一键导入
bun-dev
This skill should be used when working with Bun runtime, bun:sqlite, Bun.serve, bun:test, or when "Bun", "bun:test", or Bun-specific patterns are mentioned.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
This skill should be used when working with Bun runtime, bun:sqlite, Bun.serve, bun:test, or when "Bun", "bun:test", or Bun-specific patterns are mentioned.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
pi-mono agent framework reference (github.com/badlogic/pi-mono). TRIGGER when: writing agent code using pi-ai/pi-agent-core/pi-coding-agent packages, defining tools with TypeBox schemas, implementing TUI or Web UI over an agent core, building extensions that hook into agent lifecycle, working with session/compaction/retry logic, implementing LLM provider abstractions, or any code that imports from @mariozechner/* packages.
UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 8 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient.
Active Directory 域渗透全链路指导技能。基于 GOAD (Game of Active Directory) 靶场实战经验, 涵盖从初始侦察、用户枚举、密码攻击、中继与投毒、ADCS证书攻击、MSSQL利用、提权、 横向移动、凭据提取、ACL滥用、委派攻击、域信任利用到域控拿下的完整渗透链。 当用户提到以下任何关键词时,务必触发此技能: AD渗透、域渗透、Active Directory、域控攻击、内网渗透、kerberoasting、AS-REP roasting、 NTLM relay、responder、bloodhound、certipy、ADCS、ESC1-ESC15、PetitPotam、 noPac、PrintNightmare、横向移动、pass the hash、golden ticket、silver ticket、 DCSync、secretsdump、mimikatz、委派攻击、delegation、ACL滥用、域信任、 forest trust、提权、SeImpersonate、KrbRelay、MSSQL提权、webshell、 凭据收集、密码喷洒、password spray、域枚举、SMB签名、coercer、 shadow credentials、certifried、RBCD、GPO abuse、LAPS、 即使用户没有明确说"域渗透",只要涉及Windows域环境的攻击场景都应使用此技能。
Browser automation CLI for AI agents. Use when the user needs to interact with websites, including navigating pages, filling forms, clicking buttons, taking screenshots, extracting data, testing web apps, or automating any browser task. Triggers include requests to "open a website", "fill out a form", "click a button", "take a screenshot", "scrape data from a page", "test this web app", "login to a site", "automate browser actions", or any task requiring programmatic web interaction.
Help with ffuf-based Web parameter fuzzing. Use this skill whenever the user wants to fuzz Web request paths, query parameters, headers, POST bodies, JSON fields, or raw HTTP requests with ffuf, or when they ask for an ffuf command, wordlist choice, false-positive filtering, matcher/filter tuning, or replaying hits into Burp/ZAP.
Navigate the fuzzDicts repository and choose the right dictionary or payload list for authorized Web directory scanning, parameter fuzzing, upload bypass testing, subdomain enumeration, API discovery, credential spraying, and vuln-specific fuzzing. Use this skill whenever the user asks which wordlist to use, wants to browse or classify fuzz dictionaries, needs ffuf/wfuzz/feroxbuster/dirsearch/gobuster-ready file paths, or mentions this repository even if they do not explicitly ask for a skill.
| name | bun-dev |
| description | This skill should be used when working with Bun runtime, bun:sqlite, Bun.serve, bun:test, or when "Bun", "bun:test", or Bun-specific patterns are mentioned. |
| metadata | {"version":"1.0.0"} |
Bun runtime → native APIs → zero-dependency patterns.
