: *anyopaque, len: usize, alignment: mem.Alignment, _: usize) ?[*]u8 {
         return alignedAlloc(len, alignment);
     }
 
-    fn resize(_: *anyopaque, buf: []u8, _: u8, new_len: usize, _: usize) bool {
+    fn resize(_: *anyopaque, buf: []u8, _: mem.Alignment, new_len: usize, _: usize) bool {
         if (new_len <= buf.len) {
             return true;
         }
@@ -93,17 +88,18 @@ pub const c_allocator = Allocator{
 const c_allocator_vtable = &Allocator.VTable{
     .alloc = &CAllocator.alloc,
     .resize = &CAllocator.resize,
+    .remap = &std.mem.Allocator.noRemap,
     .free = &CAllocator.free,
 };
 
 const ZAllocator = struct {
     pub const supports_posix_memalign = true;
 
-    fn alignedAlloc(len: usize, alignment: usize) ?[*]u8 {
+    fn alignedAlloc(len: usize, alignment: mem.Alignment) ?[*]u8 {
         log("ZAllocator.alignedAlloc: {d}\n", .{len});
 
-        const ptr = if (mimalloc.canUseAlignedAlloc(len, alignment))
-            mimalloc.mi_zalloc_aligned(len, alignment)
+        const ptr = if (mimalloc.canUseAlignedAlloc(len, alignment.toByteUnits()))
+            mimalloc.mi_zalloc_aligned(len, alignment.toByteUnits())
         else
             mimalloc.mi_zalloc(len);
 
@@ -123,11 +119,11 @@ const ZAllocator = struct {
         return mimalloc.mi_malloc_size(ptr);
     }
 
-    fn alloc(_: *anyopaque, len: usize, ptr_align: u8, _: usize) ?[*]u8 {
-        return alignedAlloc(len, ptr_align);
+    fn alloc(_: *anyopaque, len: usize, alignment: mem.Alignment, _: usize) ?[*]u8 {
+        return alignedAlloc(len, alignment);
     }
 
-    fn resize(_: *anyopaque, buf: []u8, _: u8, new_len: usize, _: usize) bool {
+    fn resize(_: *anyopaque, buf: []u8, _: mem.Alignment, new_len: usize, _: usize) bool {
         if (new_len <= buf.len) {
             return true;
         }
@@ -150,6 +146,7 @@ pub const z_allocator = Allocator{
 const z_allocator_vtable = Allocator.VTable{
     .alloc = &ZAllocator.alloc,
     .resize = &ZAllocator.resize,
+    .remap = &std.mem.Allocator.noRemap,
     .free = &ZAllocator.free,
 };
 const HugeAllocator = struct {

src/allocators/mimalloc_arena.zig

@@ -209,11 +209,11 @@ pub const Arena = struct {
     }
     pub const supports_posix_memalign = true;
 
-    fn alignedAlloc(heap: *mimalloc.Heap, len: usize, alignment: usize) ?[*]u8 {
+    fn alignedAlloc(heap: *mimalloc.Heap, len: usize, alignment: mem.Alignment) ?[*]u8 {
         log("Malloc: {d}\n", .{len});
 
-        const ptr: ?*anyopaque = if (mimalloc.canUseAlignedAlloc(len, alignment))
-            mimalloc.mi_heap_malloc_aligned(heap, len, alignment)
+        const ptr: ?*anyopaque = if (mimalloc.canUseAlignedAlloc(len, alignment.toByteUnits()))
+            mimalloc.mi_heap_malloc_aligned(heap, len, alignment.toByteUnits())
         else
             mimalloc.mi_heap_malloc(heap, len);
 
@@ -234,15 +234,10 @@ pub const Arena = struct {
         return mimalloc.mi_malloc_usable_size(ptr);
     }
 
-    fn alloc(arena: *anyopaque, len: usize, log2_align: u8, _: usize) ?[*]u8 {
+    fn alloc(arena: *anyopaque, len: usize, alignment: mem.Alignment, _: usize) ?[*]u8 {
         const this = bun.cast(*mimalloc.Heap, arena);
         // if (comptime Environment.isDebug)
         //     ArenaRegistry.assert(.{ .heap = this });
-        if (comptime FeatureFlags.alignment_tweak) {
-            return alignedAlloc(this, len, log2_align);
-        }
-
-        const alignment = @as(usize, 1) << @as(Allocator.Log2Align, @intCast(log2_align));
 
         return alignedAlloc(
             this,
@@ -251,7 +246,7 @@ pub const Arena = struct {
         );
     }
 
-    fn resize(_: *anyopaque, buf: []u8, _: u8, new_len: usize, _: usize) bool {
+    fn resize(_: *anyopaque, buf: []u8, _: mem.Alignment, new_len: usize, _: usize) bool {
         if (new_len <= buf.len) {
             return true;
         }
@@ -267,7 +262,7 @@ pub const Arena = struct {
     fn free(
         _: *anyopaque,
         buf: []u8,
-        buf_align: u8,
+        alignment: mem.Alignment,
         _: usize,
     ) void {
         // mi_free_size internally just asserts the size
@@ -275,8 +270,8 @@ pub const Arena = struct {
         // but its good to have that assertion
         if (comptime Environment.isDebug) {
             assert(mimalloc.mi_is_in_heap_region(buf.ptr));
-            if (mimalloc.canUseAlignedAlloc(buf.len, buf_align))
-                mimalloc.mi_free_size_aligned(buf.ptr, buf.len, buf_align)
+            if (mimalloc.canUseAlignedAlloc(buf.len, alignment.toByteUnits()))
+                mimalloc.mi_free_size_aligned(buf.ptr, buf.len, alignment.toByteUnits())
             else
                 mimalloc.mi_free_size(buf.ptr, buf.len);
         } else {
@@ -288,5 +283,6 @@ pub const Arena = struct {
 const c_allocator_vtable = Allocator.VTable{
     .alloc = &Arena.alloc,
     .resize = &Arena.resize,
+    .remap = &std.mem.Allocator.noRemap,
     .free = &Arena.free,
 };

src/analytics/analytics_thread.zig

@@ -128,6 +128,8 @@ pub const Features = struct {
     pub var process_dlopen: usize = 0;
     pub var postgres_connections: usize = 0;
     pub var s3: usize = 0;
+    pub var csrf_verify: usize = 0;
+    pub var csrf_generate: usize = 0;
 
     comptime {
         @export(&napi_module_register, .{ .name = "Bun__napi_module_register_count" });

src/baby_list.zig

@@ -94,7 +94,7 @@ pub fn BabyList(comptime Type: type) type {
             this.update(list_);
         }
 
-        pub fn popOrNull(this: *@This()) ?Type {
+        pub fn pop(this: *@This()) ?Type {
             if (this.len == 0) return null;
             this.len -= 1;
             return this.ptr[this.len];
@@ -316,6 +316,12 @@ pub fn BabyList(comptime Type: type) type {
             this.update(list__);
         }
 
+        pub fn insertSlice(this: *@This(), allocator: std.mem.Allocator, index: usize, vals: []const Type) !void {
+            var list__ = this.listManaged(allocator);
+            try list__.insertSlice(index, vals);
+            this.update(list__);
+        }
+
         pub fn append(this: *@This(), allocator: std.mem.Allocator, value: []const Type) !void {
             var list__ = this.listManaged(allocator);
             try list__.appendSlice(value);

src/bake/DevServer.zig

@@ -10,6 +10,7 @@
 pub const DevServer = @This();
 pub const debug = bun.Output.Scoped(.DevServer, false);
 pub const igLog = bun.Output.scoped(.IncrementalGraph, false);
+const DebugHTTPServer = @import("../bun.js/api/server.zig").DebugHTTPServer;
 
 pub const Options = struct {
     /// Arena must live until DevServer.deinit()
@@ -99,6 +100,11 @@ server_register_update_callback: JSC.Strong,
 bun_watcher: *bun.Watcher,
 directory_watchers: DirectoryWatchStore,
 watcher_atomics: WatcherAtomics,
+testing_batch_events: union(enum) {
+    disabled,
+    enable_after_bundle,
+    enabled: TestingBatch,
+},
 
 /// Number of bundles that have been executed. This is currently not read, but
 /// will be used later to determine when to invoke graph garbage collection.
@@ -165,6 +171,9 @@ deferred_request_pool: bun.HiveArray(DeferredRequest.Node, DeferredRequest.max_p
 /// UWS can handle closing the websocket connections themselves
 active_websocket_connections: std.AutoHashMapUnmanaged(*HmrSocket, void),
 
