Behind the scenes of Bun Install

Posted by Bogdanp 9/11/2025

Behind the scenes of Bun Install(bun.com)

431 points | 152 comments

captn3m0 9/11/2025|

> The M4 Max MacBook I'm using to write this would've ranked among the 50 fastest supercomputers on Earth in 2009.

I attempted to validate this: You'd need >75 TFlop/s to get into the top50 in the TOP500[0] rankings in 2009. M4 Max review says 18.4 TFlop/s at FP32, but TOP500 uses LINPACK, which uses FP64 precision.

An M2 benchmark gives a 1:4 ratio for double precision, so you'd get maybe 9 TFlop/s at FP64? That wouldn't make it to TOP500 in 2009.

[0]: https://top500.org/lists/top500/list/2009/06/

nine_k 9/11/2025||

> Now multiply that by thousands of concurrent connections each doing multiple I/O operations. Servers spent ~95% of their time waiting for I/O operations.

Well, no. The particular thread of execution might have been spending 95% of time waiting for I/O, but a server (the machine serving the thousands of connections) would easily run at 70%-80% of CPU utilization (because above that, tail latency starts to suffer badly). If your server had 5% CPU utilization under full load, you were not running enough parallel processes, or did not install enough RAM to do so.

Well, it's a technicality, but the post is devoted to technicalities, and such small blunders erode the trust to the rest of the post. (I'm saying this as a fan of Bun.)

ukblewis 9/12/2025||

If you’ve never seen a machine stuck waiting for disk I/O, I don’t know what to tell you… but it is common, even with SSDs it can happen (as they point out due to handoff between the OS and user level process takes time)

fleebee 9/11/2025|||

I'm guessing that's an LLM hallucination. The conclusion section especially has some hints it was pulled out of an LLM:

> The package managers we benchmarked weren't built wrong, they were solutions designed for the constraints of their time.

> Buns approach wasn't revolutionary, it was just willing to look at what actually slows things down today.

> Installing packages 25x faster isn't "magic": it's what happens when tools are built for the hardware we actually have.

notpushkin 9/12/2025|||

Sorry, what is the telltale sign here?

pests 9/12/2025||

It’s not _____, it’s ______.

Some more conversation a week or so ago I had:

https://news.ycombinator.com/item?id=44786962#44788567

philsnow 9/12/2025||

That just seems like a rhetorical technique, which shows up in LLMspeak because people use it

pests 9/13/2025||

I’ve talked to hundreds of humans online and only see that pattern once in a blue moon. In fact I just went thru the last 10 pages of my comments (and their replies, etc) and grepped for the phrase and the only time it’s been uttered has been in AI response examples like above.

gg-plz 9/11/2025|||

[dead]

LollipopYakuza 9/12/2025||

> even low-end smartphones have more RAM than high-end servers had in 2009

That's even less accurate. By two orders of magnitude. High-end servers in 2009 had way more than 4GB. The (not even high-end) HP Proliant I installed for a small business in 2008, that was already bought used at the time, had 128GB of RAM.

I understand why one would want to make an article entertaining but that seriously makes me doubt the rest of the articles when diving into a topic I don't know as much.

ukblewis 9/12/2025||

I guess that they may have meant workstations / servers for horizontally scaled software, but yes, I agree that that sentence does seem misleading

robinhood 9/11/2025||

Complex subject, beautifully simple to read. Congrats to the author.

Also: I love that super passionate people still exist, and are willing to challenge the statut quo by attacking really hard things - things I don't have the brain to even think about. It's not normal that we have better computers each month and slower softwares. If only everyone (myself included) were better at writing more efficient code.

ljm 9/11/2025|

I didn’t know it was written in Zig. That’s a fascinating choice to me given how young the language is.

