--- title: Bun v1.1.40 description: "Fixes 14 bugs. Adds `install.saveTextLockfile` option in bunfig.toml to make the text lockfile format the default. Fixes a bug in package-lock.json migration when manually changing npm URLs to git URLs. Fixes a regression in process.on from Bun v1.1.39. Fixes an issue with BigInt in napi APIs impacting DuckDB. Improves reliability of installing git/github dependencies in bun install. Upgrades WebKit with security & reliability improvements." date: "2024-12-18T05:51:42.036Z" author: jarred --- {% callout %} We're hiring [systems engineers](/careers) in San Francisco to build the future of JavaScript! {% /callout %} This release fixes 14 bugs. Adds `install.saveTextLockfile` option in bunfig.toml to make the text lockfile format the default. Fixes bugs in package-lock.json migration when manually changing npm resolutions to git URLs. Fixes a regression in process.on from Bun v1.1.39. Fixes an issue with BigInt in napi APIs impacting DuckDB. Improves reliability of installing git/github dependencies in bun install. Upgrades WebKit with security & reliability improvements. #### To install Bun {% codetabs %} ```sh#curl $ curl -fsSL https://bun.sh/install | bash ``` ```sh#npm $ npm install -g bun ``` ```sh#powershell $ powershell -c "irm bun.sh/install.ps1|iex" ``` ```sh#scoop $ scoop install bun ``` ```sh#brew $ brew tap oven-sh/bun $ brew install bun ``` ```sh#docker $ docker pull oven/bun $ docker run --rm --init --ulimit memlock=-1:-1 oven/bun ``` {% /codetabs %} #### To upgrade Bun ```sh $ bun upgrade ``` ## New: `install.saveTextLockfile` in bunfig.toml In Bun v1.1.39, we introduced the [text-based `bun.lock` lockfile](https://bun.sh/blog/bun-lock-text-lockfile) format for `bun install`. In Bun v1.2, we will make it the default. To use `bun.lock` instead of `bun.lockb`: ```sh $ bun install --save-text-lockfile ``` Several people have asked for a way to use the text-based lockfile format by default without waiting for v1.2. You can now set `install.saveTextLockfile = true` in your `bunfig.toml` to make the text lockfile format the default. ```toml#~/.bunfig.toml [install] saveTextLockfile = true ``` You can place this in your global `~/.bunfig.toml`. Thanks to [@dylan-conway](https://github.com/dylan-conway) for implementing this! ## Fixed: regression in process.on from Bun v1.1.39 A regression introduced in Bun v1.1.39 caused `process.on` when used in a Worker, in a single-file executable, or a macro to potentially crash. This has been fixed. Thanks to [@dylan-conway](https://github.com/dylan-conway) for implementing this! ## Fixed: N-API BigInt handling bug impacting DuckDB Our N-API implementation for `napi_create_bigint_words` was not handling trailing zeros consistently with Node.js & V8. The `napi_get_value_bigint_uint64` and `napi_get_value_bigint_int64` functions were not setting the `lossless` boolean flag. These have been fixed, thanks to [@190n](https://github.com/190n)! ## Improved git/github dependency installation reliability In rare cases, `bun install` would hang or fail to install git/github dependencies. What makes Git/GitHub dependencies tricky is we don't know their own dependencies until after we've downloaded the package (unlike npm which has a registry API we can ask ahead of time). To save you time, bandwidth, and disk space, `bun install` goes to great lengths to avoid downloading packages that ultimately won't be used or are already installed. Often `bun install` won't try to download a package until we try to install it, see it's not there in node_modules, and see it's not there in the global store. This release fixes a bug that could cause git dependencies to fail to transition from the downloading state to the installed state. This release also fixes a bug in package-lock.json migration when manually changing npm URLs to git URLs. Thank to [@dylan-conway](https://github.com/dylan-conway) for implementing this! ## WebKit upgrade This WebKit upgrade includes reliability and security improvements. - A lock could theoretically unlock too early - An edgecase involving the DFG JIT with the `[[ToString]]` operation - Setting a value in a typed array of integers in the DFG JIT could end up in an incorrect state in the global object when taking a slow path ### Thanks to 4 contributors! - [@190n](https://github.com/190n) - [@dylan-conway](https://github.com/dylan-conway) - [@jarred-sumner](https://github.com/jarred-sumner) - [@riskymh](https://github.com/riskymh)