+relative_path_buf_lock: bun.DebugThreadLock,
+relative_path_buf: bun.PathBuffer,
+
 // Debugging
 
 dump_dir: if (bun.FeatureFlags.bake_debugging_features) ?std.fs.Dir else void,
@@ -379,7 +388,7 @@ pub fn init(options: Options) bun.JSOOM!*DevServer {
         .emit_visualizer_events = 0,
         .has_pre_crash_handler = bun.FeatureFlags.bake_debugging_features and
             options.dump_state_on_crash orelse
-            bun.getRuntimeFeatureFlag("BUN_DUMP_STATE_ON_CRASH"),
+                bun.getRuntimeFeatureFlag("BUN_DUMP_STATE_ON_CRASH"),
         .frontend_only = options.framework.file_system_router_types.len == 0,
         .client_graph = .empty,
         .server_graph = .empty,
@@ -409,6 +418,8 @@ pub fn init(options: Options) bun.JSOOM!*DevServer {
                 true
         else
             bun.getRuntimeFeatureFlag("BUN_ASSUME_PERFECT_INCREMENTAL"),
+        .relative_path_buf_lock = .unlocked,
+        .testing_batch_events = .disabled,
 
         .server_transpiler = undefined,
         .client_transpiler = undefined,
@@ -419,6 +430,7 @@ pub fn init(options: Options) bun.JSOOM!*DevServer {
         .watcher_atomics = undefined,
         .log = undefined,
         .deferred_request_pool = undefined,
+        .relative_path_buf = undefined,
     });
     errdefer bun.destroy(dev);
     const allocator = dev.allocation_scope.allocator();
@@ -645,6 +657,8 @@ pub fn deinit(dev: *DevServer) void {
         .framework = {},
         .bundler_options = {},
         .assume_perfect_incremental_bundling = {},
+        .relative_path_buf = {},
+        .relative_path_buf_lock = {},
 
         .graph_safety_lock = dev.graph_safety_lock.lock(),
         .bun_watcher = dev.bun_watcher.deinit(true),
@@ -739,6 +753,13 @@ pub fn deinit(dev: *DevServer) void {
             event.aligned.files.deinit(dev.allocator);
             event.aligned.extra_files.deinit(dev.allocator);
         },
+        .testing_batch_events = switch (dev.testing_batch_events) {
+            .disabled => {},
+            .enabled => |*batch| {
+                batch.entry_points.deinit(allocator);
+            },
+            .enable_after_bundle => {},
+        },
     };
     dev.allocation_scope.deinit();
     bun.destroy(dev);
@@ -775,6 +796,8 @@ pub fn memoryCost(dev: *DevServer) usize {
         .server_register_update_callback = {},
         .deferred_request_pool = {},
         .assume_perfect_incremental_bundling = {},
+        .relative_path_buf = {},
+        .relative_path_buf_lock = {},
 
         // pointers that are not considered a part of DevServer
         .vm = {},
@@ -886,6 +909,13 @@ pub fn memoryCost(dev: *DevServer) usize {
         .route_lookup = {
             cost += memoryCostArrayHashMap(dev.route_lookup);
         },
+        .testing_batch_events = switch (dev.testing_batch_events) {
+            .disabled => {},
+            .enabled => |batch| {
+                cost += memoryCostArrayHashMap(batch.entry_points.set);
+            },
+            .enable_after_bundle => {},
+        },
     };
     return cost;
 }
@@ -915,7 +945,7 @@ fn initServerRuntime(dev: *DevServer) void {
     if (!interface.isObject()) @panic("Internal assertion failure: expected interface from HMR runtime to be an object");
     const fetch_function = interface.get(dev.vm.global, "handleRequest") catch null orelse
         @panic("Internal assertion failure: expected interface from HMR runtime to contain handleRequest");
-    bun.assert(fetch_function.isCallable(dev.vm.jsc));
+    bun.assert(fetch_function.isCallable());
     dev.server_fetch_function_callback = JSC.Strong.create(fetch_function, dev.vm.global);
     const register_update = interface.get(dev.vm.global, "registerUpdate") catch null orelse
         @panic("Internal assertion failure: expected interface from HMR runtime to contain registerUpdate");
@@ -1172,6 +1202,8 @@ fn ensureRouteIsBundled(
                     .loaded => {},
                 }
 
+                // TODO(@heimskr): store the request?
+
                 // Prepare a bundle with just this route.
                 var sfa = std.heap.stackFallback(4096, dev.allocator);
                 const temp_alloc = sfa.get();
@@ -1321,6 +1353,15 @@ fn appendRouteEntryPointsIfNotStale(dev: *DevServer, entry_points: *EntryPointLi
             try entry_points.append(alloc, html.html_bundle.html_bundle.path, .{ .client = true });
         },
     }
+
+    if (dev.has_tailwind_plugin_hack) |*map| {
+        for (map.keys()) |abs_path| {
+            const file = dev.client_graph.bundled_files.get(abs_path) orelse
+                continue;
+            if (file.flags.kind == .css)
+                entry_points.appendCss(alloc, abs_path) catch bun.outOfMemory();
+        }
+    }
 }
 
 fn onFrameworkRequestWithBundle(
@@ -1348,6 +1389,7 @@ fn onFrameworkRequestWithBundle(
             router_type.server_file_string.get() orelse str: {
                 const name = dev.server_graph.bundled_files.keys()[fromOpaqueFileId(.server, router_type.server_file).get()];
                 const str = bun.String.createUTF8ForJS(dev.vm.global, dev.relativePath(name));
+                dev.releaseRelativePathBuf();
                 router_type.server_file_string = JSC.Strong.create(str, dev.vm.global);
                 break :str str;
             },
@@ -1365,10 +1407,12 @@ fn onFrameworkRequestWithBundle(
                 route = dev.router.routePtr(bundle.route_index);
                 var route_name = bun.String.createUTF8(dev.relativePath(keys[fromOpaqueFileId(.server, route.file_page.unwrap().?).get()]));
                 arr.putIndex(global, 0, route_name.transferToJS(global));
+                dev.releaseRelativePathBuf();
                 n = 1;
                 while (true) {
                     if (route.file_layout.unwrap()) |layout| {
                         var layout_name = bun.String.createUTF8(dev.relativePath(keys[fromOpaqueFileId(.server, layout).get()]));
+                        defer dev.releaseRelativePathBuf();
                         arr.putIndex(global, @intCast(n), layout_name.transferToJS(global));
                         n += 1;
                     }
@@ -1493,7 +1537,7 @@ fn generateHTMLPayload(dev: *DevServer, route_bundle_index: RouteBundle.Index, r
     return array.items;
 }
 
-fn getJavaScriptCodeForHTMLFile(
+fn generateJavaScriptCodeForHTMLFile(
     dev: *DevServer,
     index: bun.JSAst.Index,
     import_records: []bun.BabyList(bun.ImportRecord),
@@ -1502,14 +1546,14 @@ fn getJavaScriptCodeForHTMLFile(
 ) bun.OOM![]const u8 {
     var sfa_state = std.heap.stackFallback(65536, dev.allocator);
     const sfa = sfa_state.get();
-    var array: std.ArrayListUnmanaged(u8) = std.ArrayListUnmanaged(u8).initCapacity(sfa, 65536) catch bun.outOfMemory();
+    var array = std.ArrayListUnmanaged(u8).initCapacity(sfa, 65536) catch bun.outOfMemory();
     defer array.deinit(sfa);
     const w = array.writer(sfa);
 
     try w.writeAll("  ");
     try bun.js_printer.writeJSONString(input_file_sources[index.get()].path.pretty, @TypeOf(w), w, .utf8);
-    try w.writeAll("(m) {\n  ");
-    try w.writeAll("  return Promise.all([\n");
+    try w.writeAll(": [ [");
+    var any = false;
     for (import_records[index.get()].slice()) |import| {
         if (import.source_index.isValid()) {
             if (!loaders[import.source_index.get()].isJavaScriptLike())
@@ -1521,15 +1565,20 @@ fn getJavaScriptCodeForHTMLFile(
             if (file.flags.kind != .js)
                 continue;
         }
-
-        try w.writeAll("      m.dynamicImport(");
+        if (!any) {
+            any = true;
+            try w.writeAll("\n");
+        }
+        try w.writeAll("    ");
         try bun.js_printer.writeJSONString(import.path.pretty, @TypeOf(w), w, .utf8);
-        try w.writeAll("),\n  ");
+        try w.writeAll(", 0,\n");
     }
-    try w.writeAll("    ]);\n  ");
-    try w.writeAll("},\n");
+    if (any) {
+        try w.writeAll("  ");
+    }
+    try w.writeAll("], [], [], () => {}, false],\n");
 
-    // Avoid-recloning if it is was moved to the hap
+    // Avoid-recloning if it is was moved to the heap
     return if (array.items.ptr == &sfa_state.buffer)
         try dev.allocator.dupe(u8, array.items)
     else
@@ -1736,7 +1785,7 @@ fn prepareAndLogResolutionFailures(dev: *DevServer) !void {
 
