To install Bun
curl -fsSL https://bun.sh/install | bash
npm install -g bun
powershell -c "irm bun.sh/install.ps1|iex"
scoop install bun
brew tap oven-sh/bun
brew install bun
docker pull oven/bun
docker run --rm --init --ulimit memlock=-1:-1 oven/bun
To upgrade Bun
bun upgrade
Faster Buffer.from()
with arrays
Buffer.from()
with arraysBuffer.from()
is now up to 50% faster when creating buffers from JavaScript arrays.
const data = [1, 2, 3, 4, 5, 6, 7, 8];
const buf = Buffer.from(data); // ~50% faster
This optimization bypasses unnecessary construction overhead and leverages JSC's internal array detection to use bulk copy operations for both integer and floating-point arrays.
| Array size | Improvement |
|---|---|
| 8 elements | ~50% faster |
| 64 elements | ~42% faster |
| 1024 elements | ~29% faster |
Bun's underlying JavaScript engine has been upgraded to the latest version of WebKit's JavaScriptCore, bringing performance improvements and bug fixes.
In the next version of Bun & Safari
— Bun (@bunjavascript)
async/await gets 35% faster, thanks to[@Constellation][pic.twitter.com/XhUuiIwzRX][January 15, 2026]
Faster Array.from(arguments)
Array.from(arguments)
In the next version of Bun & Safari
— Bun (@bunjavascript)
Array.from(set), Array.from(arguments), Array.from(map.keys()), Array.from(map.values()) gets up to 2x faster thanks to[@__sosukesuzuki][https://t.co/gC8ljFQBDI][January 15, 2026]
Faster string.padStart & string.padEnd
In the next version of Bun & Safari
— Bun (@bunjavascript)
string.padStart(len, fill) & string.padEnd(len, fill) get up to 90% faster, thanks to[@__sosukesuzuki][https://t.co/TdJTfs6B5G][January 15, 2026]
Faster array.flat()
array.flat()
In the next version of Bun & Safari
— Bun (@bunjavascript)
array.flat() gets up to 3x faster, thanks to[@__sosukesuzuki][https://t.co/3Oll89bxGf][January 15, 2026]
ARM64 Performance Improvements
On Apple Silicon and other ARM64 platforms, compound boolean expressions like if (x === 0 && y === 1)
now compile to more efficient conditional compare instruction chains (ccmp
/ccmn
), reducing branch mispredictions and code size.
Additionally, floating-point constants can now be materialized directly in registers using ARM64 vector instructions, avoiding unnecessary memory loads.
We've added JIT & interpreter support for Windows ARM64 to JavaScriptCore. This was the main blocker for unblocking Windows ARM64 support in Bun. We don't yet support Windows ARM64 in Bun, but it's coming soon.
Fixed: Race condition in thread termination that could cause issues when using Web WorkersFixed: Exception handling edge cases where termination exceptions could be incorrectly cleared during iterator operations and promise handlingFixed: Functions loaded from bytecode cache now correctly respect JIT compilation thresholds instead of compiling immediately on first execution
fetch
now preserves header case when sending HTTP requests
fetch
now preserves header case when sending HTTP requestsHTTP headers are technically case-insensitive per RFC 7230, but many APIs expect specific casing. Previously, Bun would lowercase all headers when sending HTTP requests (e.g., authorization
instead of Authorization
), which could break compatibility with services that require exact header names.
Now, fetch
and the node:https
module preserve the original casing of headers exactly as you define them, matching Node.js behavior.
