One of the things I'm excited about is bun install.

On Linux, it installs dependencies for a simple Next.js app about 20x faster than any other npm client available today.

         hyperfine "bun install --backend=hardlink" "yarn install --no-scripts" "npm install --no-scripts --ignore-scripts" "pnpm install --ignore-scripts" --prepare="rm -rf node_modules" --cleanup="rm -rf node_modules" --warmup=8
        Benchmark #1: bun install --backend=hardlink
        Time (mean ± σ):      25.8 ms ±   0.7 ms    [User: 5.4 ms, System: 28.3 ms]
        Range (min … max):    24.4 ms …  27.6 ms    76 runs

        Benchmark #2: yarn install --no-scripts
        Time (mean ± σ):     568.4 ms ±  15.3 ms    [User: 781.6 ms, System: 497.4 ms]
        Range (min … max):   550.8 ms … 604.5 ms    10 runs

        Benchmark #3: npm install --no-scripts --ignore-scripts
        Time (mean ± σ):      1.261 s ±  0.017 s    [User: 1.719 s, System: 0.516 s]
        Range (min … max):    1.241 s …  1.286 s    10 runs

        Benchmark #4: pnpm install --ignore-scripts
        Time (mean ± σ):      1.343 s ±  0.003 s    [User: 601.3 ms, System: 151.6 ms]
        Range (min … max):    1.339 s …  1.348 s    10 runs

        Summary
        'bun install --backend=hardlink' ran
        22.01 ± 0.85 times faster than 'yarn install --no-scripts'
        48.85 ± 1.51 times faster than 'npm install --no-scripts --ignore-scripts'
        51.99 ± 1.45 times faster than 'pnpm install --ignore-scripts'

If I install a simple nextjs app, then remove node_modules, the lockfile, and the ~/.bun/install/cache/*.npm files (i.e. keep the contents, remove the manifests) and then install, bun takes around ~3-4s. PNPM is consistently faster for me at around ~2-3s.

I'm not familiar with bun's internals so I may be doing something wrong.

One piece of feedback, having the lockfile be binary is a HUGE turn off for me. Impossible to diff. Is there another format?

* I will mention that even in the best case scenario with PNPM (i.e. lockfile and node_modules) it still takes 400ms to start up, which, yes, is quite slow. So every action APART from the initial install is much MUCH faster with bun. I still feel 400ms is good enough for a package manager which is invoked sporadically. Compare that to esbuild which is something you invoke constantly, and having that be fast is such a godsend.

This isn't the main optimization. The main optimization is the system calls used to copy/link files. To see the difference, compare `bun install --backend=copyfile` with `bun install --backend=hardlink` (hardlink should be the default). The other big optimization is the binary formats for both the lockfile and the manifest. npm clients waste a lot of time parsing JSON.

The more minor optimizations have to do with reducing memory usage. The binary lockfile format interns the strings (very repetitive strings). However, many of these strings are tiny, so it's actually more expensive to store a hash and a length separately from the string itself. Instead, Bun stores the string as 8 bytes and one bit bit says whether the entire string is contained inside those 8 bytes or if it's a memory offset into the lockfile's string buffer (since 64-bit pointers can't use the full memory address and bun currently only targets 64-bit CPUs, this works)

yarn also caches the manifest responses.

> If I install a simple nextjs app, then remove node_modules, the lockfile, and the ~/.bun/install/cache/.npm files (i.e. keep the contents, remove the manifests) and then install, bun takes around ~3-4s. PNPM is consistently faster for me at around ~2-3s.

This sounds like a concurrency bug with scheduling tasks from the main thread to the HTTP thread. I would love someone to help review the code for the thread pool & async io.

> One piece of feedback, having the lockfile be binary is a HUGE turn off for me. Impossible to diff. Is there another format?

If you do `bun install -y`, it will output as a yarn v1 lockfile.

If you add this to your .gitattributes:

    *.lockb binary diff=lockb

Considering the speed with which a fast parser can gobble up JSON I'm somewhat skeptical that this would be relevant for common operations.

