mirrors/bun.sh
1
0
Fork 0
mirror of https://github.com/oven-sh/bun synced 2026-02-02 15:08:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
41be6aeb3c8674c406d279c298364fb985d7525c
bun.sh/docs/install/audit.md
robobun 41be6aeb3c docs: add missing v1.2.21 features to documentation (#23085) 
## Summary
- Added documentation for 5 features introduced in Bun v1.2.21 that were
missing from the docs
- Kept updates minimal with high information density as requested

## Changes
- **bun audit filtering options** (`docs/install/audit.md`)
  - `--audit-level=<low|moderate|high|critical>` - filter by severity
  - `--prod` - audit only production dependencies  
  - `--ignore <CVE>` - ignore specific vulnerabilities

- **--compile-exec-argv flag** (`docs/bundler/executables.md`)
  - Embed runtime arguments in compiled executables
  - Arguments available via `process.execArgv`

- **bunx --package/-p flag** (`docs/cli/bunx.md`)
  - Run binaries from specific packages when name differs

- **package.json sideEffects glob patterns** (`docs/bundler/index.md`)
  - Support for `*`, `?`, `**`, `[]`, `{}` patterns

- **--user-agent CLI flag** (`docs/cli/run.md`)
  - Customize User-Agent header for all fetch() requests

## Test plan
- [x] Reviewed all changes match Bun v1.2.21 blog post features
- [x] Verified documentation style is concise with code examples
- [x] Checked no existing documentation was removed

🤖 Generated with [Claude Code](https://claude.com/claude-code)

---------

Co-authored-by: Claude Bot <claude-bot@bun.sh>
Co-authored-by: Claude <noreply@anthropic.com>
2025-09-29 21:54:34 -07:00

1.6 KiB
Raw Blame History

bun audit checks your installed packages for known security vulnerabilities.

Run the command in a project with a bun.lock file:

$ bun audit

Bun sends the list of installed packages and versions to NPM, and prints a report of any vulnerabilities that were found. Packages installed from registries other than the default registry are skipped.

If no vulnerabilities are found, the command prints:

No vulnerabilities found

When vulnerabilities are detected, each affected package is listed along with the severity, a short description and a link to the advisory. At the end of the report Bun prints a summary and hints for updating:

3 vulnerabilities (1 high, 2 moderate)
To update all dependencies to the latest compatible versions:
  bun update
To update all dependencies to the latest versions (including breaking changes):
  bun update --latest

Filtering options

--audit-level=<low|moderate|high|critical> - Only show vulnerabilities at this severity level or higher:

bun audit --audit-level=high

--prod - Audit only production dependencies (excludes devDependencies):

bun audit --prod

--ignore <CVE> - Ignore specific CVEs (can be used multiple times):

bun audit --ignore CVE-2022-25883 --ignore CVE-2023-26136

--json

Use the --json flag to print the raw JSON response from the registry instead of the formatted report:

$ bun audit --json

Exit code

bun audit will exit with code 0 if no vulnerabilities are found and 1 if the report lists any vulnerabilities. This will still happen even if --json is passed.

Reference in New Issue View Git Blame Copy Permalink