     // Theoretically, it shouldn't be possible for errors to leak into dev.log, but just in
     // case that happens, they can be printed out.
-    if (dev.log.hasErrors()) {
+    if (dev.log.hasErrors() and dev.log.msgs.items.len > 0) {
         if (Environment.isDebug) {
             Output.debugWarn("dev.log should not be written into when using DevServer", .{});
         }
@@ -1844,7 +1893,7 @@ fn generateClientBundle(dev: *DevServer, route_bundle: *RouteBundle) bun.OOM![]u
             break :brk;
         if (!dev.client_graph.stale_files.isSet(rfr_index.get())) {
             try dev.client_graph.traceImports(rfr_index, &gts, .find_client_modules);
-            react_fast_refresh_id = dev.relativePath(rfr.import_source);
+            react_fast_refresh_id = rfr.import_source;
         }
     }
 
@@ -1867,7 +1916,7 @@ fn generateClientBundle(dev: *DevServer, route_bundle: *RouteBundle) bun.OOM![]u
     const client_bundle = dev.client_graph.takeJSBundle(.{
         .kind = .initial_response,
         .initial_response_entry_point = if (client_file) |index|
-            dev.relativePath(dev.client_graph.bundled_files.keys()[index.get()])
+            dev.client_graph.bundled_files.keys()[index.get()]
         else
             "",
         .react_refresh_entry_point = react_fast_refresh_id,
@@ -1947,6 +1996,7 @@ fn makeArrayForServerComponentsPatch(dev: *DevServer, global: *JSC.JSGlobalObjec
     const names = dev.server_graph.bundled_files.keys();
     for (items, 0..) |item, i| {
         const str = bun.String.createUTF8(dev.relativePath(names[item.get()]));
+        defer dev.releaseRelativePathBuf();
         defer str.deref();
         arr.putIndex(global, @intCast(i), str.toJS(global));
     }
@@ -2002,6 +2052,7 @@ pub fn finalizeBundle(
     bv2: *bun.bundle_v2.BundleV2,
     result: bun.bundle_v2.DevServerOutput,
 ) bun.OOM!void {
+    var had_sent_hmr_event = false;
     defer {
         bv2.deinit();
         dev.current_bundle = null;
@@ -2010,6 +2061,20 @@ pub fn finalizeBundle(
             // not fatal: the assets may be reindexed some time later.
         };
 
+        // Signal for testing framework where it is in synchronization
+        if (dev.testing_batch_events == .enable_after_bundle) {
+            dev.testing_batch_events = .{ .enabled = .empty };
+            dev.publish(.testing_watch_synchronization, &.{
+                MessageId.testing_watch_synchronization.char(),
+                0,
+            }, .binary);
+        } else {
+            dev.publish(.testing_watch_synchronization, &.{
+                MessageId.testing_watch_synchronization.char(),
+                if (had_sent_hmr_event) 4 else 3,
+            }, .binary);
+        }
+
         dev.startNextBundleIfPresent();
 
         // Unref the ref added in `startAsyncBundle`
@@ -2066,7 +2131,7 @@ pub fn finalizeBundle(
         .gts = undefined,
     };
 
-    const quoted_source_contents = bv2.linker.graph.files.items(.quoted_source_contents);
+    const quoted_source_contents: []const []const u8 = bv2.linker.graph.files.items(.quoted_source_contents);
     // Pass 1, update the graph's nodes, resolving every bundler source
     // index into its `IncrementalGraph(...).FileIndex`
     for (
@@ -2095,7 +2160,7 @@ pub fn finalizeBundle(
                 .{ .js = .{
                     .code = compile_result.code(),
                     .source_map = source_map,
-                    .quoted_contents = .initOwned(quoted_contents, dev.allocator),
+                    .quoted_contents = .initOwned(@constCast(quoted_contents), dev.allocator),
                 } },
                 graph == .ssr,
             ),
@@ -2166,7 +2231,7 @@ pub fn finalizeBundle(
     for (result.htmlChunks()) |*chunk| {
         const index = bun.JSAst.Index.init(chunk.entry_point.source_index);
         const compile_result = chunk.compile_results_for_chunk[0].html;
-        const generated_js = try dev.getJavaScriptCodeForHTMLFile(
+        const generated_js = try dev.generateJavaScriptCodeForHTMLFile(
             index,
             import_records,
             input_file_sources,
@@ -2178,7 +2243,7 @@ pub fn finalizeBundle(
             .{ .js = .{
                 .code = generated_js,
                 .source_map = .empty,
-                .quoted_contents = comptime .initNeverFree(""),
+                .quoted_contents = .empty,
             } },
             false,
         );
@@ -2235,6 +2300,11 @@ pub fn finalizeBundle(
     }
 
     // Index all failed files now that the incremental graph has been updated.
+    if (dev.incremental_result.failures_removed.items.len > 0 or
+        dev.incremental_result.failures_added.items.len > 0)
+    {
+        had_sent_hmr_event = true;
+    }
     try dev.indexFailures();
 
     try dev.client_graph.ensureStaleBitCapacity(false);
@@ -2313,7 +2383,7 @@ pub fn finalizeBundle(
     if (will_hear_hot_update and
         current_bundle.had_reload_event and
         (dev.incremental_result.framework_routes_affected.items.len +
-        dev.incremental_result.html_routes_hard_affected.items.len) > 0 and
+            dev.incremental_result.html_routes_hard_affected.items.len) > 0 and
         dev.bundling_failures.count() == 0)
     {
         has_route_bits_set = true;
@@ -2442,10 +2512,10 @@ pub fn finalizeBundle(
     }
     try w.writeInt(i32, -1, .little);
 
-    // Send CSS mutations
     const css_chunks = result.cssChunks();
     if (will_hear_hot_update) {
         if (dev.client_graph.current_chunk_len > 0 or css_chunks.len > 0) {
+            // Send CSS mutations
             const asset_values = dev.assets.files.values();
             try w.writeInt(u32, @intCast(css_chunks.len), .little);
             const sources = bv2.graph.input_files.items(.source);
@@ -2457,6 +2527,7 @@ pub fn finalizeBundle(
                 try w.writeAll(css_data);
             }
 
+            // Send the JS chunk
             if (dev.client_graph.current_chunk_len > 0) {
                 const hash = hash: {
                     var source_map_hash: bun.bundle_v2.ContentHasher.Hash = .init(0x4b12); // arbitrarily different seed than what .initial_response uses
@@ -2482,6 +2553,7 @@ pub fn finalizeBundle(
         }
 
         dev.publish(.hot_update, hot_update_payload.items, .binary);
+        had_sent_hmr_event = true;
     }
 
     if (dev.incremental_result.failures_added.items.len > 0) {
@@ -2561,6 +2633,7 @@ pub fn finalizeBundle(
                 break :file_name dev.relativePath(abs_path);
             },
         };
+        defer dev.releaseRelativePathBuf();
         const total_count = bv2.graph.entry_points.items.len;
         if (file_name) |name| {
             Output.prettyError("<d>:<r> {s}", .{name});
@@ -2628,7 +2701,9 @@ fn startNextBundleIfPresent(dev: *DevServer) void {
             dev.appendRouteEntryPointsIfNotStale(&entry_points, temp_alloc, route_bundle_index) catch bun.outOfMemory();
         }
 
-        dev.startAsyncBundle(entry_points, is_reload, timer) catch bun.outOfMemory();
+        if (entry_points.set.count() > 0) {
+            dev.startAsyncBundle(entry_points, is_reload, timer) catch bun.outOfMemory();
+        }
 
         dev.next_bundle.route_queue.clearRetainingCapacity();
     }
@@ -2756,16 +2831,13 @@ fn onRequest(dev: *DevServer, req: *Request, resp: anytype) void {
         return;
     }
 
-    switch (dev.server.?) {
-        inline else => |s| {
-            if (@typeInfo(@TypeOf(s.app.?)).pointer.child.Response != @typeInfo(@TypeOf(resp)).pointer.child) {
-                unreachable; // mismatch between `is_ssl` with server and response types. optimize these checks out.
-            }
-            if (s.config.onRequest != .zero) {
-                s.onRequest(req, resp);
-                return;
-            }
-        },
+    if (DevServer.AnyResponse != @typeInfo(@TypeOf(resp)).pointer.child) {
+        unreachable; // mismatch between `is_ssl` with server and response types. optimize these checks out.
+    }
+
+    if (dev.server.?.config.onRequest != .zero) {
+        dev.server.?.onRequest(req, resp);
+        return;
     }
 
     sendBuiltInNotFound(resp);
@@ -2973,6 +3045,9 @@ pub fn IncrementalGraph(side: bake.Side) type {
         /// exact size, instead of the log approach that dynamic arrays use.
         stale_files: DynamicBitSetUnmanaged,
 
+        // TODO: rename `dependencies` to something that clearly indicates direction.
+        // such as "parent" or "consumer"
+
         /// Start of a file's 'dependencies' linked list. These are the other
         /// files that have imports to this file. Walk this list to discover
         /// what files are to be reloaded when something changes.
@@ -3227,15 +3302,15 @@ pub fn IncrementalGraph(side: bake.Side) type {
                 return self.vlq_ptr[0..self.vlq_len];
             }
 
