My only hope is that Jarred gets some rest for a bit. According to his Twitter he's been pulling 80 hour weeks and while that does lead to impressive work, it's not great from a human perspective. Hope he can rest up and keep this going for the long haul!
The time it worked, I worked 10-4pm (heads down) in the ideation phase, ate well, slept well, got two hours of exercise daily, and had an interesting social life. Once the startup took on a life of its own, the personal life started to suffer and I got up to 80+hrs for a month or two before settling into ~60.
The two times it didn't work, I embraced the 60hr/week grind and was a bit more isolated, perhaps drank a bit more to unwind, and my focus deeply suffered.
I really love the solo thing, but in the early days, be creative and happy. The grind will find you. Market fit means more work. No doubt Jarred will find building a company and Bun at the same time even more challenging that just building Bun.
It's honestly got me thinking about doing the same thing for my Big Project that I've been squeezing into nights and weekends for the past year and a half
Sounding twitchy and strung out and high strung and histrionic? A filter for sure, but not for the things he thinks he wants.
This is how you get broken, desperate, unhealthy people, and that is reflected permanently in culture, and almost always in product, with poor prognosis for success.
Seriously the guy needs to chill the f--- out.
Node.js, despite being based on V8, is still susceptible independently of V8 and introduces its own vulnerabilities. It's not sufficient for the runtime to be secure, but the new facilities Bun provides must also be vetted.
Bun/Oven are new, and similar in position to Node. Here are the hard questions I'd ask if I were on a security team and asked to review adopting Bun:
1. Will Oven adopt a security policy for Bun? (https://github.com/oven-sh/bun/security)
2. What measures is Oven taking to proactively detect and mitigate vulnerabilities? (e.g.: fuzzing, audits, bug bounties)
3. Will Oven support Zig development to avoid an existential risk in upstream vulnerabilities?
Yes.
> 2. What measures is Oven taking to proactively detect and mitigate vulnerabilities? (e.g.: fuzzing, audits, bug bounties)
Fuzzing will begin soon. Regular security audits will happen around the 1.0 release. Bug bounty seems like a good idea, but it's too early today to know when this will start.
> 3. Will Oven support Zig development to avoid an existential risk in upstream vulnerabilities?
Yes. Oven will donate to Zig Software Foundation.
More broadly - I think about all of this a lot, but until now Bun has been mostly the work of just me. Bun is still very early - there's a lot that's just not implemented yet.
I look forward to seeing what you can make of it with Oven.
As you say, there's still plenty of room for vulnerabilities in the parts it does implement, and Zig isn't strictly memory-safe. However, Zig has lots of modern features like optional-types that help quite a bit with avoiding memory errors: https://www.scattered-thoughts.net/writing/how-safe-is-zig/
Which is to say your question is definitely valid, but there are also reasons to think this isn't as huge a concern as it might seem
Does this mean you could potentially run some Node code on iOS?
We're huge fans of bun at Fuzzbuzz (waiting for it to get a bit more production-ready). If Jarred's interested, we'd be happy to donate some compute to support fuzzing Bun.
<hn username> @ fuzzbuzz.io
Maybe this will be the company that proves it :)
Will Bun JavaScript Take Node's Crown - https://news.ycombinator.com/item?id=32457587 - Aug 2022 (321 comments)
Bun: A Complete Overhaul of the JavaScript Ecosystem - https://news.ycombinator.com/item?id=32243534 - July 2022 (25 comments)
Bun gets “bun:FFI” – call native libraries from JavaScript - https://news.ycombinator.com/item?id=32120090 - July 2022 (16 comments)
Bun (can become) the ideal JavaScript runtime - https://news.ycombinator.com/item?id=32067268 - July 2022 (14 comments)
Bun: Fast JavaScript runtime, transpiler, and NPM client written in Zig - https://news.ycombinator.com/item?id=31993429 - July 2022 (314 comments)
Bun – fast JavaScript and CSS bundler - https://news.ycombinator.com/item?id=29179848 - Nov 2021 (36 comments)
Kind of related:
Hop: Faster than unzip and tar at reading individual files - https://news.ycombinator.com/item?id=29178710 - Nov 2021 (128 comments)
What doesn’t get mentioned enough is just how friggin ergonomic bun is. Install it and you’ll see what I mean immediately. Play with any API in the “bun:” namespace and it’s just a breath of fresh air.