Amazing to see it being used in a practical way in production.

robinhood 9/11/2025|||

Zig was created in 2016 though - almost 10 years at this point. Perhaps the surprise here is that we are not as exposed to this language on well-known and established projects as other languages like Rust, Go and C.

pdpi 9/11/2025|||

Zig is still at the 0.x stage, and there's still a bunch of churn going on on really basic stuff like IO and memory allocation. I really enjoy writing it, but it's by no means stable to the point many people would write production software in it.

dwattttt 9/12/2025||||

Rust hit 1.0 in 2015, it started as a project by Graydon Hoare in 2006; those dates line up pretty well with Zig's timeline.

ivanjermakov 9/12/2025|||

To be fair, Zig 10 years ago is drastically different language from Zig today.

ojosilva 9/12/2025||

Which is unfortunately a problem for AI trained on Zig, it makes some AI-assisted Zig coding more challenging, like Q&A and code-completion. It's sad that this glass-ceiling has been enacted for new languages and frameworks, not a deal-breaker at all, just that suddenly there's this penalty on time-to-deliver on anything Zig. But then... the same issue exists when hiring good programmers for lesser-known tech.

There'll probably be a strategy (AEO?) for this in the future for newcomers and the underrepresented, like endless examples posted by a sane AI to their docs and github for instance so it gets picked up by training sets or live, tool calling, web-searches.

rererereferred 9/12/2025||

Yes, I wouldn't train AI on Zig code just yet. But here's a radical idea, rename the language the moment it hits 1.0: all documentation, blog posts, discussions, SO answers and LLMs for older versions gets automatically voided.

For future languages, maybe it's better to already have a dev name and a release name from the get go.

epolanski 9/11/2025|||

The language is very in development but it's ecosystem and tooling are absolutely mature.

ivanjermakov 9/12/2025||

I would not say that ecosystem is mature. Outside of superb C interop and popular C/C++ lib wrappers.

epolanski 9/12/2025||

What would you say that the ecosystem lacks that C has?

ivanjermakov 9/12/2025||

Various native Zig libraries. While C interop is great, converting between C types and calling convention is rather not convenient.

blizdiddy 9/11/2025||

I used bun for the first time last week. It was awesome! The built-in server and SQLite meant i didn’t need any dependencies besides bun itself, which is certainly my favorite way to develop.

I do almost all of my development in vanilla js despite loathing the node ecosystem, so i really should have checked it out sooner.

k__ 9/11/2025||

I tried using Bun a few times, and I really liked working with it.

Much better than Node.

However...!

I always managed to hit a road block with Bun and had to go back to Node.

First it was the crypto module that wasn't compatible with Nodejs signatures (now fixed), next Playwright refused working with Bun (via Crawlee).

Jarred 9/12/2025|||

Playwright support will improve soon. We are rewriting node:http’s client implementation to pass node’s test suite. Expecting that to land next week.

ukblewis 9/12/2025||

That may be just the best way to drop that you are introducing a rewrite which fixes a set of bugs that affect users

koakuma-chan 9/11/2025||||

You can use Bun as package manager only. You don't have to use Bun as runtime.

iansinnott 9/12/2025|||

Indeed! also as a test runner/lib if you're not doing browser automation. bun definitely has benefits even if not used as a runtime.

koakuma-chan 9/12/2025||

I believe Playwright worked for me with the latest Bun though

winterrdog 9/11/2025|||

Sure?

Does it work if I have packages that have nodejs c++ addons?

abejfehr 9/11/2025||

Why wouldn’t it? The end result of a npm install or a bun install is that the node_modules folder is structured in the way it needs to be, and I think it can run node-gyp for the packages that need it.

Cthulhu_ 9/11/2025||||

I think this is the big one that slows adoption of "better" / "faster" tooling down, that is, backwards compatibility and drop-in-replacement-ability. Probably a lot of Hyrum's Law.

drewbitt 9/11/2025||||

Deno doesn't work with crawlee either unfortunately

petralithic 9/11/2025||||

You should try Deno, they have good Node compatibility

erikpukinskis 9/11/2025||

Does it? Last I tried, several years ago, coverage of the Node APIs was not good. I wanted to send data over UDP and a lot of Node basics there were missing.

spartanatreyu 9/12/2025||

Deno's node compat is way better now.