Yes he did

I don't see it either. Perf data that shows that was the issue.

https://news.ycombinator.com/item?id=31993429

Of course, I can't say for sure that he looked at the fastest possible way to parse json here, but my intuition would be that if he didn't, it's because he had an educated guess that it'd still be slower.

It's just comparison of execution times of several different package manager.

Better would be parsing JSON vs binary in Bun.

If you were dealing with a multi-gigabyte lock file then it would be a different matter but frankly I agree with their point that parsing a lock file which is only a few KB shouldn’t be a differentiator (and if it is, then the JSON parser is the issue, and fixing that should be the priority rather than changing to a binary format).

Moreover the earlier comment about lock files needing to be human readable is correct. Being able to read, diff and edit them is absolutely a feature worth preserving even if it costs you a fraction of a second in execution time.

You mean a few MB? NPM projects typically have thousands of dependencies. A 10MB lock file wouldn't be atypical and parse time for a 10MB JSON file can absolutely be significant. Especially if you have to do it multiple times.

> Being able to read, diff and edit them is absolutely a feature worth preserving even if it costs you a fraction of a second in execution time.

You can read and edit a SQLite file way easier than a huge JSON file.

Not applicable to GitHub etc though.

I'm also not seeing any speed differences when using -y/yarn lockfile. Why not make it the default?

GitHub (disclosure: where I work) does respect some directives in a repo’s .gitattributes file. For example, you can use them to override language detection or mark files as generated or vendored to change diff presentation. You can also improve the diff hunk headers we generate by default by specifying e.g. `*.rb diff=ruby` (although come to think of it I don’t know why that’s necessary since we already know the filetype — I’ll look into it)

In principal there’s no reason we couldn’t extend our existing rich diff support used for diffing things like images to enhance the presentation of lockfile diffs. There’s not a huge benefit for text-based lock files but for binary ones (if such a scheme were to take off) it would be a lot more useful.

Here's a test demonstrating that this usage works: https://github.com/github/linguist/blob/32ec19c013a7f81ffaee...

Quoting the docs on finding files:

https://docs.github.com/en/search-github/searching-on-github...

> File finder results exclude some directories like build, log, tmp, and vendor. To search for files within these directories, use the filename code search qualifier.

(The inability of quick jumping to files from /build/ folder with `T` has been driving me crazy for YEARS!)

Correct me if I'm wrong, but checking those two files:

- https://github.com/github/linguist/blob/master/lib/linguist/...

- https://github.com/github/linguist/blob/master/lib/linguist/...

I don't see `/build` matching anything there. So to me this `/build` suppression from search results seems like controlled by some other piece of software at GitHub :/

Also, files from `/build` are not hidden in diffs, so per this table: https://github.com/github/linguist/blob/HEAD/docs/overrides.... they are not "linguist-generated".

I think it's reasonable to respect the linguist overrides here so I'll open a PR to remove entries from the exclude if the repo has a `-linguist-generated` or `-linguist-vendored` gitattribute for that directory [1]. So in your case you can add

  build/** -linguist-generated

Thanks for pointing this out! Feel free to DM me on twitter (@cbrasic) if you have more questions.

[1] Recursively matching a directory with gitattributes requires the `/**` syntax unlike .gitignore: https://git-scm.com/docs/gitattributes#:~:text=with%20a%20fe...

On Linux, not yet. I don't have a machine that supports reflinks right now and I am hesitant to push code for this without manually testing it works. That being said, it does use copy_file_range if --backend=copyfile, which can use reflinks.

Since JSC is actually compilable to Wasm [1] and Zig supports WASI compilation, I wonder how easy would be to get it running fully in WAPM with WASI. Any thoughts on how feasible that should be?

[1]: https://wapm.io/syrusakbary/jsc

npm is famous for a lot of things & reasons, but none of those are "because it's well engineered".