// Headers are now sent with their original casing
await fetch("https://api.example.com/data", {
headers: {
"Authorization": "Bearer token123", // sent as "Authorization"
"Content-Type": "application/json", // sent as "Content-Type"
"X-Custom-Header": "value", // sent as "X-Custom-Header"
},
});
// Also works with the Headers object
const headers = new Headers();
headers.set("Content-Type", "text/plain"); // sent as "Content-Type"
Bun.wrapAnsi()
for ANSI-aware text wrapping
Bun.wrapAnsi()
for ANSI-aware text wrappingBun now includes Bun.wrapAnsi()
, a native implementation of the popular wrap-ansi npm package. It wraps text to a specified column width while preserving ANSI escape codes, making it ideal for CLI tools that need to handle colored or styled output.
const text = "\x1b[31mThis is a long red text that needs wrapping\x1b[0m";
const wrapped = Bun.wrapAnsi(text, 20);
// Wraps at 20 columns, preserving the red color across line breaks
Bun.wrapAnsi(text: string, columns: number, options?: {
// Break words longer than columns (default: false)
hard?: boolean;
// Wrap at word boundaries (default: true)
wordWrap?: boolean;
// Trim leading/trailing whitespace (default: true)
trim?: boolean;
// Treat ambiguous-width chars as narrow (default: true)
ambiguousIsNarrow?: boolean;
}): string
- Preserves ANSI escape codes (SGR colors/styles)
- Supports OSC 8 hyperlinks
- Respects Unicode display widths (full-width characters, emoji)
- Normalizes carriage return newline to newline
Bun.wrapAnsi
is 33–88x faster than the wrap-ansi
npm package:
| Benchmark | npm | Bun | Speedup |
|---|---|---|---|
| Short text (45 chars) | 25.81 µs | 685 ns | 37x |
| Medium text (810 chars) | 568 µs | 11.22 µs | 50x |
| Long text (8100 chars) | 7.66 ms | 112 µs | 68x |
| Hard wrap colored | 8.82 ms | 174 µs | 50x |
| No trim long | 8.32 ms | 93.92 µs | 88x |
Bun's built-in CPU profiler now supports a --cpu-prof-md
flag that generates profiling data in Markdown format, making it easy to share profiles on GitHub or analyze them with LLMs.
bun --cpu-prof-md script.js
bun --cpu-prof --cpu-prof-md script.js
The markdown output includes:
Summary table with duration, sample count, and intervalHot functions ranked by self-time percentageCall tree showing total time including childrenFunction details with caller/callee relationshipsFile breakdown showing time spent per source file
All existing flags work with the new format:
--cpu-prof-name
for custom filenames--cpu-prof-dir
for custom output directories
Heap Profiling with --heap-prof
--heap-prof
Bun now supports heap profiling via new CLI flags, making it easier to diagnose memory leaks and analyze memory usage in your applications.
bun --heap-prof script.js
bun --heap-prof-md script.js
bun --heap-prof --heap-prof-dir ./profiles --heap-prof-name my-snapshot.heapsnapshot script.js
The --heap-prof
flag generates .heapsnapshot
files that can be loaded directly into Chrome DevTools for visual analysis. The --heap-prof-md
flag generates a markdown report optimized for command-line analysis:
## Summary
| Metric | Value |
| --------------- | -------: |
| Total Heap Size | 208.2 KB |
| Total Objects | 2651 |
| GC Roots | 426 |
## Top 50 Types by Retained Size
| Rank | Type | Count | Self Size | Retained Size |
| ---: | ----------- | ----: | --------: | ------------: |
| 1 | `Function` | 568 | 18.7 KB | 5.4 MB |
| 2 | `Structure` | 247 | 27.0 KB | 2.0 MB |
The markdown format includes searchable object listings, retainer chains showing how objects are kept alive, and quick grep commands for finding memory issues:
grep 'type=Function' profile.md # Find all Function objects
grep 'size=[0-9]\{5,\}' profile.md # Find objects >= 10KB
grep 'gcroot=1' profile.md # Find all GC roots
Bun now includes a built-in JSON5 parser with Bun.JSON5.parse()
and Bun.JSON5.stringify()
, plus native .json5
file imports.
JSON5 is a superset of JSON that adds developer-friendly features like comments, trailing commas, unquoted keys, single-quoted strings, and hexadecimal numbers. It's used by major projects including Chromium, Next.js, Babel, and WebStorm.
