I have a lot of respect for Jarred and bun. The lean approach of just one person working for a year is rather underrated imo. No funding and therefore no pressure for growth. No overhead from scaling up a team and having to implement process, standards, etc. And at the same time, incredible content marketing by just tweeting about every little detail. Me and many others got hooked just because Jarred was posting interesting stuff and kept posting interesting stuff. It wasn't a stuffy blog or padded out conference talks, it was just good, technical content.
My only hope is that Jarred gets some rest for a bit. According to his Twitter he's been pulling 80 hour weeks and while that does lead to impressive work, it's not great from a human perspective. Hope he can rest up and keep this going for the long haul!
I've done this solo sprint for a year to get a startup running a few times in my career.
The time it worked, I worked 10-4pm (heads down) in the ideation phase, ate well, slept well, got two hours of exercise daily, and had an interesting social life. Once the startup took on a life of its own, the personal life started to suffer and I got up to 80+hrs for a month or two before settling into ~60.
The two times it didn't work, I embraced the 60hr/week grind and was a bit more isolated, perhaps drank a bit more to unwind, and my focus deeply suffered.
I really love the solo thing, but in the early days, be creative and happy. The grind will find you. Market fit means more work. No doubt Jarred will find building a company and Bun at the same time even more challenging that just building Bun.
> The lean approach of just one person working for a year is rather underrated imo
It's honestly got me thinking about doing the same thing for my Big Project that I've been squeezing into nights and weekends for the past year and a half
He should have rested up and taken a week off to get some perspective before attempting to write recruiting spam on Twitter.
Sounding twitchy and strung out and high strung and histrionic? A filter for sure, but not for the things he thinks he wants.
This is how you get broken, desperate, unhealthy people, and that is reflected permanently in culture, and almost always in product, with poor prognosis for success.
It's an incredible achievement, though I worry about the use of an unproven language (Zig) that lacks memory safety by design. JavaScript runtimes, especially those with JITs, have been plagued by vulnerabilities from memory safety, type confusion, and data races.
Node.js, despite being based on V8, is still susceptible independently of V8 and introduces its own vulnerabilities. It's not sufficient for the runtime to be secure, but the new facilities Bun provides must also be vetted.
Bun/Oven are new, and similar in position to Node. Here are the hard questions I'd ask if I were on a security team and asked to review adopting Bun:
> 2. What measures is Oven taking to proactively detect and mitigate vulnerabilities? (e.g.: fuzzing, audits, bug bounties)
Fuzzing will begin soon. Regular security audits will happen around the 1.0 release. Bug bounty seems like a good idea, but it's too early today to know when this will start.
> 3. Will Oven support Zig development to avoid an existential risk in upstream vulnerabilities?
Yes. Oven will donate to Zig Software Foundation.
More broadly - I think about all of this a lot, but until now Bun has been mostly the work of just me. Bun is still very early - there's a lot that's just not implemented yet.
Worth clarifying that Bun isn't a from-scratch JS runtime, it's a wrapper around JavaScriptCore (WebKit's JS engine), like Node is around V8
As you say, there's still plenty of room for vulnerabilities in the parts it does implement, and Zig isn't strictly memory-safe. However, Zig has lots of modern features like optional-types that help quite a bit with avoiding memory errors: https://www.scattered-thoughts.net/writing/how-safe-is-zig/
Which is to say your question is definitely valid, but there are also reasons to think this isn't as huge a concern as it might seem
> 2. What measures is Oven taking to proactively detect and mitigate vulnerabilities? (e.g.: fuzzing, audits, bug bounties)
We're huge fans of bun at Fuzzbuzz (waiting for it to get a bit more production-ready). If Jarred's interested, we'd be happy to donate some compute to support fuzzing Bun.
I am fairly confident that Zig does not lack memory safety by design; from what I understand, the language as a whole isn't even finished, and the memory safety design isn't like a GC'd language or like Rust, so people assume there isn't memory safety when in reality it is at least partially implemented.
Congrats to Jarred! Bun has blown me away in terms of performance. Often (in other projects) performance claims out of nowhere are simply cherry-picked but I’ve found bun repeatedly impressing me with both speed and elegance.
What doesn’t get mentioned enough is just how friggin ergonomic bun is. Install it and you’ll see what I mean immediately. Play with any API in the “bun:” namespace and it’s just a breath of fresh air.
