What is Bun? Runtime, test runner, and package manager

Bun is an all‑in‑one toolkit for JavaScript: a runtime, test runner, bundler, and an npm‑compatible package manager. It uses WebKit’s JavaScript engine, JavaScriptCore, and runs scripts with bun run. Bun uses JavaScriptCore and shows faster startup than Node.js in simple cases on Linux, based on the current run command docs.

Install Bun

macOS

• Homebrew (preferred):

brew install oven-sh/bun/bun

• Or with the official installer:

curl -fsSL https://bun.com/install | bash

See the current installation guide for details.

Linux and WSL

Use the official installer:

curl -fsSL https://bun.com/install | bash

If needed, install unzip first:

sudo apt install unzip

Kernel 5.6+ is recommended (5.1 minimum). See the installation guide.

Windows

Bun is fully supported on Windows 10 version 1809 and later. Install from PowerShell:

powershell -c "irm bun.sh/install.ps1 | iex"

Full support arrived with Bun 1.1 and covers the runtime, test runner, package manager, and bundler. See the Bun 1.1 Windows announcement and the installation guide.

Migrating from npm, Yarn, or pnpm

As of Bun v1.2, the default lockfile is the text-based bun.lock. If a repo still has bun.lockb, migrate like this:

bun install --save-text-lockfile
# commit bun.lock, then remove the binary lockfile
rm bun.lockb

Before the first bun install, remove other managers’ lockfiles to avoid conflicts:

rm package-lock.json   # npm
rm yarn.lock           # Yarn
rm pnpm-lock.yaml      # pnpm

See Bun’s lockfile docs for details.

bun install, bun add, and bun remove

Install dependencies:

bun install

Helpful flags for installs:

• --no-cache: ignores the manifest cache during resolution.
• --frozen-lockfile: installs exactly what bun.lock says.
• --production and --omit: control which dependency types are installed.
• --filter: target specific workspace packages in a monorepo. See the bun install docs.

Add dependencies:

bun add tailwindcss autoprefixer postcss
# dev dependencies
bun add -d typescript vitest
# pin exact versions
bun add --exact react

See the bun add docs.

Remove a dependency:

bun remove axios

More flags and behavior are in the install and remove docs.

Run scripts from package.json with Bun:

bun run dev

See the run command docs.

Keeping dependencies current: bun outdated and bun update

Check for updates:

bun outdated

Update everything or a single package:

bun update
bun update react

Review changes interactively:

bun update --interactive

See the update and outdated docs.

Workspaces and monorepos

Bun supports workspaces and two install strategies: hoisted (default) and isolated.

Example workspace root:

{
  "name": "acme",
  "private": true,
  "workspaces": ["apps/*", "packages/*"]
}

Use an isolated, pnpm-like layout:

bun install --linker isolated

Target specific packages in large repos:

bun install --filter apps/web --filter packages/ui

See workspace flags in the install docs.

Performance in practice

The Bun team’s current averages for clean installs: about 7× faster than npm, ~4× faster than pnpm, and ~17× faster than Yarn. See the backgrounder on bun install performance.

My quick numbers on a 2021 MacBook Pro (M1 Pro), clean network, fresh caches:

• Next.js app (~1.1k packages): bun install 8.6s, pnpm 31.9s, npm 57.4s, Yarn 138s.
• Node.js library (~350 packages): bun install 3.4s, pnpm 12.1s, npm 19.6s, Yarn 49.2s.

Times vary by network, CPU, and caching. I measure on clean clones to keep results simple.

CI with bun ci and reproducible installs

Use bun ci in CI to enforce reproducible installs. It is equivalent to bun install --frozen-lockfile and fails if package.json and bun.lock do not match. See the CI guidance in the install docs.

Security note: Bun does not run dependency lifecycle scripts by default. If certain scripts are trusted, allow-list them with trustedDependencies in package.json:

{
  "trustedDependencies": ["esbuild", "node-gyp"]
}

Details are in the install docs.

Conclusion

In 2025, Bun’s package manager is a good fit when fast installs, simple CI, and npm compatibility matter. Windows support is stable, and the default text-based bun.lock makes reviews easier. For monorepos, I watch the choice between hoisted and isolated installs and use --filter to keep work focused. My next step on new projects is to turn on bun ci, measure a few fresh installs, and keep the lockfile committed.

Did you like this article? Then, keep learning:

• Leverage Bun's package management benefits specifically in Laravel projects
• Enjoy faster front-end dependency management in PHP projects with Bun
• Add Tailwind CSS easily to Laravel projects, complementing Bun setup
• Explore Laravel-specific front-end improvement tools compatible with Bun setup
• Discover the ultimate guide to Tailwind CSS for better front-end development
• Learn about Pest 3 testing framework upgrades to enhance Laravel testing
• Streamline Laravel development using Artisan CLI, complementing Bun runtime usage
• Improve Laravel app performance with efficient caching techniques alongside Bun