Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/zhcndoc/bun/llms.txt

Use this file to discover all available pages before exploring further.

Package manager utilities and commands. 
bun pm <command>

Commands

bun pm bin

Print the path to Bun’s bin directory. 
$ bun pm bin
/home/user/.bun/install/global/bin
With -g flag, prints the global bin directory: 
$ bun pm bin -g  
/home/user/.bun/install/global/bin

bun pm cache

Print the path to Bun’s cache directory. 
$ bun pm cache
/home/user/.bun/install/cache
Delete the cache: 
$ bun pm cache rm
Cleared 'bun install' cache
Cleared 12 cached 'bunx' packages

bun pm ls

List installed dependencies in a tree structure. 
$ bun pm ls
/home/user/my-app node_modules (134)
├── react@18.2.0
├── react-dom@18.2.0
└── typescript@5.0.0
Show all dependencies (including transitive): 
$ bun pm ls --all
/home/user/my-app node_modules
├── react@18.2.0
   └── loose-envify@1.4.0
       └── js-tokens@4.0.0
├── react-dom@18.2.0  
   ├── loose-envify@1.4.0
   └── scheduler@0.23.0
└── typescript@5.0.0
Alias: bun list

bun pm hash

Generate and print the hash of the current lockfile. 
$ bun pm hash
f3d8b2a1c4e5d6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1

bun pm hash-string

Print the string used to generate the lockfile hash. 
$ bun pm hash-string
packages|react@18.2.0|react-dom@18.2.0|typescript@5.0.0

bun pm hash-print

Print the hash stored in the current lockfile. 
$ bun pm hash-print  
f3d8b2a1c4e5d6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1

bun pm migrate

Migrate from another package manager’s lockfile to bun.lockb. 
$ bun pm migrate
Migrated from package-lock.json to bun.lockb
Supported lockfiles:
  • package-lock.json (npm)
  • yarn.lock (Yarn)
  • pnpm-lock.yaml (pnpm)
Force migration (overwrite existing bun.lockb): 
bun pm migrate --force

bun pm pack

Create a tarball of the current workspace. 
$ bun pm pack
packed 15 files (42.3 KB)
archive: my-package-1.0.0.tgz
See bun pack documentation for more details.

bun pm scan

Scan packages in the lockfile for security vulnerabilities. 
$ bun pm scan
Scanning 134 packages for vulnerabilities...

Found 2 vulnerabilities:

┌─────────────────────────────────────────────────┐
 High Prototype Pollution
 Package lodash
 Patched >=4.17.21
└─────────────────────────────────────────────────┘

bun pm why

Show why a package is installed and what depends on it. 
$ bun pm why lodash
lodash@4.17.21

Reasons for installation:
  my-app (package.json dependency)
    └─ async@3.2.4
       └─ lodash@4.17.21

bun pm whoami

Print the currently logged-in npm username. 
$ bun pm whoami
my-npm-username
Alias: bun whoami

bun pm view

View package information from the registry. 
$ bun pm view react
react@18.2.0 | MIT | deps: 1 | versions: 234
A JavaScript library for building user interfaces
https://reactjs.org/

keywords: react, framework, ui

dist
.tarball: https://registry.npmjs.org/react/-/react-18.2.0.tgz
.shasum: ...

dependencies:
loose-envify: ^1.1.0
View specific version: 
bun pm view react@17.0.0
View specific field: 
$ bun pm view react version
18.2.0

bun pm version

Bump the version in package.json and create a git tag. 
$ bun pm version patch
v1.0.1
Increment types:
  • patch - 1.0.0 → 1.0.1
  • minor - 1.0.0 → 1.1.0
  • major - 1.0.0 → 2.0.0
  • prepatch - 1.0.0 → 1.0.1-0
  • preminor - 1.0.0 → 1.1.0-0
  • premajor - 1.0.0 → 2.0.0-0
  • prerelease - 1.0.0 → 1.0.1-0 or 1.0.1-0 → 1.0.1-1
Or specify exact version: 
bun pm version 2.0.0

bun pm pkg

Manage fields in package.json.

Get field

$ bun pm pkg get name
my-package

$ bun pm pkg get name version
my-package 1.0.0

Set field

$ bun pm pkg set description="My awesome package"

$ bun pm pkg set scripts.build="bun build ./src/index.ts"

Delete field

$ bun pm pkg delete scripts.old-script

Fix common errors

$ bun pm pkg fix
Fixed 3 issues in package.json:
  - Sorted dependencies
  - Removed duplicate keywords  
  - Fixed invalid version format

bun pm untrusted

Print current untrusted dependencies with scripts. 
$ bun pm untrusted
The following dependencies have install scripts but are not trusted:
  - puppeteer@21.0.0
  - electron@27.0.0

To trust them, run:
  bun pm trust puppeteer electron

bun pm trust

Trust dependencies and allow their install scripts to run. 
$ bun pm trust puppeteer esbuild
Trusted dependencies:
  - puppeteer
  - esbuild

Updated trustedDependencies in package.json
Trust all untrusted dependencies: 
bun pm trust --all

bun pm default-trusted

Print the default list of trusted dependencies. 
$ bun pm default-trusted
Default trusted dependencies:
  @biomejs/biome
  esbuild
  msgpackr-extract
  puppeteer
  sharp
  [... more packages]

Global flags

These flags work with most bun pm commands:

--json

Output in JSON format (where applicable). 
$ bun pm view react --json
{"name":"react","version":"18.2.0",...}

--verbose

Enable verbose logging. 
bun pm migrate --verbose

--silent

Suppress output except errors. 
bun pm cache rm --silent

Examples

Check package manager health

# Verify lockfile integrity
bun pm hash

# Check for security issues
bun pm scan

# List all dependencies
bun pm ls --all

Clean workspace

# Clear cache
bun pm cache rm

# Regenerate lockfile
rm bun.lockb
bun install

Inspect dependencies

# Why is this package installed?
bun pm why lodash

# View package details
bun pm view lodash

# List dependency tree
bun pm ls --all

Build docs developers (and LLMs) love

Get started for freeTalk to us