---
title: Bun v1.0.5
description: "Fixes 41 bugs + a memory leak in `fetch()`, `KeyObject` support in `crypto` module, import package-lock.json, install peer dependencies, bun pm migrate subcommand, bun install bugfixes, and `toEqualIgnoringWhitespace` matcher in `bun:test`"
date: "2023-10-11T10:33:40.710Z"
author: ashcon
draft: false
---

Bun v1.0.5 fixes 41 bugs (addressing 248 👍 reactions), including a memory leak in `fetch()`, adds `KeyObject` support in `crypto` module, `bun install` can import package-lock.json files, and install peer dependencies. We've also added a `bun pm migrate` subcommand, and more bugfixes.

Bun is an incredibly fast JavaScript runtime, bundler, transpiler, and package manager — all in one. In case you missed it, here are some of the recent changes to Bun:

- [`v1.0.0`](/blog/bun-v1.0) - First stable release!
- [`v1.0.1`](/blog/bun-v1.0.1) - Named imports for .json and .toml files, fixes to `bun install`, `node:path`, and `Buffer`
- [`v1.0.2`](/blog/bun-v1.0.2) - Make `--watch` faster and lots of bug fixes
- [`v1.0.3`](/blog/bun-v1.0.3) - `emitDecoratorMetadata` and Nest.js support, fixes for private registries and more
- [`v1.0.4`](/blog/bun-v1.0.4) - `server.requestIP`, virtual modules in runtime plugins, and more

To install Bun:

{% codetabs %}

```sh#curl
$ curl -fsSL https://bun.sh/install | bash
```

```sh#npm
$ npm install -g bun
```

```sh#brew
$ brew tap oven-sh/bun
$ brew install bun
```

```sh#docker
$ docker pull oven/bun
$ docker run --rm --init --ulimit memlock=-1:-1 oven/bun
```

{% /codetabs %}

To upgrade Bun:

```sh
$ bun upgrade
```

## Fixed memory leak with `fetch()`

We fixed a memory leak in Bun [caused](https://github.com/oven-sh/bun/pull/6350) by responses with gzip/delate encoding not properly being closed. This makes `fetch()` use less memory and more reliable.

{% raw %}

<blockquote class="twitter-tweet"><p lang="en" dir="ltr">in the next version of Bun<br><br>A memory leak impacting fetch() is fixed<br><br>left: bun v1.0.4<br>right: bun v1.0.5 <a href="https://t.co/x3dNkPTh5O">pic.twitter.com/x3dNkPTh5O</a></p>&mdash; Jarred Sumner (@jarredsumner) <a href="https://twitter.com/jarredsumner/status/1710477837516595313?ref_src=twsrc%5Etfw">October 7, 2023</a></blockquote> <script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>

{% /raw %}

This fix also reduces the overall memory consumption of `fetch()`.

## `KeyObject` support in `node:crypto` module

Bun now supports the `KeyObject` class in the `crypto` module, thanks to [@cirospaciari](https://github.com/cirospaciari). This class is used to represent public and private keys, and is used by various crypto packages which now work, including:

- [`jsonwebtoken`](https://github.com/auth0/node-jsonwebtoken)
- [`jose`](https://github.com/panva/jose)
- [`@nestjs/jwt`](https://github.com/nestjs/jwt)
- [`firebase-admin`](https://github.com/firebase/firebase-admin-node)

That's because the following crypto APIs are now implemented in Bun:

- [`KeyObject`](https://nodejs.org/api/crypto.html#static-method-keyobjectfromkey)
- [`crypto.createSecretKey()`](https://nodejs.org/api/crypto.html#cryptocreatesecretkeykey-encoding)
- [`crypto.createPublicKey()`](https://nodejs.org/api/crypto.html#cryptocreatepublickeykey)
- [`crypto.createPrivateKey()`](https://nodejs.org/api/crypto.html#cryptocreateprivatekeykey)
- [`crypto.generateKeyPairSync()`](https://nodejs.org/api/crypto.html#cryptogeneratekeypairsynctype-options)
- [`crypto.generateKeySync()`](https://nodejs.org/api/crypto.html#cryptogeneratekeysynctype-options)
- [`crypto.generateKeyPair()`](https://nodejs.org/api/crypto.html#cryptogeneratekeypairtype-options)
- [`crypto.generateKey()`](https://nodejs.org/api/crypto.html#cryptogeneratekeytype-options)
- [`crypto.sign()`](https://nodejs.org/api/crypto.html#cryptosignalgorithm-data-key-callback)
- [`crypto.verify()`](https://nodejs.org/api/crypto.html#cryptoverifyalgorithm-data-key-signature-callback)

### `expect().toEqualIgnoringWhitespace` in `bun:test`

`bun:test` gets a new test matcher: `toEqualIgnoringWhitespace`, thanks to [@EladBezalel](https://github.com/EladBezalel).

```js
import { expect, test } from "bun:test";

test("it works", () => {
  expect("  hello  ").toEqualIgnoringWhitespace("hello");
});
```

## `bun run --if-present` flag

`bun run` now has a `--if-present` flag, which only runs the script if it exists. This is useful for running the same script in many different folders, like workspaces.

```sh
$ bun run --if-present my-script
# runs "my-script" if it exists in package.json "scripts"
```

Thanks to [@Electroid](https://github.com/Electroid) for implementing this.

## Import dependencies from `package-lock.json`

If Bun does not detect a `bun.lockb` file, `bun install` will now automatically import dependencies from `package-lock.json` if it exists. This makes it easier to migrate from `npm` to `bun`. This preserves the same dependency versions from `package-lock.json`.