-            pub fn quotedContentsCowString(self: @This()) bun.CowString {
-                return bun.CowString.initUnchecked(self.quoted_contents_ptr[0..self.quoted_contents_flags.len], self.quoted_contents_flags.is_owned);
+            pub fn quotedContentsCowString(self: @This()) bun.ptr.CowString {
+                return bun.ptr.CowString.initUnchecked(self.quoted_contents_ptr[0..self.quoted_contents_flags.len], self.quoted_contents_flags.is_owned);
             }
 
             pub fn quotedContents(self: @This()) []const u8 {
                 return self.quoted_contents_ptr[0..self.quoted_contents_flags.len];
             }
 
-            pub fn fromNonEmptySourceMap(source_map: SourceMap.Chunk, quoted_contents: bun.CowString) !PackedMap {
+            pub fn fromNonEmptySourceMap(source_map: SourceMap.Chunk, quoted_contents: bun.ptr.CowString) !PackedMap {
                 assert(source_map.buffer.list.items.len > 0);
                 return .{
                     .vlq_ptr = source_map.buffer.list.items.ptr,
@@ -3262,9 +3337,9 @@ pub fn IncrementalGraph(side: bake.Side) type {
         // for a simpler example. It is more complicated here because this
         // structure is two-way.
         pub const Edge = struct {
-            /// The file with the `import` statement
+            /// The file with the import statement
             dependency: FileIndex,
-            /// The file that `dependency` is importing
+            /// The file the import statement references.
             imported: FileIndex,
 
             next_import: EdgeIndex.Optional,
@@ -3355,7 +3430,7 @@ pub fn IncrementalGraph(side: bake.Side) type {
                 js: struct {
                     code: []const u8,
                     source_map: SourceMap.Chunk,
-                    quoted_contents: bun.CowString,
+                    quoted_contents: bun.ptr.CowString,
                 },
                 css: u64,
             },
@@ -3664,7 +3739,7 @@ pub fn IncrementalGraph(side: bake.Side) type {
             bundler_index: bun.JSAst.Index,
         ) !void {
             bun.assert(bundler_index.isValid());
-            bun.assert(ctx.loaders[bundler_index.get()] == .css);
+            bun.assert(ctx.loaders[bundler_index.get()].isCSS());
 
             var sfb = std.heap.stackFallback(@sizeOf(bun.JSAst.Index) * 64, temp_alloc);
             const queue_alloc = sfb.get();
@@ -3681,7 +3756,7 @@ pub fn IncrementalGraph(side: bake.Side) type {
                 }
             }
 
-            while (queue.popOrNull()) |index| {
+            while (queue.pop()) |index| {
                 for (ctx.import_records[index.get()].slice()) |import_record| {
                     const result = try processEdgeAttachment(g, ctx, temp_alloc, quick_lookup, new_imports, file_index, import_record, .css);
                     if (result == .@"continue" and import_record.source_index.isValid()) {
@@ -4321,6 +4396,7 @@ pub fn IncrementalGraph(side: bake.Side) type {
                 dev.relativePath(gop.key_ptr.*),
                 log.msgs.items,
             );
+            defer dev.releaseRelativePathBuf();
             const fail_gop = try dev.bundling_failures.getOrPut(dev.allocator, failure);
             try dev.incremental_result.failures_added.append(dev.allocator, failure);
             if (fail_gop.found_existing) {
@@ -4349,7 +4425,7 @@ pub fn IncrementalGraph(side: bake.Side) type {
             it = g.first_dep.items[index.get()].unwrap();
             while (it) |edge_index| {
                 const dep = g.edges.items[edge_index.get()];
-                it = dep.next_import.unwrap();
+                it = dep.next_dependency.unwrap();
                 assert(dep.imported == index);
 
                 bv2.enqueueFileFromDevServerIncrementalGraphInvalidation(
@@ -4539,6 +4615,7 @@ pub fn IncrementalGraph(side: bake.Side) type {
                                 w,
                                 .utf8,
                             );
+                            g.owner().releaseRelativePathBuf();
                         } else {
                             try w.writeAll("null");
                         }
@@ -4554,6 +4631,7 @@ pub fn IncrementalGraph(side: bake.Side) type {
                                 w,
                                 .utf8,
                             );
+                            g.owner().releaseRelativePathBuf();
                         }
                         try w.writeAll("\n");
                     },
@@ -4631,21 +4709,32 @@ pub fn IncrementalGraph(side: bake.Side) type {
             var source_map_strings = std.ArrayList(u8).init(arena);
             defer source_map_strings.deinit();
 
+            const dev = g.owner();
+            dev.relative_path_buf_lock.lock();
+            defer dev.relative_path_buf_lock.unlock();
+
+            const buf = bun.PathBufferPool.get();
+            defer bun.PathBufferPool.put(buf);
+
             var path_count: usize = 0;
             for (g.current_chunk_parts.items) |entry| {
                 path_count += 1;
                 try source_map_strings.appendSlice(",");
-                const path = paths[entry.get()];
+                const path = if (Environment.isWindows)
+                    bun.path.pathToPosixBuf(u8, paths[entry.get()], buf)
+                else
+                    paths[entry.get()];
+
                 if (std.fs.path.isAbsolute(path)) {
-                    const is_windows_drive_path = Environment.isWindows and bun.path.isSepAny(path[0]);
+                    const is_windows_drive_path = Environment.isWindows and path[0] != '/';
                     try source_map_strings.appendSlice(if (is_windows_drive_path)
-                        "file:///"
+                        "\"file:///"
                     else
                         "\"file://");
                     if (Environment.isWindows and !is_windows_drive_path) {
                         // UNC namespace -> file://server/share/path.ext
                         bun.strings.percentEncodeWrite(
-                            if (path.len > 2 and bun.path.isSepAny(path[0]) and bun.path.isSepAny(path[1]))
+                            if (path.len > 2 and path[0] == '/' and path[1] == '/')
                                 path[2..]
                             else
                                 path, // invalid but must not crash
@@ -4897,7 +4986,7 @@ pub fn IncrementalGraph(side: bake.Side) type {
         }
 
         fn newEdge(g: *@This(), edge: Edge) !EdgeIndex {
-            if (g.edges_free_list.popOrNull()) |index| {
+            if (g.edges_free_list.pop()) |index| {
                 g.edges.items[index.get()] = edge;
                 return index;
             }
@@ -5096,6 +5185,7 @@ const DirectoryWatchStore = struct {
             // loaders do not depend on importing other files.
             .file,
             .json,
+            .jsonc,
             .toml,
             .wasm,
             .napi,
@@ -5273,7 +5363,7 @@ const DirectoryWatchStore = struct {
     }
 
     fn appendDepAssumeCapacity(store: *DirectoryWatchStore, dep: Dep) Dep.Index {
-        if (store.dependencies_free_list.popOrNull()) |index| {
+        if (store.dependencies_free_list.pop()) |index| {
             store.dependencies.items[index.get()] = dep;
             return index;
         }
@@ -5621,10 +5711,11 @@ fn writeVisualizerMessage(dev: *DevServer, payload: *std.ArrayList(u8)) !void {
             0..,
         ) |k, v, i| {
             const normalized_key = dev.relativePath(k);
+            defer dev.releaseRelativePathBuf();
             try w.writeInt(u32, @intCast(normalized_key.len), .little);
             if (k.len == 0) continue;
             try w.writeAll(normalized_key);
-            try w.writeByte(@intFromBool(g.stale_files.isSet(i) or switch (side) {
+            try w.writeByte(@intFromBool(g.stale_files.isSetAllowOutOfBound(i, true) or switch (side) {
                 .server => v.failed,
                 .client => v.flags.failed,
             }));
@@ -5674,7 +5765,7 @@ pub fn onWebSocketUpgrade(
         .active_route = .none,
     });
     dev.active_websocket_connections.put(dev.allocator, dw, {}) catch bun.outOfMemory();
-    res.upgrade(
+    _ = res.upgrade(
         *HmrSocket,
         dw,
         req.header("sec-websocket-key") orelse "",
@@ -5686,12 +5777,13 @@ pub fn onWebSocketUpgrade(
 
