Quick Start
Configure a security scanner in yourbunfig.toml:
bunfig.toml
- Scan all packages before installation
- Display security warnings and advisories
- Cancel installation if critical vulnerabilities are found
- Automatically disable auto-install for security
How It Works
Security scanners analyze packages duringbun install, bun add, and other package operations. They can detect:
- Known security vulnerabilities (CVEs)
- Malicious packages
- License compliance issues
- …and more!
Security Levels
Scanners report issues at two severity levels:fatal- Installation stops immediately, exits with non-zero codewarn- In interactive terminals, prompts to continue; in CI, exits immediately
Using Pre-built Scanners
Many security companies publish Bun security scanners as npm packages that you can install and use immediately.Installing a Scanner
Install a security scanner from npm:terminal
@oven/bun-security-scanner is an example package name, not a real package. Replace it with the scanner you want to
use, and consult that scanner’s documentation for the exact package name and installation instructions. Most scanners
are installed with bun add.Configuring the Scanner
After installation, configure it in yourbunfig.toml:
bunfig.toml
Enterprise Configuration
Some enterprise scanners might support authentication and/or configuration through environment variables:terminal