{% image src="https://github.com/oven-sh/bun/assets/3238291/fea8d229-8736-4596-b4dd-ae31bae1ee82" /%}

Thanks to [@paperclover](https://github.com/paperclover) for implementing this.

### `bun pm migrate` subcommand

bun v1.0.5 introduces a new `bun pm migrate` subcommand.

To use it, run the following command in the same directory as your `package-lock.json` file:

```sh
$ bun pm migrate
```

This subcommand converts from an npm `package-lock.json` file to a `bun.lockb` file, preserving the same dependency versions from `package-lock.json`.

{% image src="https://github-production-user-asset-6210df.s3.amazonaws.com/709451/274208726-7bd4e7a1-5b53-4eb4-9a2c-b7a793f808af.png" /%}

You don't typically have to run this command because `bun install` will automatically run it if it detects a `package-lock.json` file and no `bun.lockb` file, but it's useful if you want to migrate from `npm` to `bun` without running `bun install`.

## Install peer dependencies

`bun install` now automatically installs unmet peer dependencies by default. This means that if you install a package that has peer dependencies, Bun will automatically install those peer dependencies if they were not already present. This aligns the behavior of `bun install` with `npm install` and `pnpm install`.

If you don't want this behavior, you can disable it by passing the `--no-peer` flag to `bun install`.

You can also disable this behavior by default by adding the following to your `bunfig.toml` file:

```toml
# Disable installing peer dependencies
install.peer = false
```

Thanks to [@dylan-conway](https://github.com/dylan-conway) for implementing this.

### What are peer dependencies?

Peer dependencies are dependencies that are required by a package, but preferred to be installed by the user.

For example, if you install `react-router-dom` without `react`, it probably won't work. `react-router-dom` has `react` as a peer dependency, which means that it requires `react` to be installed, but it's preferred that the user installs `react` themselves so that you can have more control over which version of `react` is installed. It's a way for a package to say, "I need this library to work, but it should use your version of the dependency instead of mine".

Previously, Bun would not install peer dependencies, which meant that you had to install them yourself. This caused issues where packages would not work out of the box, and you would have to manually install peer dependencies. Now, Bun will automatically install peer dependencies for you.

## `"trustedDependencies"` lifecycle scripts bugfix

A bug caused lifecycle scripts from `"trustedDependencies"` to not be re-run on `bun install`. This has been fixed, [thanks to [@Arden144](https://github.com/Arden144)](https://github.com/oven-sh/bun/issues/5472).

## Fixed `bun install` bugs

We've been working hard to fix bugs in `bun install`. Here are some of the bugs we fixed:

- [#6258](https://github.com/oven-sh/bun/pull/6258) - Fixed issues with `workspace` dependencies not resolving.
- [#4066](https://github.com/oven-sh/bun/issues/4066) - Fixed `ConnectionRefused` errors or scenarios where `bun install` would take too long.
- More support for `git` dependencies, including `git@<url>` and `bitbucket:<url>`.
- [#6219](https://github.com/oven-sh/bun/pull/6219) - micro-optimization in `bun install` to open fewer file descriptors.
- Fixed a bug where pre-releases would cause the wrong version to be resolved.

## Other changes and fixes

- [#6207](https://github.com/oven-sh/bun/pull/6207) - `process.kill()` now returns a boolean, to match Node.js. (thanks @Hanaasagi!)
- [#6042](https://github.com/oven-sh/bun/pull/6042) - `bunx` now works with Github packages, e.g. `bunx github:piuccio/cowsay` (thanks @axlEscalada!)
- [#6259](https://github.com/oven-sh/bun/pull/6259) - `Blob.slice` sets offset correctly (thanks @Hanaasagi!)
- [#6074](https://github.com/oven-sh/bun/pull/6074) - `TextEncoder.ignoreBOM` is now supported (thanks @WingLim!)
- bun install now persists relative workspace paths in the `bun.lockb` file.
- bun install now persists `trustedDependencies` in the `bun.lockb` file.
- The `query` property in `node:url` is now an object instead of a `URLSearchParams` instance, matching Node.js behavior
- Exit codes in `process.exit` can now be > 127, thanks to [@liz3](https://github.com/liz3).
- A bug in `node:buffer` where positional arguments were incorrectly required has been fixed, thanks to [@kitsuned](https://github.com/kitsuned).

## New Contributors

Thanks to our 16 new contributors 🎉

- [@mathiasrw](https://github.com/mathiasrw) made their first contribution in #6255
- [@wbjohn](https://github.com/wbjohn) made their first contribution in #6256
- [@jsparkdev](https://github.com/jsparkdev) made their first contribution in #6222
- [@kitsuned](https://github.com/kitsuned) made their first contribution in #4911
- [@Pandapip1](https://github.com/Pandapip1) made their first contribution in #6298
- [@panva](https://github.com/panva) made their first contribution in #6294
- [@2hu12](https://github.com/2hu12) made their first contribution in #6379
- [@Cadienvan](https://github.com/Cadienvan) made their first contribution in #6331
- [@Longju000](https://github.com/Longju000) made their first contribution in #6291
- [@babarkhuroo](https://github.com/babarkhuroo) made their first contribution in #6314
- [@otterDeveloper](https://github.com/otterDeveloper) made their first contribution in #6359
- [@RaresAil](https://github.com/RaresAil) made their first contribution in #6400
- [@yukulele](https://github.com/yukulele) made their first contribution in #6399
- [@vthemelis](https://github.com/vthemelis) made their first contribution in #6307
- [@EladBezalel](https://github.com/EladBezalel) made their first contribution in #6293
- [@Arden144](https://github.com/Arden144) made their first contribution in #6376

To view the full list of changes, check out the [Bun changelog](https://github.com/oven-sh/bun/compare/bun-v1.0.4...bun-v1.0.5).