I'm curious about where all that performance comes from
I know it uses the WebKit JS runtime instead of V8, which is super interesting. Does that cause a performance lift? Or is there some other secret sauce that pervades throughout Bun? Or is it just a matter of Jarred giving lots of attention to spot-optimizing the most important bottlenecks outside of the core runtime?
I'm curious if it will be as fast after implementing some must have features like sourcemaps, minification, and tree shaking? Bun is definitely not production ready yet, but I'm keeping my eye on it for sure
It’s consistently in the top 5 fastest web framework (beating out Rust, etc).
Just-JS is already faster than Bun.
Additionally, JSCore appears to be a significant reason why Bun is faster than NodeJS (V8). Just-JS is investigating switching to JSCore as well - which will only extend its lead.
Besides being Linux-only, the GH page lists intentional restrictions like “commonjs modules, no support for ES modules” -- that seems like a biggie!
The benchmarks seem to focus exclusively on startup time, which is certainly important but not the only important thing. (And unless I misread those tweets it’s only a tiny bit ahead of bun.)
More competition is good and helps keep everyone honest, of course, but it looks like extremely early days for this project.
Bun does ESM, JSX, Typescript and SQLite support out of the box. It also does bundling. It’s quite nice.
I’m thinking of building a zero-dependency toolkit on top of it. I rewrote Tailwind this weekend with that in mind, and my 4-second Tailwind build (on a 90k line project) now takes 200ms. That’s mostly due to how I architected my Tailwind library; not Bun, but Bun is fast where it’s been optimized.
I love the idea of a zero (or very low) dependency, modern toolkit. I’m rooting for Bun.
You might be right, though it's Linux only, and still has a "coming soon" as documentation. Worth keeping an eye on, but seems more in the experimental phase compared to bun.
While obviously extremely impressed with Bun and Jarred's achievement (especially because I really like Zig being similar to C) I'm also shocked that he was able to get a 3-letter `.sh` domain (bun) _and_ a 4-letter `.sh` domain (oven) both real words!
Looked to me that Oven was registered shortly after Bun exploded in popularity.
Don't be shocked. There are plenty of short domains left for grab, they're just expensivish for most people (usually $100 - $1000 but could be more). Glad that's the case, otherwise squatters would've "invested" into them already.
They are roughly in competition, though Deno made the decision early on to largely split itself from the ecosystem and existing conventions of Node (and an enormous body of existing JavaScript packages on npm), whereas Bun did not. Bun, AFAIK, aims to be compatible with Node and existing the npm ecosystem.
It seems both are attempting to make money by providing their own "serverless clouds" and hoping people will use those, instead of AWS/GCP/Cloudflare Workers/Fly/etc.
https://bun.sh/. "Bun is a fast all-in-one JavaScript runtime. Bundle, transpile, install and run JavaScript & TypeScript projects — all in Bun. Bun is a new JavaScript runtime with a native bundler, transpiler, task runner and npm client built-in."
finally, a tech company with a cute design aesthetic :D i'm so happy to see a cute little bun in an oven instead of standard tech company imagery. i've never used bun and don't have great reason to, but it makes me hopeful to see.
> Before Oven can offer hosting, Bun needs a stable release. The goal: a stable release of Bun in under six months from today (August 23rd).
Wow! That is an ambitious timeline. Also ambitious is this:
> The plan is to run our own servers on the edge in datacenters around the world. Oven will leverage end-to-end integration of the entire JavaScript stack (down to the hardware) to make new things possible.
That’s a lot of work in a crowded space. Maybe they’re aiming for an acquisition or something?
Anyway, I wish them luck. Bun probably tops the list of projects I’m excited about at the moment.
from the bun website
> Bun natively implements hundreds of Node.js and Web APIs, including ~90% of Node-API functions
Is there any status tracker to see what is supported and what is not, or in other words how do I know if bun supports a particular framework or a library?
Interesting effort. How do you plan to make money? I would love to do something like this but it must be really hard to figure how to turn revenue sustainably apart from donations, consulting and maybe some sort of hosting services.
I love these funny names. First time I introduced HomeBrew to my gf, she was all laughing at the funny terms:
keg - Program binaries created from source
bottle - Program binaries downloaded
cellar - Directory where kegs / binaries are stored
tap - git repository
cask - macos native binary (not used in Linux)
I am surprised every day at how much raw human effort has gone (and continues to go) into making JavaScript into a good language, when at most 1/20th of that effort could have been used to simply replace it with something that is good to begin with.
