UNPKG

bun-types

Version:

Type definitions and documentation for Bun, an incredibly fast JavaScript runtime

bun.com

oven-sh/bun

82 lines (52 loc) 2.46 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
Bun's package manager can scan packages for security vulnerabilities before installation, helping protect your applications from supply chain attacks and known vulnerabilities. ## Quick Start Configure a security scanner in your `bunfig.toml`: ```toml [install.security] scanner = "@acme/bun-security-scanner" ``` When configured, Bun will: - Scan all packages before installation - Display security warnings and advisories - Cancel installation if critical vulnerabilities are found - Automatically disable auto-install for security ## How It Works Security scanners analyze packages during `bun install`, `bun add`, and other package operations. They can detect: - Known security vulnerabilities (CVEs) - Malicious packages - License compliance issues - ...and more! ### Security Levels Scanners report issues at two severity levels: - **`fatal`** - Installation stops immediately, exits with non-zero code - **`warn`** - In interactive terminals, prompts to continue; in CI, exits immediately ## Using Pre-built Scanners Many security companies publish Bun security scanners as npm packages that you can install and use immediately. ### Installing a Scanner Install a security scanner from npm: ```bash $ bun add -d @acme/bun-security-scanner ``` > **Note:** Consult your security scanner's documentation for their specific package name and installation instructions. Most scanners will be installed with `bun add`. ### Configuring the Scanner After installation, configure it in your `bunfig.toml`: ```toml [install.security] scanner = "@acme/bun-security-scanner" ``` ### Enterprise Configuration Some enterprise scanners might support authentication and/or configuration through environment variables: ```bash # This might go in ~/.bashrc, for example export SECURITY_API_KEY="your-api-key" # The scanner will now use these credentials automatically bun install ``` Consult your security scanner's documentation to learn which environment variables to set and if any additional configuration is required. ### Authoring your own scanner For a complete example with tests and CI setup, see the official template: [github.com/oven-sh/security-scanner-template](https://github.com/oven-sh/security-scanner-template) ## Related - [Configuration (bunfig.toml)](/docs/runtime/bunfig#install-security-scanner) - [Package Manager](/docs/install) - [Security Scanner Template](https://github.com/oven-sh/security-scanner-template)