They're still missing niche things and they tend to target the things that most devs (and their dependencies) are actually using.

But I can see they have it in their compat stuff now and it looks like it's working in the repl locally: https://docs.deno.com/api/node/dgram/

rererereferred 9/12/2025||

This page tracks Deno's compatibility with Node by running its tests: https://ffmathy.github.io/is-deno-compatible-yet/

epolanski 9/11/2025||||

Playwright has been fixed one year ago I think.

jherdman 9/11/2025|||

Storybook is another for me.

simantel 9/11/2025||

Node also has a built-in server and SQLite these days though? Or if you want a lot more functionality with just one dependency, Hono is great.

blizdiddy 9/11/2025||

And how many dependencies does Hono have? Looks like about 26. And how many dependencies do those have?

A single static zig executable isn’t the same as a a pipeline of package management dependencies susceptible to supply chain attacks and the worst bitrot we’ve had since the DOS era.

bakkoting 9/11/2025||

> And how many dependencies does Hono have?

Zero.

I'm guessing you're looking at the `devDependencies` in its package.json, but those are only used by the people building the project, not by people merely consuming it.

PxldLtd 9/12/2025||

That doesn't prevent supply chain attacks. Dev dependencies are still software dependencies and add a certain level of risk.

arcfour 9/12/2025|||

This is needlessly pedantic unless you are writing from an OS, browser, etc. that you wrote entirely by yourself, without using an editor or linter or compiler not written by you, in which case I tip my cap to you.

bakkoting 9/12/2025|||

Only in the sense that any other software on the developers' machines adds a certain level of risk.

aleyan 9/11/2025||

I have been excited about bun for about a year, and I thought that 2025 is going to be its breakout year. It is really surprising to me that it is not more popular. I scanned top 100k repos on GitHub, and for new repos in 2025, npm is 35 times more popular and pnpm is 11 time more popular than bun [0][1]. The other up and coming javascript runtime, deno is not so popular either.

I wonder why that is? Is it because it is a runtime, and getting compatibility there is harder than just for a straight package manager?

Can someone who tried bun and didn't adopt it personally or at work chime in and say why?

[0] https://aleyan.com/blog/2025-task-runners-census/#javascript...

[1] https://news.ycombinator.com/item?id=44559375

phpnode 9/11/2025||

It’s a newer, vc funded competitor to the open source battle tested dominant player. It has incentives to lock you in and ultimately is just not that different from node. There’s basically no strategic advantage to using bun, it doesn’t really enable anything you can’t do with node. I have not seen anyone serious choose it yet, but I’ve seen plenty of unserious people use it

primering 9/11/2025|||

I think that summarizes it well. It's not 10x better that makes the risky bet of going into vendor lock from a VC-backed company worth it. Same issue with Prisma and Next for me.

sam_goody 9/12/2025|||

Tailwind uses it.

Considering how many people rely on a tailwind watcher to be running on all of their CSS updates, you may find that bun is used daily by millions.

We use Bun for one of our servers. We are small, but we are not goofing around. I would not recommend them yet for anything but where they have a clear advantage - but there are areas where it is noticeably faster or easier to setup.

dsissitka 9/11/2025|||

I really want to like Bun and Deno. I've tried using both several times and so far I've never made it more than a few thousand lines of code before hitting a deal breaker.

Last big issue I had with Bun was streams closing early:

https://github.com/oven-sh/bun/issues/16037

Last big issue I had with Deno was a memory leak:

https://github.com/denoland/deno/issues/24674

At this point I feel like the Node ecosystem will probably adopt the good parts of Bun/Deno before Bun/Deno really take off.

hoten 9/11/2025||

uh... looks like an AI user saw this comment and fixed your bun issue? Or maybe it just deleted code in a random manner idk.

https://github.com/oven-sh/bun/commit/b474e3a1f63972979845a6...

drewbitt 9/11/2025||

The bun team uses Discord to kick off the Claude bot, so someone probably saw the comment and told it to do it. that edit doesn't look particularly good though

williamstein 9/11/2025|||

I am also very curious what people think about this. To me, as a project, Node gives off a vibe of being mature, democratic and community driven, especially after successfully navigating then io.js fork drama etc a few years ago. Clearly neither bun nor deno are community driven democratic projects, since they are both VC funded.

