Bun merged the rust rewrite: https://github.com/oven-sh/bun/pull/30412
I’ve been using bun for ~6 months, in part to avoid npm issues (bun doesn’t run postinstall), but might change to pnpm for a while to avoid any targeted attacks (not targeted at me, but like supply chain attacks kind of targeted). Claude code bundles bun in the binary I think, so using claude code at all means there’s still an exploit vector if there’s a serious issue found.
Found via: https://www.youtube.com/watch?v=AjfrlcmObus