 /// Every message is to use `.binary`/`ArrayBuffer` transport mode. The first byte
 /// indicates a Message ID; see comments on each type for how to interpret the rest.
+/// Avoid changing message ID values, as some of these are hard-coded in tests.
 ///
 /// This format is only intended for communication via the browser and DevServer.
 /// Server-side HMR is implemented using a different interface. This API is not
 /// versioned alongside Bun; breaking changes may occur at any point.
 ///
-/// All integers are sent in little-endian
+/// All integers are sent in little-endian.
 pub const MessageId = enum(u8) {
     /// Version payload. Sent on connection startup. The client should issue a
     /// hard-reload when it mismatches with its `config.version`.
@@ -5777,15 +5869,17 @@ pub const MessageId = enum(u8) {
     /// Sent in response to `set_url`.
     /// - `u32`: Route index
     set_url_response = 'n',
-    /// Used for syncronization in dev server tests, to identify when a update was
+    /// Used for synchronization in DevServer tests, to identify when a update was
     /// acknowledged by the watcher but intentionally took no action.
-    redundant_watch = 'r',
+    /// - `u8`: See bake-harness.ts WatchSynchronization enum.
+    testing_watch_synchronization = 'r',
 
     pub inline fn char(id: MessageId) u8 {
         return @intFromEnum(id);
     }
 };
 
+/// Avoid changing message ID values, as some of these are hard-coded in tests.
 pub const IncomingMessageId = enum(u8) {
     /// Subscribe to an event channel. Payload is a sequence of chars available
     /// in HmrTopic.
@@ -5793,6 +5887,8 @@ pub const IncomingMessageId = enum(u8) {
     /// Emitted on client-side navigations.
     /// Rest of payload is a UTF-8 string.
     set_url = 'n',
+    /// Tells the DevServer to batch events together.
+    testing_batch_events = 'H',
 
     /// Invalid data
     _,
@@ -5803,7 +5899,7 @@ const HmrTopic = enum(u8) {
     errors = 'e',
     browser_error = 'E',
     visualizer = 'v',
-    redundant_watch = 'r',
+    testing_watch_synchronization = 'r',
 
     /// Invalid data
     _,
@@ -5908,6 +6004,44 @@ const HmrSocket = struct {
                 var response: [5]u8 = .{MessageId.set_url_response.char()} ++ std.mem.toBytes(rbi.get());
                 _ = ws.send(&response, .binary, false, true);
             },
+            .testing_batch_events => switch (s.dev.testing_batch_events) {
+                .disabled => {
+                    if (s.dev.current_bundle != null) {
+                        s.dev.testing_batch_events = .enable_after_bundle;
+                    } else {
+                        s.dev.testing_batch_events = .{ .enabled = .empty };
+                        s.dev.publish(.testing_watch_synchronization, &.{
+                            MessageId.testing_watch_synchronization.char(),
+                            0,
+                        }, .binary);
+                    }
+                },
+                .enable_after_bundle => {
+                    // do not expose a websocket event that panics a release build
+                    bun.debugAssert(false);
+                    ws.close();
+                },
+                .enabled => |event_const| {
+                    var event = event_const;
+                    s.dev.testing_batch_events = .disabled;
+
+                    if (event.entry_points.set.count() == 0) {
+                        s.dev.publish(.testing_watch_synchronization, &.{
+                            MessageId.testing_watch_synchronization.char(),
+                            2,
+                        }, .binary);
+                        return;
+                    }
+
+                    s.dev.startAsyncBundle(
+                        event.entry_points,
+                        true,
+                        std.time.Timer.start() catch @panic("timers unsupported"),
+                    ) catch bun.outOfMemory();
+
+                    event.entry_points.deinit(s.dev.allocator);
+                },
+            },
             _ => ws.close(),
         }
     }
@@ -6153,15 +6287,6 @@ pub const HotReloadEvent = struct {
             g.invalidate(changed_file_paths, entry_points, temp_alloc) catch bun.outOfMemory();
         }
 
-        if (dev.has_tailwind_plugin_hack) |*map| {
-            for (map.keys()) |abs_path| {
-                const file = dev.client_graph.bundled_files.get(abs_path) orelse
-                    continue;
-                if (file.flags.kind == .css)
-                    entry_points.appendCss(temp_alloc, abs_path) catch bun.outOfMemory();
-            }
-        }
-
         if (entry_points.set.count() == 0) {
             Output.debugWarn("nothing to bundle", .{});
             if (changed_file_paths.len > 0)
@@ -6174,9 +6299,21 @@ pub const HotReloadEvent = struct {
                     bun.fmt.fmtSlice(event.dirs.keys(), ", "),
                 });
 
-            dev.publish(.redundant_watch, &.{MessageId.redundant_watch.char()}, .binary);
+            dev.publish(.testing_watch_synchronization, &.{
+                MessageId.testing_watch_synchronization.char(),
+                1,
+            }, .binary);
             return;
         }
+
+        if (dev.has_tailwind_plugin_hack) |*map| {
+            for (map.keys()) |abs_path| {
+                const file = dev.client_graph.bundled_files.get(abs_path) orelse
+                    continue;
+                if (file.flags.kind == .css)
+                    entry_points.appendCss(temp_alloc, abs_path) catch bun.outOfMemory();
+            }
+        }
     }
 
     pub fn run(first: *HotReloadEvent) void {
@@ -6184,6 +6321,7 @@ pub const HotReloadEvent = struct {
         defer debug.log("HMR Task end", .{});
 
         const dev = first.owner;
+
         if (Environment.isDebug) {
             assert(first.debug_mutex.tryLock());
             assert(first.contention_indicator.load(.seq_cst) == 0);
@@ -6196,7 +6334,7 @@ pub const HotReloadEvent = struct {
 
         var sfb = std.heap.stackFallback(4096, dev.allocator);
         const temp_alloc = sfb.get();
-        var entry_points: EntryPointList = EntryPointList.empty;
+        var entry_points: EntryPointList = .empty;
         defer entry_points.deinit(temp_alloc);
 
         first.processFileList(dev, &entry_points, temp_alloc);
@@ -6215,6 +6353,19 @@ pub const HotReloadEvent = struct {
             return;
         }
 
+        switch (dev.testing_batch_events) {
+            .disabled => {},
+            .enabled => |*ev| {
+                ev.append(dev, entry_points) catch bun.outOfMemory();
+                dev.publish(.testing_watch_synchronization, &.{
+                    MessageId.testing_watch_synchronization.char(),
+                    1,
+                }, .binary);
+                return;
+            },
+            .enable_after_bundle => bun.debugAssert(false),
+        }
+
         dev.startAsyncBundle(
             entry_points,
             true,
@@ -6496,6 +6647,8 @@ pub fn onRouterCollisionError(dev: *DevServer, rel_path: []const u8, other_id: O
         dev.relativePath(dev.server_graph.bundled_files.keys()[fromOpaqueFileId(.server, other_id).get()]),
     });
     Output.flush();
+
+    dev.releaseRelativePathBuf();
 }
 
 fn toOpaqueFileId(comptime side: bake.Side, index: IncrementalGraph(side).FileIndex) OpaqueFileId {
@@ -6519,7 +6672,9 @@ fn fromOpaqueFileId(comptime side: bake.Side, id: OpaqueFileId) IncrementalGraph
 }
 
 /// Returns posix style path, suitible for URLs and reproducible hashes.
-fn relativePath(dev: *const DevServer, path: []const u8) []const u8 {
+/// To avoid overwriting memory, this has a lock for the buffer.
+fn relativePath(dev: *DevServer, path: []const u8) []const u8 {
+    dev.relative_path_buf_lock.lock();
     bun.assert(dev.root[dev.root.len - 1] != '/');
 
     if (!std.fs.path.isAbsolute(path)) {
@@ -6532,15 +6687,20 @@ fn relativePath(dev: *const DevServer, path: []const u8) []const u8 {
     {
         return path[dev.root.len + 1 ..];
     }
-    const relative_path_buf = &struct {
-        threadlocal var buf: bun.PathBuffer = undefined;
-    }.buf;
-    const rel = bun.path.relativePlatformBuf(relative_path_buf, dev.root, path, .auto, true);
-    // @constCast: `rel` is owned by a mutable threadlocal buffer above
+
+    const rel = bun.path.relativePlatformBuf(&dev.relative_path_buf, dev.root, path, .auto, true);
+    // @constCast: `rel` is owned by a buffer on `dev`, which is mutable
     bun.path.platformToPosixInPlace(u8, @constCast(rel));
     return rel;
 }
 
+fn releaseRelativePathBuf(dev: *DevServer) void {
+    dev.relative_path_buf_lock.unlock();
+    if (bun.Environment.isDebug) {
+        dev.relative_path_buf = undefined;
+    }
+}
+
 fn dumpStateDueToCrash(dev: *DevServer) !void {
     comptime assert(bun.FeatureFlags.bake_debugging_features);
 
@@ -7172,6 +7332,7 @@ const ErrorReportRequest = struct {
                     const abs_path = result.file_paths[@intCast(index - 1)];
                     frame.source_url = .init(abs_path);
                     const rel_path = ctx.dev.relativePath(abs_path);
+                    defer ctx.dev.releaseRelativePathBuf();
                     if (bun.strings.eql(frame.function_name.value.ZigString.slice(), rel_path)) {
                         frame.function_name = .empty;
                     }
@@ -7201,14 +7362,15 @@ const ErrorReportRequest = struct {
 