// Parse JSON5 strings
const config = Bun.JSON5.parse(`{
// Database configuration
host: 'localhost',
port: 5432,
ssl: true,
}`);
// Stringify objects to JSON5
const output = Bun.JSON5.stringify({ name: "app", version: 1 });
// Import .json5 files directly
import settings from "./config.json5";
JSON5 is particularly useful for configuration files where comments and trailing commas improve readability and maintainability.
Bun.JSONL
for Streaming JSONL Parsing
Bun.JSONL
for Streaming JSONL ParsingBun now has built-in support for parsing JSONL (newline-delimited JSON). The parser is implemented in C++ using JavaScriptCore's optimized JSON parser, providing fast parsing for both complete inputs and streaming use cases.
Bun.JSONL.parse()
Bun.JSONL.parse()
Parse a complete JSONL string or Uint8Array
and return an array of all parsed values:
const results = Bun.JSONL.parse('{"name":"Alice"}\n{"name":"Bob"}\n');
// [{ name: "Alice" }, { name: "Bob" }]
// Also works with Uint8Array (UTF-8 BOM automatically skipped)
const buffer = new TextEncoder().encode('{"a":1}\n{"b":2}\n');
const records = Bun.JSONL.parse(buffer);
// [{ a: 1 }, { b: 2 }]
Bun.JSONL.parseChunk()
Bun.JSONL.parseChunk()
For streaming scenarios, parseChunk
parses as many complete values as possible and returns how far it got—useful when receiving data incrementally from a network stream:
const chunk = '{"id":1}\n{"id":2}\n{"id":3';
const result = Bun.JSONL.parseChunk(chunk);
result.values; // [{ id: 1 }, { id: 2 }]
result.read; // 17 — characters consumed
result.done; // false — incomplete value remains
result.error; // null — no parse error
Use read
to slice off consumed input and carry forward the remainder:
let buffer = "";
for await (const chunk of stream) {
buffer += chunk;
const result = Bun.JSONL.parseChunk(buffer);
for (const value of result.values) {
handleRecord(value);
}
// Keep only the unconsumed portion
buffer = buffer.slice(result.read);
}
S3 presign()
now supports contentDisposition
and type
options
presign()
now supports contentDisposition
and type
optionsFixed an issue where S3File.presign()
was ignoring the contentDisposition
and type
options when generating presigned URLs. These options are now properly included as response-content-disposition
and response-content-type
query parameters.
This is particularly useful when you want browsers to download files as attachments instead of displaying them inline:
import { S3Client } from "bun";
const s3 = new S3Client({
region: "us-east-1",
endpoint: "https://s3.us-east-1.amazonaws.com",
accessKeyId: process.env.AWS_ACCESS_KEY_ID,
secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,
bucket: "my-bucket",
});
const file = s3.file("report.pdf");
const url = file.presign({
method: "GET",
expiresIn: 900,
contentDisposition: 'attachment; filename="quarterly-report.pdf"',
type: "application/octet-stream",
});
// URL now includes response-content-disposition and response-content-type parameters
bun pm pack
now respects changes to package.json
from lifecycle scripts
bun pm pack
now respects changes to package.json
from lifecycle scriptsbun pm pack
now re-reads package.json
after running prepack
, prepare
, and prepublishOnly
scripts, ensuring any modifications made by these scripts are included in the tarball.
This matches npm's behavior and enables compatibility with tools like clean-package that modify package.json
during the pack process.
// package.json
{
"name": "my-package",
"version": "1.0.0",
"scripts": {
"prepack": "node prepack.js"
},
"description": "Original description",
"devDependencies": { /* ... */ }
}
// prepack.js - removes devDependencies before packing
const fs = require('fs');
const pkg = JSON.parse(fs.readFileSync('package.json', 'utf8'));
delete pkg.devDependencies;
pkg.description = 'Production build';
fs.writeFileSync('package.json', JSON.stringify(pkg, null, 2));
Previously, the tarball would contain the original package.json
. Now it correctly contains the modified version.
node:inspector
Profiler API
node:inspector
Profiler APIBun now implements the node:inspector
Profiler API for CPU profiling via the Chrome DevTools Protocol.
Supported methods:
Profiler.enable
/Profiler.disable
Profiler.start
/Profiler.stop
Profiler.setSamplingInterval
Both callback (node:inspector
) and promise (node:inspector/promises
) APIs are supported.
import inspector from "node:inspector/promises";
const session = new inspector.Session();
session.connect();
await session.post("Profiler.enable");
await session.post("Profiler.start");
// ... code to profile ...
const { profile } = await session.post("Profiler.stop");
await session.post("Profiler.disable");
// profile is in Chrome DevTools Protocol format
- Fixed:
Bun.profile()
frombun:jsc
returning empty traces on subsequent calls
Faster Buffer.swap16()
and Buffer.swap64()
Buffer.swap16()
and Buffer.swap64()
Buffer.swap16()
is now 1.8x faster and Buffer.swap64()
is now 3.6x faster by using optimized CPU intrinsics instead of byte-by-byte swapping loops.
const buf = Buffer.alloc(64 * 1024);
// Swap byte pairs in-place (e.g., for UTF-16 encoding conversion)
buf.swap16();
// Swap 8-byte chunks in-place (e.g., for 64-bit integer endianness)
buf.swap64();
| Operation | Before | After | Improvement |
|---|---|---|---|
| swap16 | 1.00 µs | 0.56 µs | 1.8x faster |
| swap64 | 2.02 µs | 0.56 µs | 3.6x faster |
Bun now matches or exceeds Node.js performance for all buffer swap operations.
Fixed: Bun.stringWidth - grapheme breaking with GB9c Support
Bun's grapheme breaking implementation has been upgraded to properly support Unicode's GB9c rule for Indic Conjunct Break. This means Devanagari and other Indic script conjuncts now correctly form single grapheme clusters.
Previously, Indic conjunct sequences (consonant + virama + consonant) were incorrectly split into multiple grapheme clusters. Now Bun.stringWidth()
and other string operations handle these scripts correctly:
// Devanagari conjuncts now correctly treated as single grapheme clusters
Bun.stringWidth("क्ष"); // Ka+Virama+Ssa → width 2 (single cluster)
Bun.stringWidth("क्ष"); // Ka+Virama+ZWJ+Ssa → width 2 (single cluster)
Bun.stringWidth("क्क्क"); // Ka+Virama+Ka+Virama+Ka → width 3 (single cluster)
This update also reduces the internal table size from ~70KB to ~51KB while adding more comprehensive Unicode support.
Next.js 16 Cache Components compatibility
Added the _idleStart
property to Timeout
objects returned by setTimeout()
and setInterval()
, matching Node.js behavior. This property returns a monotonic timestamp (in milliseconds) representing when the timer was created or last rescheduled.
This fixes compatibility with Next.js 16's Cache Components feature, which relies on this internal property to coordinate timers.
const timer = setTimeout(() => {}, 1000);
console.log(timer._idleStart); // monotonic timestamp in ms
clearTimeout(timer);
replMode
option for Bun.Transpiler
replMode
option for Bun.Transpiler
A new replMode
option for Bun.Transpiler
transforms code for interactive REPL evaluation. This enables building a Node.js-compatible REPL using Bun.Transpiler
with vm.runInContext
for persistent variable scope.