<when_to_use>
NOT for: Node.js-only patterns, cross-runtime libraries, non-Bun projects
</when_to_use>
<runtime_basics>
Package management:
bun install # Install deps
bun add zod # Add package
bun remove zod # Remove package
bun update # Update all
Script execution:
bun run dev # Run package.json script
bun run src/index.ts # Execute TypeScript directly
bun --watch index.ts # Watch mode
Testing:
bun test # All tests
bun test src/ # Directory
bun test --watch # Watch mode
bun test --coverage # With coverage
Building:
bun build ./index.ts --outfile dist/bundle.js
bun build ./index.ts --compile --outfile myapp # Standalone executable
</runtime_basics>
<file_operations>
// Read file (lazy, efficient)
const file = Bun.file('./data.json');
if (!(await file.exists())) throw new Error('File not found');
// Read formats
const text = await file.text();
const json = await file.json();
const buffer = await file.arrayBuffer();
const stream = file.stream(); // Large files
// Metadata
console.log(file.size, file.type);
// Write
await Bun.write('./output.txt', 'content');
await Bun.write('./data.json', JSON.stringify(data));
await Bun.write('./blob.txt', new Blob(['data']));
</file_operations>
import { Database } from 'bun:sqlite';
const db = new Database('app.db', { create: true, readwrite: true, strict: true });
// Create tables
db.run(`
CREATE TABLE IF NOT EXISTS users (
id TEXT PRIMARY KEY,
email TEXT UNIQUE NOT NULL,
name TEXT NOT NULL,
created_at TEXT DEFAULT CURRENT_TIMESTAMP
)
`);
// Prepared statements (always use these)
const getUser = db.prepare('SELECT * FROM users WHERE id = ?');
const createUser = db.prepare('INSERT INTO users (id, email, name) VALUES (?, ?, ?) RETURNING *');
// Execution
const user = getUser.get('user-123'); // Single row
const all = db.prepare('SELECT * FROM users').all(); // All rows
db.prepare('DELETE FROM users WHERE id = ?').run('id'); // No return
// Named parameters
const stmt = db.prepare('SELECT * FROM users WHERE email = $email');
stmt.get({ $email: 'alice@example.com' });
// Transactions (atomic, auto-rollback on error)
const transfer = db.transaction((fromId: string, toId: string, amount: number) => {
db.run('UPDATE accounts SET balance = balance - ? WHERE id = ?', [amount, fromId]);
db.run('UPDATE accounts SET balance = balance + ? WHERE id = ?', [amount, toId]);
});
transfer('alice', 'bob', 100);
db.close(); // When done
See sqlite-patterns.md for migrations, pooling, repository pattern.
// Hash (argon2id recommended)
const hash = await Bun.password.hash('password123', {
algorithm: 'argon2id',
memoryCost: 65536, // 64 MB
timeCost: 3
});
// Or bcrypt
const bcryptHash = await Bun.password.hash('password123', {
algorithm: 'bcrypt',
cost: 12
});
// Verify
const isValid = await Bun.password.verify('password123', hash);
if (!isValid) throw new Error('Invalid password');
Auth flow example:
app.post('/auth/register', zValidator('json', RegisterSchema), async (c) => {
const { email, password } = c.req.valid('json');
const db = c.get('db');
if (db.prepare('SELECT id FROM users WHERE email = ?').get(email)) {
throw new HTTPException(409, { message: 'Email already registered' });
}
const hashedPassword = await Bun.password.hash(password, { algorithm: 'argon2id' });
const user = db.prepare(`
INSERT INTO users (id, email, password) VALUES (?, ?, ?) RETURNING id, email
`).get(crypto.randomUUID(), email, hashedPassword);
return c.json({ user }, 201);
});
<http_server>
Bun.serve({
port: 3000,
fetch(req) {
const url = new URL(req.url);
if (url.pathname === '/') return new Response('Hello');
if (url.pathname === '/json') return Response.json({ ok: true });
return new Response('Not found', { status: 404 });
},
error(err) {
return new Response(`Error: ${err.message}`, { status: 500 });
}
});
With Hono (recommended for APIs):
import { Hono } from 'hono';
const app = new Hono()
.get('/', (c) => c.text('Hello'))
.get('/json', (c) => c.json({ ok: true }));
Bun.serve({ port: 3000, fetch: app.fetch });
See server-patterns.md for routing, middleware, file serving, streaming.