         // Stack traces can often end with random runtime frames that are not relevant.
         trim_runtime_frames: {
-            const first_non_runtime_frame = for (frames.items, 0..) |frame, i| {
+            // Ensure that trimming will not remove ALL frames.
+            for (frames.items) |frame| {
                 if (!frame.position.isInvalid() or frame.source_url.value.ZigString.slice().ptr != runtime_name) {
-                    break i;
+                    break;
                 }
             } else break :trim_runtime_frames;
 
             // Move all frames up
-            var i = first_non_runtime_frame + 1;
+            var i: usize = 0;
             for (frames.items[i..]) |frame| {
                 if (frame.position.isInvalid() and frame.source_url.value.ZigString.slice().ptr == runtime_name) {
                     continue; // skip runtime frames
@@ -7260,6 +7422,7 @@ const ErrorReportRequest = struct {
             const src_to_write = frame.source_url.value.ZigString.slice();
             if (bun.strings.hasPrefixComptime(src_to_write, "/")) {
                 const file = ctx.dev.relativePath(src_to_write);
+                defer ctx.dev.releaseRelativePathBuf();
                 try w.writeInt(u32, @intCast(file.len), .little);
                 try w.writeAll(file);
             } else {
@@ -7394,6 +7557,19 @@ fn readString32(reader: anytype, alloc: Allocator) ![]const u8 {
     return memory;
 }
 
+const TestingBatch = struct {
+    entry_points: EntryPointList,
+
+    const empty: @This() = .{ .entry_points = .empty };
+
+    pub fn append(self: *@This(), dev: *DevServer, entry_points: EntryPointList) !void {
+        assert(entry_points.set.count() > 0);
+        for (entry_points.set.keys(), entry_points.set.values()) |k, v| {
+            try self.entry_points.append(dev.allocator, k, v);
+        }
+    }
+};
+
 /// userland implementation of https://github.com/ziglang/zig/issues/21879
 fn VoidFieldTypes(comptime T: type) type {
     const fields = @typeInfo(T).@"struct".fields;

src/bake/FrameworkRouter.zig

@@ -430,7 +430,7 @@ pub const Style = union(enum) {
             if (map.get(utf8.slice())) |style| {
                 return style;
             }
-        } else if (value.isCallable(global.vm())) {
+        } else if (value.isCallable()) {
             return .{ .javascript_defined = JSC.Strong.create(value, global) };
         }
 
@@ -810,7 +810,7 @@ fn newRoute(fr: *FrameworkRouter, alloc: Allocator, route_data: Route) !Route.In
 }
 
 fn newEdge(fr: *FrameworkRouter, alloc: Allocator, edge_data: Route.Edge) !Route.Edge.Index {
-    if (fr.freed_edges.popOrNull()) |i| {
+    if (fr.freed_edges.pop()) |i| {
         fr.edges.items[i.get()] = edge_data;
         return i;
     } else {

src/bake/bake.private.d.ts

@@ -1,3 +1,5 @@
+/** Module Ids are pre-resolved by the bundler, and should be treated as opaque strings.
+ * In practice, these strings are the relative file path to the module. */
 type Id = string;
 
 /** Index with same usage as `IncrementalGraph(.client).Index` */
@@ -24,10 +26,35 @@ interface Config {
   roots: FileIndex[];
 }
 
-/**
- * All modules for the initial bundle.
- */
-declare const input_graph: Record<string, ModuleLoadFunction>;
+declare namespace DEBUG {
+  /** 
+   * Set globally in debug builds.
+   * Removed using --drop=DEBUG.ASSERT in releases.
+   */
+  declare function ASSERT(condition: any, message?: string): asserts condition;
+}
+
+/** All modules for the initial bundle. */
+declare const unloadedModuleRegistry: Record<string, UnloadedModule>;
+declare type UnloadedModule = UnloadedESM | UnloadedCommonJS;
+declare type UnloadedESM = [
+  deps: EncodedDependencyArray,
+  exportKeys: string[],
+  starImports: Id[],
+  load: (mod: import("./hmr-module").HMRModule) => Promise<void>,
+  isAsync: boolean,
+];
+declare type EncodedDependencyArray = (string | number)[];
+declare type UnloadedCommonJS = (
+  hmr: import("./hmr-module").HMRModule,
+  module: import("./hmr-module").HMRModule["cjs"],
+  exports: unknown,
+) => unknown;
+declare type CommonJSModule = {
+  id: Id;
+  exports: any;
+  require: (id: Id) => unknown;
+};
 
 declare const config: Config;
 
@@ -112,3 +139,12 @@ declare module "react-dom/server.node" {
     options: RenderToPipeableStreamOptions,
   ): PipeableStream<Uint8Array>;
 }
+
+declare module "bun:wrap" {
+  export const __name: unique symbol;
+  export const __legacyDecorateClassTS: unique symbol;
+  export const __legacyDecorateParamTS: unique symbol;
+  export const __legacyMetadataTS: unique symbol;
+  export const __using: unique symbol;
+  export const __callDispose: unique symbol;
+}

src/bake/bake.zig

@@ -646,6 +646,7 @@ pub const Framework = struct {
         out.options.minify_whitespace = mode != .development;
         out.options.css_chunking = true;
         out.options.framework = framework;
+        out.options.inline_entrypoint_import_meta_main = true;
         if (bundler_options.ignoreDCEAnnotations) |ignore|
             out.options.ignore_dce_annotations = ignore;
 

src/bake/client/css-reloader.ts

@@ -180,7 +180,8 @@ export function editCssContent(id: string, newContent: string) {
     // Disable the link tag if it exists
     const linkSheet = entry.link?.sheet;
     if (linkSheet) linkSheet.disabled = true;
-    return;
+    return false;
   }
   sheet!.replace(newContent);
+  return !sheet!.disabled;
 }

src/bake/client/websocket.ts

@@ -52,7 +52,7 @@ export function getMainWebSocket(): WebSocketWrapper | null {
 
 export function initWebSocket(
   handlers: Record<number, (dv: DataView<ArrayBuffer>, ws: WebSocket) => void>,
-  { url = "/_bun/hmr", displayMessage = "Live-reloading socket" }: { url?: string; displayMessage?: string } = {},
+  { url = "/_bun/hmr", onStatusChange }: { url?: string; onStatusChange?: (connected: boolean) => void } = {},
 ): WebSocketWrapper {
   let firstConnection = true;
   let closed = false;
@@ -81,11 +81,9 @@ export function initWebSocket(
     mainWebSocket = wsProxy;
   }
 
-  function onOpen() {
-    if (firstConnection) {
-      firstConnection = false;
-      console.info(`[Bun] ${displayMessage} connected, waiting for changes...`);
-    }
+  function onFirstOpen() {
+    console.info("[Bun] Hot-module-reloading socket connected, waiting for changes...");
+    onStatusChange?.(true);
   }
 
   function onMessage(ev: MessageEvent<string | ArrayBuffer>) {
@@ -107,6 +105,7 @@ export function initWebSocket(
   }
 
   async function onClose() {
+    onStatusChange?.(false);
     console.warn("[Bun] Hot-module-reloading socket disconnected, reconnecting...");
 
     await new Promise(done => setTimeout(done, 1000));
@@ -123,7 +122,7 @@ export function initWebSocket(
       ws.onopen = () => {
         console.info("[Bun] Reconnected");
         done(true);
-        onOpen();
+        onStatusChange?.(true);
         ws.onerror = onError;
       };
       ws.onmessage = onMessage;
@@ -141,7 +140,7 @@ export function initWebSocket(
 
   let ws = (wsProxy.wrapped = new WebSocket(url));
   ws.binaryType = "arraybuffer";
-  ws.onopen = onOpen;
+  ws.onopen = onFirstOpen;
   ws.onmessage = onMessage;
   ws.onclose = onClose;
   ws.onerror = onError;

src/bake/debug.ts

@@ -0,0 +1,14 @@
+if (IS_BUN_DEVELOPMENT) {
+  // After 1.2.6 is released, this can just be `ASSERT`
+  globalThis.DEBUG = {
+    ASSERT: function ASSERT(condition: any, message?: string): asserts condition {
+      if (!condition) {
+        if (typeof Bun === "undefined") {
+          console.assert(false, "ASSERTION FAILED" + (message ? `: ${message}` : ""));
+        } else {
+          console.error("ASSERTION FAILED" + (message ? `: ${message}` : ""));
+        }
+      }
+    },
+  };
+}

src/bake/hmr-runtime-client.ts

@@ -1,8 +1,15 @@
 // This file is the entrypoint to the hot-module-reloading runtime
 // In the browser, this uses a WebSocket to communicate with the bundler.
-import { loadModule, LoadModuleType, onServerSideReload, replaceModules } from "./hmr-module";
+import './debug';
+import {
+  loadModuleAsync,
+  replaceModules,
+  onServerSideReload,
+  setRefreshRuntime,
+  emitEvent,
+  fullReload,
+} from "./hmr-module";
 import { hasFatalError, onServerErrorPayload, onRuntimeError } from "./client/overlay";
-import { Bake } from "bun";
 import { DataViewReader } from "./client/data-view";
 import { initWebSocket } from "./client/websocket";
 import { MessageId } from "./generated";
@@ -37,133 +44,135 @@ async function performRouteReload() {
       console.error("Failed to perform Server-side reload.");
       console.error(err);
       console.error("The page will hard-reload now.");
-      if (IS_BUN_DEVELOPMENT) {
-        // return showErrorOverlay(err);
-      }
     }
   }
 