To this day, npm still runs the `preinstall` script after dependencies have actually been downloaded to your disk. It modifies a `yarn.lock` file if you have it on disk when running `npm install`. Lots of things like these, so that the install is slow, is hardly surprising.

https://github.com/npm/cli/blob/latest/workspaces/arborist/l...

This happens because the tooling often requires domain knowledge which they have and if they set out to write tooling for a language they tend to be experienced in that language.

Is it even a tree? Does NPM still allow circular dependencies?

Yarn v2 is backwards compatible though. You just need to use the node_modules "linker" (not the default one) and it's ready to go.

Last I checked, not quite. Yarn 2+ patches some dependencies to support PnP, even if you don’t use PnP. I discovered this while trying out both Yarn 2 and a pre-release version of TypeScript which failed to install—because the patch for it wasn’t available for that pre-release. I would have thought using node_modules would bypass that patching logic, but no such luck.

By the way, the yarn2 / yarn3 project is hosted on a distinct repository [3].

[1] https://yarnpkg.com/features/zero-installs

[2] https://yarnpkg.com/features/pnp

[3] https://github.com/yarnpkg/berry

Also a few questions:

What do you attribute the performance advantage to? How much of it is JavascriptCore instead of v8 versus optimized glue binding implementations in the runtime? If the latter, what are you doing to improve performance?

Similarly for the npm client: how much is just that bun is the only tool in a compiled /GC free language versus special optimization work?

How does Zigs special support for custom allocators factor in?

edit: should be fixed

https://twitter.com/jarredsumner/status/1542824445810642946

Easy to dismiss this as "another JS build tool thing why do we need more of this eye roll" but I think this is worth a proper look — really interesting to follow how much effort has gone into the performance.

Congrats on the release :)

https://news.ycombinator.com/item?id=31993615

"1ms is an eternity for computers"

When was the last time you heard a Web Developer, frontend, backend or web tooling Dev state that? [2] It is always, oh the network latency dominate, or the DB response time dominate. It is only one tenth of a second ( 100ms ) it doesn't matter. It is fast enoughTM.

[1] https://twitter.com/jarredsumner/status/1477775398700158980

[2] Actually Nick Craver does that a lot during his StackOverflow era.

And that's plain JS, most people don't even work in plain JS but in a framework where they don't just say "var x = y" but "publish this event into my Observable stack which triggers a state update which will eventually, somehow, update my component which will then eventually update the DOM in the browser", after which the browser's own whole stack of renders takes over.

Meanwhile in video games you can say `frame[0][0] = 255` to set a pixel to white, or whatever.

I think it's a matter of levels of abstraction; with webapps, I'd argue they've gone even further than Java enterprise applications in the 90's / 2000's.

Also, Jarred's twitter is a rich follow full of benchmarks and research. If nothing else, this project will prove to be beneficial to the entire ecosystem. Give it some love.

Of course, this is very much a double edge sword, with all the "leftpad" type dependency nightmares and security issues, as well as the "Hot new JS framework of the month" issues. Still, I think the dependency issues are solvable and dependency tooling is getting better, and the frameworks issue has calmed down a bit such that it's easy to stick to a couple major projects (e.g. React, Express) if so desired, but more experimental, cool stuff is always out there.

You might say "so what they're doing it for free, you don't have to use their stuff", but often you do because the existence of a sort-of-working solution means that other people are much less likely to write a robust solution for the same problem. So everyone ends up using the crap one.

Rust and Go are way way better in that regard.

Better to depend on numerous 800 pound long-lived gorilla's than a million short-lived mayflies that keep dying.

But it has so much of a broader ecosystem of other tools that if you're willing to take that risk it's an option. Java basically just doesn't have that.

PS: I have already poked my head into the Kafka codebase in the past. Not the best written project and also confusing because of the Scala mix, but far more readable than several I have seen. And Java makes it easily navigable. Can even auto-gen diagrams to grok it better.