</http_server>
import type { ServerWebSocket } from 'bun';
type WsData = { userId: string };
Bun.serve<WsData>({
port: 3000,
fetch(req, server) {
const url = new URL(req.url);
if (url.pathname === '/ws') {
const userId = url.searchParams.get('userId') || 'anon';
return server.upgrade(req, { data: { userId } }) ? undefined
: new Response('Upgrade failed', { status: 400 });
}
return new Response('Hello');
},
websocket: {
open(ws: ServerWebSocket<WsData>) {
ws.subscribe('chat');
ws.send(JSON.stringify({ type: 'connected' }));
},
message(ws: ServerWebSocket<WsData>, msg: string | Buffer) {
ws.publish('chat', msg);
},
close(ws: ServerWebSocket<WsData>) {
ws.unsubscribe('chat');
}
}
});
See server-patterns.md for client tracking, rooms, reconnection.
import { $ } from 'bun';
// Run commands
const result = await $`ls -la`;
console.log(result.text());
// Variables (auto-escaped)
const dir = './src';
await $`find ${dir} -name "*.ts"`;
// Check exit code
const { exitCode } = await $`npm test`.nothrow();
if (exitCode !== 0) console.error('Tests failed');
// Spawn process
const proc = Bun.spawn(['ls', '-la']);
await proc.exited;
// Capture output
const proc2 = Bun.spawn(['echo', 'Hello'], { stdout: 'pipe' });
const output = await new Response(proc2.stdout).text();
import { describe, test, expect, beforeEach, afterEach } from 'bun:test';
describe('feature', () => {
let db: Database;
beforeEach(() => { db = new Database(':memory:'); });
afterEach(() => { db.close(); });
test('behavior', () => {
expect(result).toBe(expected);
expect(arr).toContain(item);
expect(fn).toThrow();
expect(obj).toEqual({ foo: 'bar' });
});
test('async', async () => {
const result = await asyncFn();
expect(result).toBeDefined();
});
test.todo('pending feature');
test.skip('temporarily disabled');
});
bun test # All tests
bun test src/api.test.ts # Specific file
bun test --watch # Watch mode
bun test --coverage # With coverage
See testing.md for assertions, mocking, snapshots, best practices.
// Access
console.log(Bun.env.NODE_ENV);
console.log(Bun.env.DATABASE_URL);
// Zod validation
import { z } from 'zod';
const EnvSchema = z.object({
NODE_ENV: z.enum(['development', 'production', 'test']).default('development'),
DATABASE_URL: z.string(),
PORT: z.coerce.number().int().positive().default(3000),
API_KEY: z.string().min(32)
});
export const env = EnvSchema.parse(Bun.env);
Bun auto-loads .env, .env.local, .env.production.
// High-resolution timing
const start = Bun.nanoseconds();
await doWork();
console.log(`Took ${(Bun.nanoseconds() - start) / 1_000_000}ms`);
// Hashing
const hash = Bun.hash(data);
const crc32 = Bun.hash.crc32(data);
const sha256 = Bun.CryptoHasher.hash('sha256', data);
// Sleep
await Bun.sleep(1000);
// Memory
const { rss, heapUsed } = process.memoryUsage();
console.log('RSS:', rss / 1024 / 1024, 'MB');
# Production bundle
bun build ./index.ts --outfile dist/bundle.js --minify --sourcemap
# External deps
bun build ./index.ts --outfile dist/bundle.js --external hono --external zod
# Standalone executable
bun build ./index.ts --compile --outfile myapp
# Cross-compile
bun build ./index.ts --compile --target=bun-linux-x64 --outfile myapp-linux
bun build ./index.ts --compile --target=bun-darwin-arm64 --outfile myapp-macos
bun build ./index.ts --compile --target=bun-windows-x64 --outfile myapp.exe
ALWAYS:
NEVER:
PREFER:
Examples: