#bun
The Bun CVE Gap: When Your Package Manager Can't Do Surgical Updates
10 min readYarn Berry, pnpm, and npm all support surgical CVE remediation. Bun, today, doesn't. Here's what I found when I tried to apply my own workflow to a Bun project.
Bun Code Coverage Gap
3 min readBun's test runner only tracks coverage for loaded files. Here's how to expose the gaps.