   // Fallback for when reloading fails or is not implemented by the framework is
   // to hard-reload.
-  location.reload();
+  fullReload();
 }
 
 let isFirstRun = true;
-const ws = initWebSocket(
-  {
-    [MessageId.version](view) {
-      if (td.decode(view.buffer.slice(1)) !== config.version) {
-        console.error("Version mismatch, hard-reloading");
-        location.reload();
-        return;
-      }
+const handlers = {
+  [MessageId.version](view) {
+    if (td.decode(view.buffer.slice(1)) !== config.version) {
+      console.error("Version mismatch, hard-reloading");
+      fullReload();
+      return;
+    }
 
-      if (isFirstRun) {
-        isFirstRun = false;
-      } else {
-        // It would be possible to use `performRouteReload` to do a hot-reload,
-        // but the issue lies in possibly outdated client files. For correctness,
-        // all client files have to be HMR reloaded or proven unchanged.
-        // Configuration changes are already handled by the `config.version` data.
-        location.reload();
-        return;
-      }
+    if (isFirstRun) {
+      isFirstRun = false;
+    } else {
+      // It would be possible to use `performRouteReload` to do a hot-reload,
+      // but the issue lies in possibly outdated client files. For correctness,
+      // all client files have to be HMR reloaded or proven unchanged.
+      // Configuration changes are already handled by the `config.version` data.
+      fullReload();
+      return;
+    }
 
-      ws.send("she"); // IncomingMessageId.subscribe with hot_update and errors
-      ws.send("n" + location.pathname); // IncomingMessageId.set_url
-    },
-    [MessageId.hot_update](view) {
-      const reader = new DataViewReader(view, 1);
+    ws.send("she"); // IncomingMessageId.subscribe with hot_update and errors
+    ws.send("n" + location.pathname); // IncomingMessageId.set_url
+  },
+  [MessageId.hot_update](view) {
+    const reader = new DataViewReader(view, 1);
 
-      // The code genearting each list is annotated with equivalent "List n"
-      // comments in DevServer.zig's finalizeBundle function.
+    // The code genearting each list is annotated with equivalent "List n"
+    // comments in DevServer.zig's finalizeBundle function.
 
-      // List 1
-      const serverSideRoutesUpdated = new Set();
-      do {
-        const routeId = reader.i32();
-        if (routeId === -1 || routeId == undefined) break;
-        serverSideRoutesUpdated.add(routeId);
-      } while (true);
-      // List 2
-      let isServerSideRouteUpdate = false;
-      do {
-        const routeId = reader.i32();
-        if (routeId === -1 || routeId == undefined) break;
-        if (routeId === currentRouteIndex) {
-          isServerSideRouteUpdate = serverSideRoutesUpdated.has(routeId);
-          const cssCount = reader.i32();
-          if (cssCount !== -1) {
-            const cssArray = new Array<string>(cssCount);
-            for (let i = 0; i < cssCount; i++) {
-              cssArray[i] = reader.stringWithLength(16);
-            }
-            editCssArray(cssArray);
+    // List 1
+    const serverSideRoutesUpdated = new Set();
+    do {
+      const routeId = reader.i32();
+      if (routeId === -1 || routeId == undefined) break;
+      serverSideRoutesUpdated.add(routeId);
+    } while (true);
+    // List 2
+    let isServerSideRouteUpdate = false;
+    do {
+      const routeId = reader.i32();
+      if (routeId === -1 || routeId == undefined) break;
+      if (routeId === currentRouteIndex) {
+        isServerSideRouteUpdate = serverSideRoutesUpdated.has(routeId);
+        const cssCount = reader.i32();
+        if (cssCount !== -1) {
+          const cssArray = new Array<string>(cssCount);
+          for (let i = 0; i < cssCount; i++) {
+            cssArray[i] = reader.stringWithLength(16);
           }
+          editCssArray(cssArray);
+        }
 
-          // Skip to the last route
-          let nextRouteId = reader.i32();
-          while (nextRouteId != null && nextRouteId !== -1) {
-            const i = reader.i32();
-            reader.cursor += 16 * Math.max(0, i);
-            nextRouteId = reader.i32();
-          }
-          break;
-        } else {
-          // Skip to the next route
+        // Skip to the last route
+        let nextRouteId = reader.i32();
+        while (nextRouteId != null && nextRouteId !== -1) {
           const i = reader.i32();
           reader.cursor += 16 * Math.max(0, i);
+          nextRouteId = reader.i32();
         }
-      } while (true);
-      // List 3
-      {
-        let i = reader.u32();
-        while (i--) {
-          const identifier = reader.stringWithLength(16);
-          const code = reader.string32();
-          editCssContent(identifier, code);
+        break;
+      } else {
+        // Skip to the next route
+        const i = reader.i32();
+        reader.cursor += 16 * Math.max(0, i);
+      }
+    } while (true);
+    // List 3
+    {
+      let i = reader.u32();
+      while (i--) {
+        const identifier = reader.stringWithLength(16);
+        const code = reader.string32();
+        editCssContent(identifier, code);
+      }
+    }
+    if (hasFatalError && (isServerSideRouteUpdate || reader.hasMoreData())) {
+      fullReload();
+      return;
+    }
+    if (isServerSideRouteUpdate) {
+      performRouteReload();
+      return;
+    }
+    // JavaScript modules
+    if (reader.hasMoreData()) {
+      const code = td.decode(reader.rest());
+      try {
+        // TODO: This functions in all browsers, but WebKit browsers do not
+        // provide stack traces to errors thrown in eval, meaning client-side
+        // errors from hot-reloaded modules cannot be mapped back to their
+        // source.
+        const modules = (0, eval)(code);
+        replaceModules(modules).catch(e => {
+          console.error(e);
+          fullReload();
+        });
+      } catch (e) {
+        if (IS_BUN_DEVELOPMENT) {
+          console.error(e, "Failed to parse HMR payload", { code });
+          onRuntimeError(e, true, false);
+          return;
         }
+        emitEvent("bun:error", e);
+        throw e;
       }
-      if (hasFatalError && (isServerSideRouteUpdate || reader.hasMoreData())) {
-        location.reload();
-        return;
-      }
-      // JavaScript modules
-      if (reader.hasMoreData()) {
-        const code = td.decode(reader.rest());
-        try {
-          // TODO: This functions in all browsers, but WebKit browsers do not
-          // provide stack traces to errors thrown in eval, meaning client-side
-          // errors from hot-reloaded modules cannot be mapped back to their
-          // source.
-          const modules = (0, eval)(code);
-          if (IS_BUN_DEVELOPMENT) {
-            console.info("Updated modules:\n" + Object.keys(modules).join("\n"));
-          }
-          replaceModules(modules);
-        } catch (e) {
-          if (IS_BUN_DEVELOPMENT) {
-            console.error(e, "Failed to parse HMR payload", { code });
-            onRuntimeError(e, true, false);
-            return;
-          }
-          throw e;
-        }
-      }
-      if (isServerSideRouteUpdate) {
-        performRouteReload();
-      }
-    },
-    [MessageId.set_url_response](view) {
-      const reader = new DataViewReader(view, 1);
-      currentRouteIndex = reader.u32();
-    },
-    [MessageId.errors]: onServerErrorPayload,
+    } else {
+      // Needed for testing.
+      emitEvent("bun:afterUpdate", null);
+    }
   },
-  {
-    displayMessage: config.refresh ? "Hot-module-reloading socket" : "Live-reloading socket",
+  [MessageId.set_url_response](view) {
+    const reader = new DataViewReader(view, 1);
+    currentRouteIndex = reader.u32();
   },
-);
+  [MessageId.errors]: onServerErrorPayload,
+};
+const ws = initWebSocket(handlers, {
+  onStatusChange(connected) {
+    emitEvent(connected ? "bun:ws:connect" : "bun:ws:disconnect", null);
+  },
+});
 
 // Before loading user code, instrument some globals.
 {
@@ -191,8 +200,29 @@ window.addEventListener("unhandledrejection", event => {
   onRuntimeError(event.reason, true, true);
 });
 
