// Bun package manager commands (install, add, remove, update), workspaces, lockfiles, npm/yarn/pnpm migration. Use for dependency management with Bun.
100+ animated React components (Aceternity UI) for Next.js with Tailwind. Use for hero sections, parallax, 3D effects, or encountering animation, shadcn CLI integration errors.
Vercel AI SDK v5 for backend AI (text generation, structured output, tools, agents). Multi-provider. Use for server-side AI or encountering AI_APICallError, AI_NoObjectGeneratedError, streaming failures.
Skill for integrating Better Auth - comprehensive TypeScript authentication framework for Cloudflare D1, Next.js, Nuxt, and 15+ frameworks. Use when adding auth, encountering D1 adapter errors, or implementing OAuth/2FA/RBAC features.
This skill should be used when the user asks about "Cloudflare Workers with Bun", "deploying Bun to Workers", "wrangler with Bun", "edge deployment", "Bun to Cloudflare", or building and deploying applications to Cloudflare Workers using Bun.
Use for Docker with Bun, Dockerfiles, oven/bun image, containerization, and deployments.
This skill should be used when the user asks about "Next.js with Bun", "Bun and Next", "running Next.js on Bun", "Next.js development with Bun", "create-next-app with Bun", or building Next.js applications using Bun as the runtime.
| name | bun-package-manager |
| description | Bun package manager commands (install, add, remove, update), workspaces, lockfiles, npm/yarn/pnpm migration. Use for dependency management with Bun. |
| license | MIT |
Bun's package manager is a dramatically faster replacement for npm, yarn, and pnpm. Up to 25x faster than npm install.
# Install all dependencies
bun install
# Add packages
bun add react react-dom
bun add -D typescript @types/react
# Remove packages
bun remove lodash
# Update packages
bun update
# Run package binaries
bunx create-next-app
| Command | Description |
|---|---|
bun install | Install all dependencies |
bun add <pkg> | Add dependency |
bun add -D <pkg> | Add dev dependency |
bun add -O <pkg> | Add optional dependency |
bun add --peer <pkg> | Add peer dependency |
bun remove <pkg> | Remove dependency |
bun update [pkg] | Update dependencies |
bunx <pkg> | Run package binary |
bun pm cache rm | Clear cache |
# Production mode (no devDependencies)
bun install --production
# Frozen lockfile (CI/CD)
bun install --frozen-lockfile
bun ci # shorthand
# Dry run
bun install --dry-run
# Verbose/Silent
bun install --verbose
bun install --silent
# Force reinstall
bun install --force
# Global packages
bun install -g cowsay
Bun uses bun.lock (text-based since v1.2):
# Generate text lockfile
bun install --save-text-lockfile
# Upgrade from binary bun.lockb
bun install --save-text-lockfile --frozen-lockfile --lockfile-only
rm bun.lockb
{
"name": "my-monorepo",
"workspaces": ["packages/*", "apps/*"]
}
Run commands across workspaces:
# Run in matching packages
bun run --filter 'pkg-*' build
# Run in all workspaces
bun run --filter '*' test
# Install for specific packages
bun install --filter 'pkg-a'
Bun does not run lifecycle scripts from dependencies by default (security). Whitelist trusted packages:
{
"trustedDependencies": ["my-trusted-package"]
}
# Skip all lifecycle scripts
bun install --ignore-scripts
# Concurrent scripts
bun install --concurrent-scripts 5
Force specific versions for nested dependencies:
{
"overrides": {
"lodash": "4.17.21"
}
}
Yarn-style resolutions also supported:
{
"resolutions": {
"lodash": "4.17.21"
}
}
{
"dependencies": {
"dayjs": "git+https://github.com/iamkun/dayjs.git",
"lodash": "git+ssh://github.com/lodash/lodash.git#4.17.21",
"zod": "github:colinhacks/zod",
"react": "https://registry.npmjs.org/react/-/react-18.2.0.tgz",
"bun-types": "npm:@types/bun"
}
}
Traditional flat node_modules:
bun install --linker hoisted
pnpm-like strict isolation:
bun install --linker isolated
Isolated prevents "phantom dependencies" - packages can only access declared dependencies.
# GitHub Actions
- uses: oven-sh/setup-bun@v2
- run: bun ci # frozen lockfile
# Install for different platform
bun install --cpu=x64 --os=linux
When installing packages, follow supply chain security best practices:
trustedDependencies in package.jsonminimumReleaseAge in bunfig.toml to wait 7 days for new versionssocket package score npm <pkg> or use socket npm install <pkg> to check packages before they reach your projectLoad the dependency-upgrade skill for full security configuration including Socket CLI integration, cooldown setup, lockfile validation, and CI enforcement.
| Error | Cause | Fix |
|---|---|---|
Cannot find module | Missing dependency | Run bun install |
Lockfile mismatch | package.json changed | Run bun install |
Peer dependency | Missing peer | bun add the peer |
Lifecycle script failed | Untrusted package | Add to trustedDependencies |
Bun automatically migrates pnpm-lock.yaml:
bun install # Auto-converts to bun.lock
Workspace config moves to package.json:
{
"workspaces": {
"packages": ["apps/*", "packages/*"],
"catalog": {
"react": "^18.0.0"
}
}
}
Simply run bun install - Bun reads package-lock.json and yarn.lock.
Load references/cli-commands.md when:
Load references/workspaces.md when:
Load references/migration.md when: