Yt-dlp – [Announcement] Bun support is now limited and deprecated

The yt-dlp project has announced that support for Bun as a JavaScript runtime is being limited and deprecated due to compatibility and security concerns. Effective with the next release, only Bun versions 1.2.11 through 1.3.14 will be supported, with the lower bound raised to address security risks from ignored lockfiles and the upper bound set because Bun was recently rewritten in Rust using AI, moving away from its original Zig codebase. While yt-dlp will continue to support this narrower range of Bun versions for now, the project reserves the right to completely drop Bun support if maintenance becomes too burdensome.

- - Notifications You must be signed in to change notification settings - Fork 13.8k Announcement Bun support is now limited and deprecated 16766 Description Due to foreseeable compatibility and security issues, yt-dlp's support for Bun as an ejs -compatible JavaScript runtime is being both limited and deprecated. As of the next yt-dlp and/or ejs release, only Bun versions 1.2.11 through 1.3.14 will be supported. The rationale for this change is twofold: - The minimum required version is being raised from 1.0.31 to1.2.11 because building theejs package with a version earlier than1.2.0 results in the ejs lockfile being ignored, which is a significant security concern for users when considering all of the recent npm supply chain attacks. Additionally, the support floor is being bumped to1.2.11 instead of1.2.0 because theejs test suite cannot be run with versions of Bun earlier than1.2.11 . - Bun was recently rewritten in Rust using Claude, and its development seems to have taken a turn towards being fully vibe-coded. This is alarming and disappointing for a number of reasons, and frankly it seems like a future headache that we'd prefer to avoid. We are adding a support ceiling of version 1.3.14 , as that is the last release built from the original zig codebase. Bun support will also be deprecated. This means that while yt-dlp will continue to support this narrower range of Bun versions for as long as they're able to meet the needs of yt-dlp and ejs, we reserve the right to completely drop support for Bun should it at any point become too burdensome to maintain. See the EJS wiki article for more information about supported JavaScript runtimes, but note that it has not yet been updated to reflect the changes announced in this post.