Key features:
Variable hoisting:var
/let
/const
declarations are hoisted outside the IIFE wrapper for persistence across REPL lines: Allows re-declaration in subsequent REPL inputsconst
→let
conversionExpression result capture: Wraps the last expression for easy result extraction** Object literal detection**: Auto-detects{a: 1}
as an object literal instead of a block statementTop-level await support: Automatically uses async IIFE wrappers when needed
import vm from "node:vm";
const transpiler = new Bun.Transpiler({
: "tsx",
replMode: true,
});
const context = vm.createContext({ console, Promise });
async function repl(code: string) {
const transformed = transpiler.transformSync(code);
const result = await vm.runInContext(transformed, context);
return result.value;
}
// Variables persist across REPL lines
await repl("var x = 10"); // 10
await repl("x + 5"); // 15
// Classes and functions are hoisted to the context
await repl("class Counter {}"); // [class Counter]
await repl("new Counter()"); // Counter {}
// Object literals are auto-detected
await repl("{a: 1, b: 2}"); // {a: 1, b: 2}
// Top-level await works
await repl("await Promise.resolve(42)"); // 42
Increased Maximum HTTP Header Count
The maximum number of HTTP headers allowed in requests and responses has been doubled from 100 to 200. This improves compatibility with services that send many headers, such as APIs with extensive metadata or proxies that append multiple forwarding headers.
WebSocket URL Credentials Support
WebSocket connections now properly forward credentials embedded in URLs as Basic Authorization headers, matching Node.js behavior.
When connecting to a WebSocket URL with embedded credentials like ws://user:pass@host
, Bun now automatically extracts the credentials and sends them as a properly encoded Authorization: Basic
header during the WebSocket upgrade handshake.
// Credentials are now automatically forwarded
const ws = new WebSocket("ws://username:password@example.com/socket");
// User-provided Authorization headers take precedence
const ws2 = new WebSocket("ws://user:pass@example.com/socket", {
headers: {
Authorization: "Bearer custom-token", // This will be used instead
},
});
This fixes compatibility with services like Puppeteer connecting to remote browser instances (e.g., Bright Data's scraping browser) that require URL-based authentication.
Bun v1.3.7 upgrades WebKit, bringing significant performance improvements to several JavaScript built-in methods:
String methods:
String.prototype.isWellFormed
andString.prototype.toWellFormed
are5.2-5.4x faster using simdutf
RegExp methods:
RegExp.prototype[Symbol.matchAll]
andRegExp.prototype[Symbol.replace]
reimplemented in C++
S3 contentEncoding
Option
contentEncoding
OptionBun's S3 client now supports setting the Content-Encoding
header when up objects via .write()
and .writer()
methods.
This is useful when up pre-compressed content to S3, allowing you to specify encodings like gzip
, br
(Brotli), or deflate
:
import { s3 } from "bun";
const file = s3.file("my-bucket/data.json.gz");
// With .write()
await file.write(compressedData, { contentEncoding: "gzip" });
// With .writer()
const writer = file.writer({ contentEncoding: "gzip" });
writer.write(compressedData);
await writer.end();
// With bucket.write()
const bucket = s3.bucket("my-bucket");
await bucket.write("data.json.br", brotliData, { contentEncoding: "br" });
bun:ffi
now respects C_INCLUDE_PATH
and LIBRARY_PATH
environment variables
bun:ffi
now respects C_INCLUDE_PATH
and LIBRARY_PATH
environment variablesBun's built-in C compiler (bun:ffi
) now respects the standard C_INCLUDE_PATH
and LIBRARY_PATH
environment variables. This fixes compilation on NixOS and other systems that don't use standard FHS paths like /usr/include
or /usr/lib
.
import { cc } from "bun:ffi";
const {
symbols: { hello },
} = cc({
source: "./hello.c",
symbols: {
hello: {
returns: "int",
},
},
});
// On NixOS, set C_INCLUDE_PATH and LIBRARY_PATH to point to your Nix store paths
// C_INCLUDE_PATH=/nix/store/.../include LIBRARY_PATH=/nix/store/.../lib bun run hello.js
- Bun now uses Mimalloc v3 for the natively-managed memory heap. This reduces memory usage in multi-threaded scenarios. Please let us know if you run into any increases in memory usage.
- LOLHTML updated to v2.7.1
- TinyCC has been updated to the latest version, and we've implemented Windows ARM64 support.
- BoringSSL has been updated.
