UNPKG

bun-types

Version:

Type definitions and documentation for Bun, an incredibly fast JavaScript runtime

bun.com

oven-sh/bun

84 lines (67 loc) 2.46 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
--- title: "Overrides and resolutions" description: "Control metadependency versions with npm overrides and Yarn resolutions" --- Bun supports npm's `"overrides"` and Yarn's `"resolutions"` in `package.json`. These are mechanisms for specifying a version range for _metadependencies_—the dependencies of your dependencies. {/* prettier-ignore */} ```json package.json icon="file-json" { "name": "my-app", "dependencies": { "foo": "^2.0.0" }, "overrides": { // [!code ++] "bar": "~4.4.0" // [!code ++] } // [!code ++] } ``` By default, Bun will install the latest version of all dependencies and metadependencies, according to the ranges specified in each package's `package.json`. Let's say you have a project with one dependency, `foo`, which in turn has a dependency on `bar`. This means `bar` is a _metadependency_ of our project. ```json package.json icon="file-json" { "name": "my-app", "dependencies": { "foo": "^2.0.0" } } ``` When you run `bun install`, Bun will install the latest versions of each package. ```txt tree layout of node_modules icon="list-tree" node_modules ├── foo@1.2.3 └── bar@4.5.6 ``` But what if a security vulnerability was introduced in `bar@4.5.6`? We may want a way to pin `bar` to an older version that doesn't have the vulnerability. This is where `"overrides"`/`"resolutions"` come in. --- ## `"overrides"` Add `bar` to the `"overrides"` field in `package.json`. Bun will defer to the specified version range when determining which version of `bar` to install, whether it's a dependency or a metadependency. <Note> Bun currently only supports top-level `"overrides"`. [Nested overrides](https://docs.npmjs.com/cli/v9/configuring-npm/package-json#overrides) are not supported. </Note> {/* prettier-ignore */} ```json package.json icon="file-json" { "name": "my-app", "dependencies": { "foo": "^2.0.0" }, "overrides": { // [!code ++] "bar": "~4.4.0" // [!code ++] } // [!code ++] } ``` ## `"resolutions"` The syntax is similar for `"resolutions"`, which is Yarn's alternative to `"overrides"`. Bun supports this feature to make migration from Yarn easier. As with `"overrides"`, _nested resolutions_ are not currently supported. {/* prettier-ignore */} ```json package.json icon="file-json" { "name": "my-app", "dependencies": { "foo": "^2.0.0" }, "resolutions": { // [!code ++] "bar": "~4.4.0" // [!code ++] } // [!code ++] } ```