johnfn 9/11/2025|||

I am Bun's biggest fan. I use it in every project I can, and I write all my one-off scripts with Bun/TS. That being said, I've run into a handful of issues that make me a little anxious to introduce it into production environments. For instance, I had an issue a bit ago where something simple like an Express webserver inside Docker would just hang, but switching bun for node worked fine. A year ago I had another issue where a Bun + Prisma webserver would slowly leak memory until it crashed. (It's been a year, I'm sure they fixed that one).

I actually think Bun is so good that it will still net save you time, even with these annoyances. The headaches it resolves around transpilation, modules, workspaces etc, are just amazing. But I can understand why it hasn't gotten closer to npm yet.

silverwind 9/11/2025|||

Take a look at their issue tracker, it's full of crashes because apparently this Zig language is highly unsafe. I'm staying on Node.

petralithic 9/11/2025|||

That's why out if I had to choose a Node competitor, out of Bun and Deno, I'd choose Deno.

mk12 9/11/2025||||

Good thing libuv is written in a "safe" language.

otikik 9/11/2025||

npm is a minefield that thousands of people traverse every day. So you are unlikely to hit a mine.

bun is a bumpy road that sees very low traffic. So you are likely to hit some bumps.

audunw 9/11/2025||||

Zig isn’t inherently highly unsafe. A bit less than Rust in some regards. But arguably more safe in a few others.

But the language haven’t even reached 1.0 yet. A lot of the strategies for doing safe Zig isn’t fully developed.

Yet, TigerBeetle is written in Zig and is an extremely robust piece of software.

I think the focus of Bun is probably more on feature parity in the short term.

keybored 9/11/2025||||

There’s a `crash` label. 758 open issues.

actionfromafar 9/11/2025|||

Well node is C++ which isn’t exactly safe either. But it’s more tested.

veber-alex 9/11/2025|||

Neither Bun nor Deno have any killer features.

Sure, they have some nice stuff that should also be added in Node, but nothing compelling enough to deal with ecosystem change and breakage.

gkiely 9/11/2025||

bun test is a killer feature

MrJohz 9/11/2025|||

I think part of the issue is that a lot of the changes have been fairly incremental, and therefore fairly easy to include back into NodeJS. Or they've been things that make getting started with Bun easier, but don't really add much long-term value. For example, someone else in the comments talked about the sqlite module and the http server, but now NodeJS also natively supports sqlite, and if I'm working in web dev and writing servers, I'd rather use an existing, battle-tested framework like Express or Fastify with a larger ecosystem.

It's a cool project, and I like that they're not using V8 and trying something different, but I think it's very difficult to sell a change on such incremental improvements.

ifwinterco 9/12/2025||

This is a long term pattern in the JS ecosystem, same thing happened with Yarn.

It was better than npm with useful features, but then npm just added all of those features after a few years and now nobody uses it.

You can spend hours every few years migrating to the latest and greatest, or you can just stick with npm/node and you will get the same benefits eventually

sam_goody 9/12/2025|||

I have been using pnpm as my daily driver for several years, and am still waiting for npm to add a symlink option. (Bun does support symlinks).

In the interim, I am very glad we haven't waited.

Also, we switched to Postgres early, when my friends were telling me that eventually MySQL will catch up. Which in many ways, they did, but I still appreciate that we moved.

I can think of other choices we made - we try to assess the options and choose the best tool for the job, even if it is young.

Sometimes it pays off in spades. Sometimes it causes double the work and five times the headache.

rererereferred 9/12/2025|||

If Node becomes much better thanks to the existence of Bun, then I think Bun accomplished its goals. Same for C and Zig.

tracker1 9/11/2025|||

There's still a few compatibility sticking points... I'm far more familiar with Deno and have been using it a lot the past few years, it's pretty much my default shell scripting tool now.