- Fixed: CSS logical border-radius properties (
border-start-start-radius
,border-start-end-radius
,border-end-end-radius
,border-end-start-radius
) being silently dropped by the CSS bundler. - Fixed: Bundler producing invalid JavaScript when minifying files with both default and named imports from the
"bun"
module (e.g.,import bun, { embeddedFiles } from "bun"
) due to missing semicolons between statements - Fixed: a panic in the bundler when using code splitting on Windows
- Fixed: Bundler's
module.exports = require()
redirect optimization being disabled when legal comments (/*! ... */
) were present in wrapper modules like Express'sindex.js
, resulting in unnecessary wrapper functions in the output - Fixed: Crash in
bun build
when using macros - Fixed:
Bun.build
hanging indefinitely when called from within a macro during bundling—now throws a clear error explaining the deadlock and suggestingBun.spawnSync
as a workaround. - Fixed:
reactFastRefresh
inbun.build
now works with non-browser targets - Fixed: Bundler producing duplicate export statements when one entry point re-exports from another entry point with code splitting enabled.
- Fixed: Bundler generating invalid import paths (missing
./
prefix) when a file imports from the same directory in code-split builds. - Fixed: Named Function Expressions Shadowing Outer Symbols
bun build --compile
bun build --compile
- Fixed: Compiled binaries with
autoloadBunfig: false
incorrectly bunfig.toml
whenexecArgv
was also provided - Fixed: Native module export corruption when using
bun build --compile
with multiple NAPI modules on Linux, where the second module would incorrectly receive the first module's exports - Fixed: Standalone executables compiled with
--compile-exec-argv
incorrectly intercepting--version
,-v
,--help
, and-h
flags before user code could handle them, breaking CLI applications using libraries like Commander.js that define their own version and help commands - Fixed: Lazy-loaded chunks from dynamic imports not appearing in
frontend.files
when using--splitting
with--compile
in fullstack builds - Fixed:
BUN_OPTIONS
environment variable not being applied as runtime options for standalone executables created withbun build --compile
, which caused options like--bun
to incorrectly appear inprocess.argv
instead of being parsed as Bun runtime options. - Fixed: Incorrect offset calculations in single-file executables on non-ARM64 macOS platforms when codesigning was not enabled
- Fixed a crash when running standalone executables with bytecode cache on Windows caused by incorrect bytecode alignment in PE sections.
bun install
bun install
- Fixed:
bun update --interactive
not selecting packages when pressing 'l' to toggle between Target and Latest versions, causing the underline indicator to disappear and packages to be excluded when confirming - Fixed:
bun install --yarn
generating invalidyarn.lock
files when usingworkspace:*
dependencies in monorepos - Fixed:
bun install --frozen-lockfile
incorrectly using the default npm registry instead of scope-specific registries configured inbunfig.toml
when the lockfile had an empty registry URL for scoped packages (e.g.,@orgname/package
). - Fixed:
bun install
now shows the dependency name in error messages when afile:
path resolution fails due to a stale lockfile, instead of the misleading "Bun could not find a package.json file to install from" error. - Fixed:
bun add
crashing with "panic: Assertion failure: Expected metadata to be set" when HTTP requests fail before receiving response headers (e.g., network connection refused, firewall blocking requests, or timeouts)
bun test
bun test
- Fixed:
bun test --inspect
now properly sendsTestReporter.found
,TestReporter.start
, andTestReporter.end
events to debugger clients that connect after test discovery has begun, enabling IDE integrations and debugging tools to receive real-time test execution telemetry without requiring--inspect-wait
. - Fixed:
assert.partialDeepStrictEqual
incorrectly requiring exact equality for Map objects instead of checking if the expected Map is a subset of the actual Map - Fixed:
jest.useRealTimers()
not properly removing thesetTimeout.clock
property, which broke React Testing Library and other libraries that detect fake timers usinghasOwnProperty
checks
Bun.serve()
Bun.serve()
- Fixed: Exporting a
Server
instance fromBun.serve()
as the default export no longer causes a "Maximum call stack" error. Bun's entry point wrapper previously detected thefetch
method on the running server and incorrectly tried to callBun.serve()
on it again. - Fixed: Scripts that export
globalThis
(e.g.,module.exports = globalThis
orexport default globalThis
) no longer incorrectly trigger Bun's auto-serve detection and start a development server on port 3000 - Fixed:
--no-clear-screen
flag andBUN_CONFIG_NO_CLEAR_TERMINAL_ON_RELOAD
environment variable not being respected during HMR reloads when usingBun.serve
withhmr: true
- Fixed:
ls -l
in Bun's shell now correctly displays long listing format with file type, permissions, hard link count, UID, GID, size, modification time, and filename instead of showing the same output asls
without flags - Fixed: Crash in shell interpreter when an error occurred during initialization in certain cases
- Fixed:
$
....cwd(".")