+{
+  let reloadError: any = sessionStorage.getItem("bun:hmr:message");
+  if (reloadError) {
+    sessionStorage.removeItem("bun:hmr:message");
+    reloadError = JSON.parse(reloadError);
+    if (reloadError.kind === "warn") {
+      console.warn(reloadError.message);
+    } else {
+      console.error(reloadError.message);
+    }
+  }
+}
+
 try {
-  await loadModule<Bake.ClientEntryPoint>(config.main, LoadModuleType.AsyncAssertPresent);
+  const { refresh } = config;
+  if (refresh) {
+    const refreshRuntime = await loadModuleAsync(refresh, false, null);
+    setRefreshRuntime(refreshRuntime);
+  }
+
+  await loadModuleAsync(config.main, false, null);
+
+  emitEvent("bun:ready", null);
 } catch (e) {
   console.error(e);
   onRuntimeError(e, true, false);

src/bake/hmr-runtime-error.ts

@@ -6,6 +6,7 @@
 // This is embedded in `DevServer.sendSerializedFailures`. SSR is
 // left unused for simplicity; a flash of unstyled content is
 // stopped by the fact this script runs synchronously.
+import './debug';
 import { decodeAndAppendServerError, onServerErrorPayload, updateErrorOverlay } from "./client/overlay";
 import { DataViewReader } from "./client/data-view";
 import { initWebSocket } from "./client/websocket";
@@ -29,21 +30,18 @@ declare const error: Uint8Array<ArrayBuffer>;
 
 let firstVersionPacket = true;
 
-const ws = initWebSocket(
-  {
-    [MessageId.version](dv) {
-      if (firstVersionPacket) {
-        firstVersionPacket = false;
-      } else {
-        // On re-connection, the server may have restarted. The route that was
-        // requested could be in unqueued state. A reload is the only way to
-        // ensure this bundle is enqueued.
-        location.reload();
-      }
-      ws.send("se"); // IncomingMessageId.subscribe with errors
-    },
-
-    [MessageId.errors]: onServerErrorPayload,
+const ws = initWebSocket({
+  [MessageId.version](dv) {
+    if (firstVersionPacket) {
+      firstVersionPacket = false;
+    } else {
+      // On re-connection, the server may have restarted. The route that was
+      // requested could be in unqueued state. A reload is the only way to
+      // ensure this bundle is enqueued.
+      location.reload();
+    }
+    ws.send("se"); // IncomingMessageId.subscribe with errors
   },
-  { displayMessage: "Live-reloading socket" },
-);
+
+  [MessageId.errors]: onServerErrorPayload,
+});

src/bake/hmr-runtime-server.ts

@@ -1,7 +1,8 @@
 // This file is the entrypoint to the hot-module-reloading runtime.
 // On the server, communication is established with `server_exports`.
+import './debug';
 import type { Bake } from "bun";
-import { loadModule, LoadModuleType, replaceModules, ssrManifest, serverManifest, HotModule } from "./hmr-module";
+import { loadExports, replaceModules, ssrManifest, serverManifest, HMRModule } from "./hmr-module";
 
 if (typeof IS_BUN_DEVELOPMENT !== "boolean") {
   throw new Error("DCE is configured incorrectly");
@@ -35,12 +36,9 @@ server_exports = {
       });
     }
 
-    const mod = await loadModule<Bake.ServerEntryPoint>(routerTypeMain, LoadModuleType.AsyncAssertPresent);
-    // TODO: fix a loading bug in the hmr runtime
-    await new Promise(resolve => process.nextTick(resolve));
-    await new Promise(resolve => process.nextTick(resolve));
+    const exports = await loadExports<Bake.ServerEntryPoint>(routerTypeMain);
 
-    const serverRenderer = mod.exports.render;
+    const serverRenderer = exports.render;
 
     if (!serverRenderer) {
       throw new Error('Framework server entrypoint is missing a "render" export.');
@@ -49,10 +47,7 @@ server_exports = {
       throw new Error('Framework server entrypoint\'s "render" export is not a function.');
     }
 
-    const [pageModule, ...layouts] = await Promise.all(
-      routeModules.map(async id => (await loadModule(id, LoadModuleType.AsyncAssertPresent)).exports),
-    );
-
+    const [pageModule, ...layouts] = await Promise.all(routeModules.map(loadExports));
     const response = await serverRenderer(req, {
       styles: styles,
       modules: [clientEntryUrl],
@@ -74,12 +69,10 @@ server_exports = {
     if (componentManifestAdd) {
       for (const uid of componentManifestAdd) {
         try {
-          const mod = await (loadModule(uid, LoadModuleType.AsyncAssertPresent) as Promise<HotModule>);
-          const { exports, __esModule } = mod;
-          const exp = __esModule ? exports : (mod._ext_exports ??= { ...exports, default: exports });
+          const exports = await loadExports<{}>(uid);
 
           const client = {};
-          for (const exportName of Object.keys(exp)) {
+          for (const exportName of Object.keys(exports)) {
             serverManifest[uid + "#" + exportName] = {
               id: uid,
               name: exportName,

src/bake/production.zig

@@ -286,7 +286,7 @@ pub fn buildWithVm(ctx: bun.CLI.Command.Context, cwd: []const u8, vm: *VirtualMa
             file.dest_path,
             file.entry_point_index,
         });
-        if (file.loader == .css) {
+        if (file.loader.isCSS()) {
             if (css_chunks_count == 0) css_chunks_first = i;
             css_chunks_count += 1;
         }
@@ -375,7 +375,7 @@ pub fn buildWithVm(ctx: bun.CLI.Command.Context, cwd: []const u8, vm: *VirtualMa
         const server_render_func = brk: {
             const raw = BakeGetOnModuleNamespace(global, server_entry_point, "prerender") orelse
                 break :brk null;
-            if (!raw.isCallable(vm.jsc)) {
+            if (!raw.isCallable()) {
                 break :brk null;
             }
             break :brk raw;
@@ -391,7 +391,7 @@ pub fn buildWithVm(ctx: bun.CLI.Command.Context, cwd: []const u8, vm: *VirtualMa
             brk: {
                 const raw = BakeGetOnModuleNamespace(global, server_entry_point, "getParams") orelse
                     break :brk null;
-                if (!raw.isCallable(vm.jsc)) {
+                if (!raw.isCallable()) {
                     break :brk null;
                 }
                 break :brk raw;
@@ -417,7 +417,7 @@ pub fn buildWithVm(ctx: bun.CLI.Command.Context, cwd: []const u8, vm: *VirtualMa
     const css_chunk_js_strings = try allocator.alloc(JSValue, css_chunks_count);
     for (bundled_outputs[css_chunks_first..][0..css_chunks_count], css_chunk_js_strings) |output_file, *str| {
         bun.assert(output_file.dest_path[0] != '.');
-        bun.assert(output_file.loader == .css);
+        bun.assert(output_file.loader.isCSS());
         str.* = (try bun.String.createFormat("{s}{s}", .{ public_path, output_file.dest_path })).toJS(global);
     }
 

src/base64/base64.zig

@@ -48,6 +48,20 @@ pub fn encode(destination: []u8, source: []const u8) usize {
     return bun.simdutf.base64.encode(source, destination, false);
 }
 
+pub fn simdutfEncodeLenUrlSafe(source_len: usize) usize {
+    return bun.simdutf.base64.encode_len(source_len, true);
+}
+
+/// Encode with the following differences from regular `encode` function:
+///
+/// * No padding is added (the extra `=` characters at the end)
+/// * `-` and `_` are used instead of `+` and `/`
+///
+/// See the documentation for simdutf's `binary_to_base64` function for more details (simdutf_impl.h).
+pub fn simdutfEncodeUrlSafe(destination: []u8, source: []const u8) usize {
+    return bun.simdutf.base64.encode(source, destination, true);
+}
+
 pub fn decodeLenUpperBound(len: usize) usize {
     return zig_base64.standard.Decoder.calcSizeUpperBound(len) catch {
         //fallback

src/bit_set.zig

@@ -190,6 +190,14 @@ pub fn IntegerBitSet(comptime size: u16) type {
             return @ctz(mask);
         }
 
+        /// Finds the index of the first unset bit.
+        /// If all bits are set, returns null.
+        pub fn findFirstUnset(self: Self) ?usize {
+            const mask = ~self.mask;
+            if (mask == 0) return null;
+            return @ctz(mask);
+        }
+
         /// Finds the index of the first set bit, and unsets it.
         /// If no bits are set, returns null.
         pub fn toggleFirstSet(self: *Self) ?usize {
@@ -871,6 +879,11 @@ pub const DynamicBitSetUnmanaged = struct {
         return (self.masks[maskIndex(index)] & maskBit(index)) != 0;
     }
 
+    pub fn isSetAllowOutOfBound(self: Self, index: usize, out_of_bounds: bool) bool {
+        if (index >= self.bit_length) return out_of_bounds;
+        return (self.masks[maskIndex(index)] & maskBit(index)) != 0;
+    }
+
     pub fn bytes(self: Self) []const u8 {
         return std.mem.sliceAsBytes(self.masks[0 .. numMasks(self.bit_length) + 1]);
     }