That said, for many work projects, I need to access MS-SQL, which the way it does socket connections isn't supported by the Deno runtime, or some such. Which limits what I can do at work. I suspect there's a few similar sticking points with Bun for other modules/tools people use.

It's also very hard to break away from entropy. Node+npm had over a decade and a lot of effort to build that ecosystem that people aren't willing to just abandon wholesale.

I really like Deno for shell scripting because I can use a shebang, reference dependencies and the runtime just handles them. I don't have the "npm install" step I need to run separately, it doesn't pollute my ~/bin/ directory with a bunch of potentially conflicting node_modules/ either, they're used from a shared (configurable) location. I suspect bun works in a similar fashion.

That said, with work I have systems I need to work with that are already in place or otherwise chosen for me. You can't always just replace technology on a whim.

davidkunz 9/11/2025|||

I tried to run my project with bun - it didn't work so I gave up. Also, there needs to be a compelling reason to switch to a different ecosystem.

oefrha 9/11/2025|||

To beat an incumbent you need to be 2x better. Right now it seems to be a 1.1x better (for any reasonably sized projects) work in progress with kinks you’d expect from a work in progress and questionable ecosystem buy-in. That may be okay for hobby projects or tiny green field projects, but I’m absolutely not gonna risk serious company projects with it.

k__ 9/11/2025||

Seems awfully close to 2x, and that was last year.

https://dev.to/hamzakhan/rust-vs-go-vs-bun-vs-nodejs-the-ult...

oefrha 9/11/2025||

> 1.1x better (for any reasonably sized projects)

2x in specific microbenchmarks doesn’t translate to big savings in practice. We don’t serve a static string with an application server in prod.

fleebee 9/11/2025|||

There are some rough edges to Bun (see sibling comments), so there's a apparent cost to switching, namely wasted developer time in dealing with Node incompatibility. Being able to install packages 7x faster doesn't matter much to me so I don't see an upside to making the switch.

turtlebits 9/11/2025|||

Tried it last year - I spent a few hours fighting the built in sqlite driver and found it buggy (silent errors) and the docs were very lacking.

fkyoureadthedoc 9/11/2025|||

Bun is much newer than pnpm, looking at 1.0 releases pnpm has about a 6 year head start.

I write a lot of one off scripts for stuff in node/ts and I tried to use Bun pretty early on when it was gaining some hype. There were too many incompatibilities with the ecosystem though, and I haven't tried since.

madeofpalk 9/11/2025|||

Honestly, it doesn't really solve a big problem I have, and introduces all the problem with being "new" and less used.

koakuma-chan 9/11/2025||

> I wonder why that is?

LLMs default to npm

fkyoureadthedoc 9/11/2025||

You sure it's not just because npm has been around for 15 years as the default package manager for node?

koakuma-chan 9/11/2025||

Didn't prevent me from switching to Bun as the cost is 0.

thornewolf 9/11/2025||

I think they forgot to include the benchmark time for "npm (cached)" inside the Binary Manifest Caching section. We have bun, bun (cached), npm. I think the summary statistics are also incorrect.

sapper123 9/12/2025|

They don’t seem to clear the cache in between fresh runs. This is evident from the lower bound range time being the same time as the cached mean.

This leads them to the incorrect conclusion that bun fresh runs are faster than npm cached, which doesn’t seem to be the case.

manuhabitela 9/11/2025||

I'm impressed how pleasant and easy to read this pretty technical explanation was. Good job on the writing.

winterrdog 9/11/2025|

Truth!

Lydia is very good at presenting complex ideas simply and well. I've read and watched most of her work or videos. She really goes to great lengths in her work to make it come to life. Highly recommend her articles and YouTube videos.

Though she's been writing less I think due to her current job

Jarred 9/12/2025||

I work on Bun and also spent a lot of time optimizing bun install. Happy to answer any questions

norman784 9/12/2025||

AFAIK `bun install` is similar to `npm install` in the sense that it installs everything in a flat structure inside node modules, why didn't you choose something like pnpm that I believe is better, because you cannot by mistake import a transitive dependency. Maybe that's a non issue for most, but I care about those things.

