mirrors/bun.sh
1
0
Fork 0
mirror of https://github.com/oven-sh/bun synced 2026-02-11 19:38:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
da5c41de3e63fd81350ca7eb10a16f53dd4f2be1
bun.sh/docs/install/security.md
Claude Bot da5c41de3e fix: address security scanner PR review comments 
- Fix write loop to ensure all data is written properly
- Fix documentation headings and config keys to use 'scanner' instead of 'provider'
- Move security scanner code to separate file (security_scanner.zig)
- Rename config field from 'security_provider' to 'security_scanner'
- Remove CLI flag handling logic as requested, rely on --no-install instead
- Update all references to use new naming convention

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-21 09:43:59 +00:00

2.4 KiB
Raw Blame History

Security Scanner API

Bun's package manager can scan packages for security vulnerabilities before installation, helping protect your applications from supply chain attacks and known vulnerabilities.

Quick Start

Configure a security scanner in your bunfig.toml:

[install.security]
provider = "@acme/bun-security-provider"

When configured, Bun will:

  • Scan all packages before installation
  • Display security warnings and advisories
  • Cancel installation if critical vulnerabilities are found
  • Automatically disable auto-install for security

How It Works

Security scanners analyze packages during bun install, bun add, and other package operations. They can detect:

  • Known security vulnerabilities (CVEs)
  • Malicious packages
  • License compliance issues
  • ...and more!

Security Levels

Scanners report issues at two severity levels:

  • fatal - Installation stops immediately, exits with non-zero code
  • warn - In interactive terminals, prompts to continue; in CI, exits immediately

Using Pre-built Scanners

Security companies provide Bun-compatible scanners as npm packages that you can install and use immediately.

Installing a Scanner

Install a security provider from npm:

$ bun add -d @acme/bun-security-provider

Note: Consult your security provider's documentation for their specific package name and installation instructions. Most providers will be installed with a simple bun add command.

Configuring the Scanner

After installation, configure it in your bunfig.toml:

[install.security]
provider = "@acme/bun-security-provider"

Enterprise Configuration

Some enterprise scanners might support authentication and/or configuration through environment variables:

# This might go in ~/.bashrc, for example
export SECURITY_API_KEY="your-api-key"

# The scanner will now use these credentials automatically
bun install

Consult your security provider's documentation to learn which environment variables to set and if any additional configuration is required.

Authoring your own scanner

For a complete example with tests and CI setup, see the official template: github.com/oven-sh/security-provider-template

Related

Reference in New Issue View Git Blame Copy Permalink