I feel like there’s two reasons why I don’t understand your comment at all. Either you made a pun somewhere in there that just went way over my head, or it’s way too early for me to be up. But I have no idea what „of in the cold food of out hot eat the food“ could mean
hardwaregeek|3 years ago
My only hope is that Jarred gets some rest for a bit. According to his Twitter he's been pulling 80 hour weeks and while that does lead to impressive work, it's not great from a human perspective. Hope he can rest up and keep this going for the long haul!
fizx|3 years ago
The time it worked, I worked 10-4pm (heads down) in the ideation phase, ate well, slept well, got two hours of exercise daily, and had an interesting social life. Once the startup took on a life of its own, the personal life started to suffer and I got up to 80+hrs for a month or two before settling into ~60.
The two times it didn't work, I embraced the 60hr/week grind and was a bit more isolated, perhaps drank a bit more to unwind, and my focus deeply suffered.
I really love the solo thing, but in the early days, be creative and happy. The grind will find you. Market fit means more work. No doubt Jarred will find building a company and Bun at the same time even more challenging that just building Bun.
brundolf|3 years ago
It's honestly got me thinking about doing the same thing for my Big Project that I've been squeezing into nights and weekends for the past year and a half
aaroninsf|3 years ago
Sounding twitchy and strung out and high strung and histrionic? A filter for sure, but not for the things he thinks he wants.
This is how you get broken, desperate, unhealthy people, and that is reflected permanently in culture, and almost always in product, with poor prognosis for success.
Seriously the guy needs to chill the f--- out.
AaronFriel|3 years ago
Node.js, despite being based on V8, is still susceptible independently of V8 and introduces its own vulnerabilities. It's not sufficient for the runtime to be secure, but the new facilities Bun provides must also be vetted.
Bun/Oven are new, and similar in position to Node. Here are the hard questions I'd ask if I were on a security team and asked to review adopting Bun:
1. Will Oven adopt a security policy for Bun? (https://github.com/oven-sh/bun/security)
2. What measures is Oven taking to proactively detect and mitigate vulnerabilities? (e.g.: fuzzing, audits, bug bounties)
3. Will Oven support Zig development to avoid an existential risk in upstream vulnerabilities?
Jarred|3 years ago
Yes.
> 2. What measures is Oven taking to proactively detect and mitigate vulnerabilities? (e.g.: fuzzing, audits, bug bounties)
Fuzzing will begin soon. Regular security audits will happen around the 1.0 release. Bug bounty seems like a good idea, but it's too early today to know when this will start.
> 3. Will Oven support Zig development to avoid an existential risk in upstream vulnerabilities?
Yes. Oven will donate to Zig Software Foundation.
More broadly - I think about all of this a lot, but until now Bun has been mostly the work of just me. Bun is still very early - there's a lot that's just not implemented yet.
brundolf|3 years ago
As you say, there's still plenty of room for vulnerabilities in the parts it does implement, and Zig isn't strictly memory-safe. However, Zig has lots of modern features like optional-types that help quite a bit with avoiding memory errors: https://www.scattered-thoughts.net/writing/how-safe-is-zig/
Which is to say your question is definitely valid, but there are also reasons to think this isn't as huge a concern as it might seem
andrei|3 years ago
We're huge fans of bun at Fuzzbuzz (waiting for it to get a bit more production-ready). If Jarred's interested, we'd be happy to donate some compute to support fuzzing Bun.
<hn username> @ fuzzbuzz.io
TakeBlaster16|3 years ago
Maybe this will be the company that proves it :)
naikrovek|3 years ago
jmartin2683|3 years ago
dang|3 years ago
Will Bun JavaScript Take Node's Crown - https://news.ycombinator.com/item?id=32457587 - Aug 2022 (321 comments)
Bun: A Complete Overhaul of the JavaScript Ecosystem - https://news.ycombinator.com/item?id=32243534 - July 2022 (25 comments)
Bun gets “bun:FFI” – call native libraries from JavaScript - https://news.ycombinator.com/item?id=32120090 - July 2022 (16 comments)
Bun (can become) the ideal JavaScript runtime - https://news.ycombinator.com/item?id=32067268 - July 2022 (14 comments)
Bun: Fast JavaScript runtime, transpiler, and NPM client written in Zig - https://news.ycombinator.com/item?id=31993429 - July 2022 (314 comments)
Bun – fast JavaScript and CSS bundler - https://news.ycombinator.com/item?id=29179848 - Nov 2021 (36 comments)
Kind of related:
Hop: Faster than unzip and tar at reading individual files - https://news.ycombinator.com/item?id=29178710 - Nov 2021 (128 comments)
brrrrrm|3 years ago
What doesn’t get mentioned enough is just how friggin ergonomic bun is. Install it and you’ll see what I mean immediately. Play with any API in the “bun:” namespace and it’s just a breath of fresh air.
brundolf|3 years ago
I know it uses the WebKit JS runtime instead of V8, which is super interesting. Does that cause a performance lift? Or is there some other secret sauce that pervades throughout Bun? Or is it just a matter of Jarred giving lots of attention to spot-optimizing the most important bottlenecks outside of the core runtime?
verdverm|3 years ago
https://github.com/oven-sh/bun#not-implemented-yet
Aeolun|3 years ago
I’ve had it proven true only two times so far. First time was with esbuild.
alberth|3 years ago
It’s consistently in the top 5 fastest web framework (beating out Rust, etc).
Just-JS is already faster than Bun.
Additionally, JSCore appears to be a significant reason why Bun is faster than NodeJS (V8). Just-JS is investigating switching to JSCore as well - which will only extend its lead.
https://github.com/just-js/just
https://www.techempower.com/benchmarks/#section=data-r21
https://twitter.com/justjs14/status/1560741923106725889#m
https://twitter.com/justjs14/status/1557856790897106944#m
iainmerrick|3 years ago
The benchmarks seem to focus exclusively on startup time, which is certainly important but not the only important thing. (And unless I misread those tweets it’s only a tiny bit ahead of bun.)
More competition is good and helps keep everyone honest, of course, but it looks like extremely early days for this project.
christophilus|3 years ago
I’m thinking of building a zero-dependency toolkit on top of it. I rewrote Tailwind this weekend with that in mind, and my 4-second Tailwind build (on a 90k line project) now takes 200ms. That’s mostly due to how I architected my Tailwind library; not Bun, but Bun is fast where it’s been optimized.
I love the idea of a zero (or very low) dependency, modern toolkit. I’m rooting for Bun.
esquire_900|3 years ago
b_fiive|3 years ago
tsujp|3 years ago
Looked to me that Oven was registered shortly after Bun exploded in popularity.
plesiv|3 years ago
benreesman|3 years ago
DangitBobby|3 years ago
yencabulator|3 years ago
mwexler|3 years ago
https://bun.sh/. "Bun is a fast all-in-one JavaScript runtime. Bundle, transpile, install and run JavaScript & TypeScript projects — all in Bun. Bun is a new JavaScript runtime with a native bundler, transpiler, task runner and npm client built-in."
tantalor|3 years ago
j3s|3 years ago
christophilus|3 years ago
Wow! That is an ambitious timeline. Also ambitious is this:
> The plan is to run our own servers on the edge in datacenters around the world. Oven will leverage end-to-end integration of the entire JavaScript stack (down to the hardware) to make new things possible.
That’s a lot of work in a crowded space. Maybe they’re aiming for an acquisition or something?
Anyway, I wish them luck. Bun probably tops the list of projects I’m excited about at the moment.
vasergen|3 years ago
Is there any status tracker to see what is supported and what is not, or in other words how do I know if bun supports a particular framework or a library?
hestefisk|3 years ago
behnamoh|3 years ago
1shooner|3 years ago
juancampa|3 years ago
SwiftyBug|3 years ago
yencabulator|3 years ago
> Oven will leverage end-to-end integration of the entire JavaScript stack (down to the hardware) to make new things possible.
qudat|3 years ago
howon92|3 years ago
latenightcoding|3 years ago
"Oven will provide incredibly fast serverless hosting & continuous integration for backend & frontend JavaScript apps"
Isn't trying to dethrone node.js (by making Bun better and more popular) something worth pursuing on its own, or there is no money in that?
eatonphil|3 years ago
https://deno.com/blog/series-a
naikrovek|3 years ago
brundolf|3 years ago
solardev|3 years ago
unknown|3 years ago
[deleted]
anothernewdude|3 years ago
lucakiebel|3 years ago
revolvingocelot|3 years ago
s_dev|3 years ago
unknown|3 years ago
[deleted]
digitaLandscape|3 years ago
[deleted]
oandrew|3 years ago