"I spent most of the day on a memory leak. Probably going to just ship with the memory leak since I need to invest more in docs. It starts to matter after serving about 1,000,000 HTTP requests from web streams"

https://twitter.com/jarredsumner/status/1543236098087825409

At least in my usecase, I do about 35m hits / day... so this would fall over in less than an hour. 1m isn't that large of a number and the author is willing to shrug that off until after launching.

https://twitter.com/threepointone/status/1543237413190901760

> Longer-term, bun intends to replace Node.js, Webpack, Babel, yarn, and PostCSS (in production).

https://github.com/Jarred-Sumner/bun#limitations--intended-u...

> Rome is a formatter, linter, bundler, and more for JavaScript, TypeScript, JSON, HTML, Markdown, and CSS.

> Rome is designed to replace Babel, ESLint, webpack, Prettier, Jest, and others.

Haven't seen it since.

> Parcel: The zero configuration build tool for JavaScript, CSS, HTML, TypeScript, React, images, SASS, SVG, Vue, libraries, Less, CoffeeScript, Node, Stylus, Pug, Electron, Elm, WebGL, extensions, GraphQL, MD

As long as you do the bare minimum for each target.

Normally I start with something else (webpack, rollup, whatever happened to be there with the example I'm starting from), then when I hit some roadblocks I just parcel index.html and I have something working.

Most companies have things that run "in dev", "in staging", "in CI", and "in production". These map directly to some tools - for example, React has "development" and "production" modes. When someone says a server or a database or a tool is used "in production" they're usually referring to the live environment that users access. Most people use tools like Webpack locally to run code when they're doing dev work, and in CI to build things. If someone said to me "We're running Webpack in production" then I would have questions.

If you use "in production" to mean "anywhere in a project", then how do you differentiate between a staging environment and a production environment? Do you talk about "the staging environment that's in production"? That would be confusing...

I love the bundling of most tasks in one app, especially in an environment where I had friends refuse to interact because of the "framework of the month" problem.

I just wish it din't rep Zig this much, I'm hyped for Zig as much as the next guy, but the website mentions is twice back to back and I really think we should stop going "it's better cause it's written in X".

Rust is already somewhat infamous for this ("Rewrite it in Rust" is a meme) and has caused it to develop a bit of a stigma, at least in my circles.

I'm still rooting for Zig to get its place among the big ones (and bun seems definitely a nice way to push for it) I just hope that happens without creating the annoying cult-like behaviors that plagued the crab language.

The general concern about "written in Zig" being annoying is fair. I think it's a different beast when paired with a call to donate but regardless, if RIIZ is what worries you most, then you can sleep safe because our motto is "Maintain It With Zig", a conscious rejection of "Rewrite It in *".

https://kristoff.it/blog/maintain-it-with-zig/

I wholeheartedly disagree. I'm much more interested in this because it's written in Zig and not C or C++.

It tells me a few things about the code:

- naive-implementation performance should be pretty good

- written by someone who cares about details

- less likely to have race conditions and memory bugs

- attractive for new devs who want to work on a project in a next-generation language

At this point, the only reason to use a slow or unsafe language is that it's all the author knows.

1. https://kristoff.it/blog/zig-colorblind-async-await/

Performance is one thing (the benchmarks are probably wrong though), but will it solve any of the headache you get with NodeJS. I for instance have 7 different NodeJS versions installed just to compile all the projects I use. Oldest version is currently 6(!). The NPM dependency hell is best in class. NodeJS LTS is nothing but a tag. Compliance with ECMAScript updates have not been great. Still a mess with NodeJS to figure out if a package will work on the specific version. Still poor performance in comparison to other tech. And so on...

At least with this you wouldn’t need to manage versions of the package manager and runtime separately

npm ERR! Unexpected token '.'

Pain points

- no docs on deploying bun (failed to do it on Fly.io or Railway.app, much less Netlify or Vercel)

- lack of api reference right now

- got a segfault when building a React SSR server

Super hacky (it just has the binary in the Repo) but it works: https://bun-fun.fly.dev/

I'm eager to see how the different runtimes will shine in the edge side. Bun is clearly positioned as one option and the focus on this is stated in the main page.

