|
|
|
|
|
|
by lioeters
228 days ago
|
|
|
From a link mentioned elsewhere in the thread: > Unlike other npm clients, Bun does not execute arbitrary lifecycle scripts for installed dependencies, such as `postinstall` and `node-gyp` builds. These scripts represent a potential security risk, as they can execute arbitrary code on your machine. https://bun.com/docs/guides/install/trusted I've also found the Bun standard library is a nice curated set of features that reduces dependencies. |
|
|