,.cwd("")
, and.cwd("./")
in Bun shell causing ENOENT errors with paths ending in "undefined" when used in loops
- Fixed: Added missing stack overflow checks in
Bun.JSONC.parse
andBun.TOML.parse
node:http2
node:http2
- Fixed: HTTP/2 streams sending an extra empty DATA frame when using
req.write(data)
followed byreq.end()
, which caused AWS ALB and other strict HTTP/2 servers to reject connections withNGHTTP2_FRAME_SIZE_ERROR
- Fixed: initial stream window size to use
DEFAULT_WINDOW_SIZE
untilSETTINGS_ACK
is received per RFC 7540 Section 6.5.1 - Fixed: HTTP/2 streams failing with
NGHTTP2_PROTOCOL_ERROR
when connecting to Fauna - Fixed: gRPC requests failing with
NGHTTP2_FRAME_SIZE_ERROR
when servers advertise non-defaultmaxFrameSize
settings (regression since v1.2.16) - Fixed: Settings validation using incorrect integer conversion that truncated large values
- Improved: properly adjusts existing stream windows when
INITIAL_WINDOW_SIZE
setting changes - Improved: implements
maxHeaderListSize
checking per RFC 7540 Section 6.5.2 - Improved: tracks cumulative header list size using HPACK entry overhead
- Improved; adds validation for
customSettings
option (up to 10 custom settings, matching Node.js) - Improved: validates setting IDs and values per RFC 7540 specifications
- Fixed: Hypothetical crash when using HTTP proxy with redirects if the socket closes during redirect processing
- Fixed:
fetch()
mTLS incorrectly used the first client certificate for subsequent keepalive requests to the same host, ignoring per-requesttls
options - Fixed:
Request.prototype.text()
incorrectly throwing "TypeError: undefined is not a function" in certain cases under load - Fixed:
Request
constructor ignoringcache
andmode
options - Fixed:
NO_PROXY
environment variable not respecting port numbers (e.g.,NO_PROXY=localhost:8080
would incorrectly bypass the proxy for all requests tolocalhost
regardless of port)
node:fs
node:fs
- Fixed:
realpathSync
blocking indefinitely when called on a FIFO (named pipe) on POSIX systems - Fixed:
Bun.Glob
andfs.readdirSync
withrecursive: true
failing to find files on bind-mounted filesystems, FUSE, NFS, and some ext4 configurations in Docker environments - Fixed:
fs.Dirent.isFIFO()
incorrectly returningtrue
for files on sshfs, NFS, and other remote filesystems that don't populated_type
- Fixed:
fs.watch
on directories not emittingchange
events for file modifications on Linux. Previously, when watching a directory, files created after the watch was established would only emit arename
event on creation, but subsequent modifications would not emitchange
events.
node:https
& TLS
node:https
& TLS- Fixed: TLS options (
ca
,cert
,key
,passphrase
,ciphers
,servername
,secureOptions
,rejectUnauthorized
) fromagent.options
andagent.connectOpts
not being respected in thehttps
module, improving compatibility with libraries likehttps-proxy-agent
- Fixed: race condition where
request.socket._secureEstablished
could returnfalse
in HTTPS request handlers even after the TLS handshake had completed - Fixed: TLS v1.2 renegotation
rejectUnauthorized
option being incorrectly ignored in TLS socketsetVerifyMode
, which could cause certificate verification to behave unexpectedly during TLS renegotiation.
node:http
node:http
- Request bodies in GET requests are now supported.