I believe the traction for Bun will depend a lot of the adoption. I see the point on having the fastest(TM) runtime in Linux and MacOS, but that comes from the fact of using specific syscalls. If we move to the edge, it's not clear to me how this will be implemented. Maybe those syscalls are not available or sandboxing makes things for difficult. The requirements for making it compatible may reduces its performance.

We will see :)

If there is anything Node core can do better for you to allow better interop ping us. Also - I'm not sure if you're involved with the WinterCG stuff (I _think_ maybe?) but if you're not please come by!

[1] https://bun.sh/install

  $ curl --head -H "Accept: text/plain" https://bun.sh/install
  
  HTTP/2 200 
  date: Wed, 06 Jul 2022 10:21:57 GMT
  content-type: text/html; charset=utf-8
  ...

So it isn't really everything written in Zig and there is some C++ helping there, actually.

The fact it states it's powered by JSC before even mentioning Zig makes it pretty clear, imo.

They don't claim it's pure Zig and even mention JavaScriptCore in their front page.

Definitely reads otherwise and is click bait, given the actual implementation.

If you read "runtime" as "extensions that allow you to do actually useful stuff" instead of "parser/evaluator", I don't see an issue.

There is precedent for this too -- for instance, the ".NET runtime" is not only the JIT/AOT compiler for CIL, but also the libraries providing the .net api + standards/mechanisms for loading other libraries, etc.

See also https://stackoverflow.com/questions/3900549/what-is-runtime :

> Runtime describes software/instructions that are executed while your program is running, especially those instructions that you did not write explicitly, but are necessary for the proper execution of your code. [...] Runtime code is specifically the code required to implement the features of the language itself.

(HatTip: write universal server code that runs anywhere: Node.js, Edge, Deno, Bun, ... Also for library authors who want to provide a middleware that works anywhere, instead of locking their users into a single JS server runtime.)

@Jarred: We'd be curious to know what you think of HatTip!

[1]: https://github.com/hattipjs/hattip

[2]: https://github.com/hattipjs/hattip/tree/feat/bun

there are projects like uWebSockets.js (and hyper-express [1] built on top of it) [1] which show a 10x increase in throughput.

[1] https://github.com/kartikk221/hyper-express/blob/master/docs...

I excitedly thought this project might include a new JavaScript VM, not extending an existing one.

But thanks for those specific wishlist items, which are much more sensible! Isn't your last item WASM though, with its interface types proposal?

This is making me reconsider using the node ecosystem in some of my projects.

By the way, I think that bun does not apply the patches of ESbuild since the translation date.

    dum replaces npm run and npx.

    Instead of waiting 200ms for your npm client to start, it will start immediately.

https://github.com/Jarred-Sumner/bun/issues/159

Best of luck.

OTOH, that could at last free Rust from being the shiniest kid on the block. Carry on...

The only time I've seen a SEGFAULT in Rust was when using a really badly implemented C library wrapper.

Only RAM manufacturers like memory leaks.

Should have used Nim, to make it interesting :D

I have never in my life heard anyone say they thought V8 was superior to JSC - what are you basing that on?

Since 2019, it seems like JSC is actually faster (they even beat V8 benchmarks).

[1] https://v8.dev/blog

Isn't JavaScriptCore available only in Apple's ecosystem?

Zig is not perfect, Zig is full of sin, in a world full of righteousness, using Zig should be closely guarded.

I also wonder how bun compares to esbuild for js/ts transpile speed gains?

Could you share what made you choose Zig over V for the project? It looks like both languages would have been an appropriate choice.

Anybody know how bun (or any other package manager) stacks up to it?

https://pnpm.io/

> An enourmous amount of time spent profiling, benchmarking and optimizing things. The answer is different for every part of Bun, but one general theme: Zig's low-level control over memory and lack of hidden control flow makes it much simpler to write fast software.