I know it uses the WebKit JS runtime instead of V8, which is super interesting. Does that cause a performance lift? Or is there some other secret sauce that pervades throughout Bun? Or is it just a matter of Jarred giving lots of attention to spot-optimizing the most important bottlenecks outside of the core runtime?
Just lots of time spent profiling and trying things
On the runtime side, JavaScriptCore/WebKit's team are extremely receptive to feedback, especially performance-related. Today, @Constellation made `Promise.all` about 30% faster https://github.com/WebKit/WebKit/pull/3569
Minification will likely make it faster because there will be less code to print (see https://twitter.com/evanwallace/status/1396304029840396290). Many of the syntax compression and small optimizations like ("foo" + " " + "bar") becoming "foo bar" are implemented already, but not the whitespace removal
It might have an impact on bundling performance overall because that will involve an extra pass to more correctly handle `export * as from`, which isn't as important when used with the runtime (since that can happen at runtime)
Can you explain why you think a transpilation step will prove to be a technical challenge here? The "bundler" part of Bun seems like a very small piece, and not something that would impact its performance as a runtime too greatly.
I’ve had it proven true only two times so far. First time was with esbuild.
It’s consistently in the top 5 fastest web framework (beating out Rust, etc).
Just-JS is already faster than Bun.
Additionally, JSCore appears to be a significant reason why Bun is faster than NodeJS (V8). Just-JS is investigating switching to JSCore as well - which will only extend its lead.
https://github.com/just-js/just
https://www.techempower.com/benchmarks/#section=data-r21
The benchmarks seem to focus exclusively on startup time, which is certainly important but not the only important thing. (And unless I misread those tweets it’s only a tiny bit ahead of bun.)
More competition is good and helps keep everyone honest, of course, but it looks like extremely early days for this project.
I’m thinking of building a zero-dependency toolkit on top of it. I rewrote Tailwind this weekend with that in mind, and my 4-second Tailwind build (on a 90k line project) now takes 200ms. That’s mostly due to how I architected my Tailwind library; not Bun, but Bun is fast where it’s been optimized.
I love the idea of a zero (or very low) dependency, modern toolkit. I’m rooting for Bun.
For web applications, Linux is usually the eventual development target, and running Linux development environments on Windows and MacOS is a solved problem. So no, not really going to be much of a problem.
Looked to me that Oven was registered shortly after Bun exploded in popularity.
I very much admire that he seems to be trying to get things right in light of lessons learned, but history would imply that backwards compatibility tends to trump better technology on average.
https://bun.sh/. "Bun is a fast all-in-one JavaScript runtime. Bundle, transpile, install and run JavaScript & TypeScript projects — all in Bun. Bun is a new JavaScript runtime with a native bundler, transpiler, task runner and npm client built-in."
Wow! That is an ambitious timeline. Also ambitious is this:
> The plan is to run our own servers on the edge in datacenters around the world. Oven will leverage end-to-end integration of the entire JavaScript stack (down to the hardware) to make new things possible.
That’s a lot of work in a crowded space. Maybe they’re aiming for an acquisition or something?
Anyway, I wish them luck. Bun probably tops the list of projects I’m excited about at the moment.
Is there any status tracker to see what is supported and what is not, or in other words how do I know if bun supports a particular framework or a library?
keg - Program binaries created from source
bottle - Program binaries downloaded
cellar - Directory where kegs / binaries are stored
tap - git repository
cask - macos native binary (not used in Linux)> Oven will leverage end-to-end integration of the entire JavaScript stack (down to the hardware) to make new things possible.
"Oven will provide incredibly fast serverless hosting & continuous integration for backend & frontend JavaScript apps"
Isn't trying to dethrone node.js (by making Bun better and more popular) something worth pursuing on its own, or there is no money in that?
Today’s JavaScript works because it has gradually evolved from the primordial JS which (just about) worked; at each stage in the chain it’s seen real-world usage as an in-browser language.
The alternative would be to build something better from scratch -- but that never works, says Gall’s law -- or to take some other battle-hardened language (C? Java? Python?) -- but trying to adapt those to work well in the browser would hit just as many technical and political barriers as JS did in becoming a decent general-purpose language.