Jarred 9/12/2025||

You can use `bun install --linker=isolated`, which we might make the default in Bun v1.3. The main downside is it makes your app load slightly slower since now every file path is a symlink.

https://bun.sh/docs/install/isolated

norman784 9/12/2025||

I didn't knew about it, thanks!

hu3 9/12/2025|||

Kinda offtopic but how to you manage to stay so productive for so long?

Vitamins/supplements? Sleep? Exercise? Vacations?

I have sprints of great productivity but it's hard to keep it for long.

nzoschke 9/12/2025||

I just want to say thanks to you and the team and community. Bun is a treat to use.

rs_rs_rs_rs_rs 9/11/2025||

Python has uv, JS has bun, what does Ruby or PHP have? Are the devs using those languages happy with how fast the current popular dependency managers are?

hu3 9/11/2025||

PHP is getting Mago (written in Rust).

Repo: https://github.com/carthage-software/mago

Announcement 9 months ago:

https://www.reddit.com/r/PHP/comments/1h9zh83/announcing_mag...

For now its main features are 3: formatting, linting and fixing lint issues.

I hope they add package management to do what composer does.

JamesSwift 9/11/2025|||

Youre looking at it wrong. Python has nix, JS has nix, ruby and php have nix : D

Thats closer to how pnpm achieves speed up though. I know there is 'rv' recently, but havent tried it.

koakuma-chan 9/11/2025||

You mean nix the package manager? I used to use NixOS and I had to switch off because of endless mess with environment variables.

JamesSwift 9/12/2025||

Yes, nix package manager. Or devenv for a more streamlined version of what I'm describing, similar to mise but powered by nix.

tommasoamici 9/11/2025|||

it's pretty new, but in Ruby there's `rv` which is clearly inspired by `uv`: https://github.com/spinel-coop/rv.

>Brought to you by Spinel

>Spinel.coop is a collective of Ruby open source maintainers building next-generation developer tooling, like rv, and offering flat-rate, unlimited access to maintainers who come from the core teams of Rails, Hotwire, Bundler, RubyGems, rbenv, and more.

weaksauce 9/11/2025|||

bundler is generally pretty fast on the ruby side. it also reuses dependencies for a given ruby version so you don't have the stupid node_folder in every project you use with every dependency re-downloaded and stored. if you have 90% of the dependencies for a project you only have to download and install/compile 10% of them. night and day difference.

aarondf 9/11/2025|||

PHP has Composer, and it's extremely good!

kijin 9/11/2025||

PHP is much closer to raw C and doesn't do any threading by default, so I suppose composer doesn't suffer from the thread synchronization and event loop related issues that differentiate bun from npm.

gertop 9/11/2025||

But node doesn't do threading by default either? Are you saying that npm is somehow multithreaded?

alberth 9/11/2025||

I really enjoyed the writing style of this post.

A few things:

- I feel like this post repurposed could be a great explanation on why io_uring is so important.

- I wonder if Zig recently io updates in v0.15 make any perf improvement to Bun beyond its current fast perf.

atonse 9/11/2025|

I absolutely loved reading this. It's such an excellent example of a situation where Computer Science principles are very important in day to day software development.

So many of these concepts (Big O, temporal and spatial locality, algorithmic complexity, lower level user space/kernel space concepts, filesystems, copy on write), are ALL the kinds of things you cover in a good CS program. And in this and similar lower level packages, you use all of them to great effect.

epolanski 9/11/2025|

This is about software engineering not computer science.

CS is the study of computations and their theory (programming languages, algorithms, cryptography, machine learning, etc).

SE is the application of engineering principles to building scalable and reliable software.

atonse 9/13/2025||

Without getting bogged down in rigid definitions of phrases, do we both agree that this is about the application of deeper technical concepts and algorithms (usually taught as part of a computer science curriculum) towards real world problems than the normal “build this login form” or “write these 5 queries to generate this report that shows up in an html table” that 75% of devs do daily?

More comments...