With modern hardware, accessing memory efficiently is key to writing fast software. Programs written in programming languages that don't let the developer control how data is laid out in memory usually face an uphill battle to be fast.

I will check yours out if you post a link! or is it just node-mysql3?

It's main selling point is that it uses template strings so you can just do

sql`select f from t where x=${somevar}`

And the lib will take care of escaping somevar. I was getting sick of ORMs which make it even harder to write complex queries.

It's just a wrapper over mysql1 or 2. I forget which

I'd like to know more about the bundled .bun files. What are they? How they are used? Usable on the browser too?

What's next? It's gonna be a shameful practice to use windows for development?

You're signaling to all contributors that you don't value their freedom or privacy.

Not everyone wants to give their data to a corporation. Some users have accessibility needs that straight aren't met by Discord's clients and they send cease-and-desists to every attempt at people to try to make a better or safer alternative client experience free of charge. The fact that there are free and libre alternatives, but choosing not use or at least support an alternative alongside shows your project's priorities (see: Libera.Chat, mailing lists, Matrix, Zulip, Fediverse, RSS/Atom feeds, hosting Discourse, et. al.).

> What's next? It's gonna be a shameful practice to use windows for development?

Slippery nope.

I'm sure this project's community would welcome a contribution to mirror their git in a read-only state somewhere else, because why wouldn't they? Similarly, I'm sure they'd be fine with collaborating on setting up bidirectional chat bots so you can communicate with them as you want.

But to expect these things from a nascent project seems ridiculous. We're not talking about React or Spring here, we're talking about a brand new project who should be investing as much time as possible making their software work, not catering to every potential communications niche.

If you've decided that contributing to someone else's code on Github violates your sense of ethics or privacy, that's well within your rights and I respect you for it, but you must have enough self-awareness to recognize that that puts you in the far extreme of digital ethicists. And that shouldn't come with an expectation that your ethics have been catered to.

Instead, you bifurcated your community that is passionate about FOSS and privacy from those that aren't.

You seem to have a very distorted view of developers, the vast majority of free software developers are going to have either an IRC client or a Matrix client installed already.

I don't know a single person in any professional context that doesn't have one of Slack, Teams, or Discord installed.

I may be overstating how much smaller your pool is, but to say that choosing Discord or Slack doesn't grossly expand your reach is just naive.

So it's probably just that, different bubbles that rarely intersect.

I don’t think software freedom is a focus of this project. They can’t cater to every unrelated hobby issue.

> shows your project's priorities

Yeah - the priority isn’t software freedom. They can’t prioritise everything.

I guess they'll move on somewhere else? Likelihood seems low, impact seems low. Why spend energy on it?

> To me for open source project we need a way to archive the discussion and make it public not tight to any company or so.

Ok but that's what you're interested in. Most people aren't into that.

I don't get why you'd expect all projects to be focused on your particular hobby interests?

Maybe I love typography. Why isn't this project paying more attention to the typography in their website damnit!

many services don't really migration of the data. Why would I want my data stuck some where?

Nobody wants their data stuck - people assess the likelihood of that as low and the impact as low, so rationally don’t care about it.

If one of my personal projects was unilaterally deleted right now by GitHub it’d be annoying to lose my issues but I could recover ok. And I don’t think it’s likely anyway, so why worry?

People only have so much energy to spend worrying about things. Most would spend it building instead.

Can’t be that hard to understand?

Disagree strongly with this. It signals to me that the developer cares more about building a good thing than standing up FOSS tools to appease the zealots. Seems very pragmatic.

npm is supports shorthands for some Git forges (though no SourceHut or Codeberg), but without the `forge:` syntax, you get GitHub as the default which is also favoritism (no surprise with Microsoft owning GitHub and npm though).

The worst offender IMO though is Elm who ties their entire package management ecosystem to GitHub where both your identity and the ability to upload a package requires a GitHub account and hosting must be there too, and downloading requires that GitHub's servers are actually up (with the community needing hacks to deal with the non-so-uncommon likelihood of GitHub being down and no way to point to a mirror).