- Fixed: Multipart uploads with
form-data
+node-fetch@2
+fs.createReadStream()
being truncated
)
ws
)- Fixed:
handleProtocols
option inws
WebSocketServer not correctly setting the selected protocol in WebSocket upgrade responses - Fixed:
ws.once()
only working on the first call for each event type in thews
package
- Fixed: crash in Node-API that caused corrupted data when using native modules like
impit
. The first issue occurred when property name strings were freed by the caller but Bun retained dangling pointers in the atom string table. The second issue occurred when extracting.buffer
from an external buffer would prematurely free the backing data when the original Buffer was garbage collected.
- Fixed:
ReadableStreamDefaultController.desiredSize
throwingTypeError: null is not an object
instead of returningnull
when accessing it after the stream has been detached during cleanup (e.g., when piping aReadableStream
body tofetch
and the downstream closes unexpectedly)
bun:sql
(MySQL)
bun:sql
(MySQL)- Fixed: MySQL transactions hanging when executing sequential transactions in a loop where an
INSERT
is awaited inside the transaction callback and aSELECT
query is returned as an array without being awaited - Fixed: MySQL VARCHAR/CHAR/TEXT columns with binary collations (like
utf8mb4_bin
) incorrectly returningBuffer
instead ofstring
Bun.Terminal
Bun.Terminal
- Fixed:
Bun.Terminal
callbacks (data
,exit
,drain
) not being invoked when the terminal was created insideAsyncLocalStorage.run()
- Fixed: Memory leak in YAML parser
- Fixed: Memory leak when sockets are reused for reconnection (common with MongoDB driver-like usage)
- Fixed:
bun completions
crashing withBrokenPipe
error when piped to commands that close stdout early (e.g.,bun completions | true
) - Fixed: Fish shell autocompletion not working for
bun update
command and its flags (like--global
,--dry-run
,--force
) - Fixed:
bun init --minimal
incorrectly creating Cursor rules files andCLAUDE.md
when the--minimal
flag should only createpackage.json
andtsconfig.json
- Fixed:
bun <file>
on unsupported file types (.css
,.html
,.yaml
, etc.) now shows "Cannot run" with the file type instead of the misleading "File not found" error - Fixed:
bun
npm package now shows a helpful error message when postinstall script hasn't run, instead of silently exiting with code 0. This helps diagnose issues when installing with--ignore-scripts
or using pnpm (which skips postinstall scripts by default). - Fixed:
BUN_OPTIONS
environment variable incorrectly parsing bare flags (flags without=
) when followed by other flags, causing options like--cpu-prof
to be ignored when specified asBUN_OPTIONS="--cpu-prof --cpu-prof-dir=profiles"
- Fixed: Renamed
Bun.Build.Target
type toBun.Build.CompileTarget
in TypeScript definitions to avoid confusion with the existingtarget
option inBun.build()
- Fixed: TypeScript errors in the
react-tailwind
template'sbuild.ts
when using strict type checking
- Fixed: Properly handle errors when strings exceed the ~4GB maximum length limit, now correctly throwing
ERR_STRING_TOO_LONG
, fixing a SIGILL crash impacting some Claude Code users - Fixed:
process.stdout.write()
not emitting EPIPE errors on broken pipes, causing processes to exit with code 0 instead of 1 when stdout is destroyed - Fixed:
TypeError: this._refreshLine is not a function
when using tab completion withnode:readline/promises
- Improved:
node:util
now usesBun.stringWidth
directly, offering improved performance.
- Fixed: panic when reading or writing large files (>4GB) on Windows due to integer overflow in libuv buffer size parameters
- Fixed: NixOS debug builds failing with
_FORTIFY_SOURCE requires compiling with optimization
error