I’m fascinated by the recent discourse surrounding Bun. Bun is turning into a public case study which mirrors what some of us engineers are dealing with at work - leadership has some objective, they’re convinced AI tooling can help them get there faster and cheaper, and engineers are pressured to keep up.
Last December, Anthropic acquired Bun. The tool was developed by Oven, a company founded and led by Jarred Sumner. If you’re not familiar, Bun is an all-in-one JavaScript/TypeScript/JSX toolkit written in Zig with a heavy focus on performance and speed. It attempts to provide many of the capabilities which JavaScript’s messy ecosystem have struggled with - these includes webpacking and bundling, package management, DOM-compatible test running, and even the JavaScript runtime itself. The tool also chooses more sensible default behaviors, such as blocking execution of scripts for installed dependencies by default. This example makes Bun meaningfully safer than NPM* and would have decreased the blast radius of the Shai-Hulud attack (renewed in November 2025).
Personally, I feel Bun is a desperately needed solution to several problems in a fractured and dangerous JS ecosystem.
Anthropic and Bun have some history together. Claude Code is a TypeScript project which uses Bun for building and package management. We know this from Chaofan Shou’s discovery that the entire Claude Code source was bundled with the claude-code NPM package.
According to Anthropic:
Bun will remain open source and MIT-licensed, and we will continue to invest in making it the runtime, bundler, package manager, and test runner of choice for JavaScript and TypeScript developers.
This may bring to mind historical analogies such as Terraform, which underwent a license change from MPL to BUSL in August 2023 under HashiCorp and resulted in the community-led OpenTofu fork, or Elasticsearch, which was moved off an open-source license in January 2021 by Elastic (Elastic blamed competition from a closed-source fork maintained and sold by Amazon and AWS).
Another parallel is Berkeley DB, an embedded database released by Sleepycat Software in 1996. Berkeley DB was originally dual-licensed; the software was offered with both a standard commercial license and an open-source “GPL-ish” Sleepycat Public License. In 2006, Sleepycat was acquired by Oracle and the licensing structure for Berkeley DB was changed by Oracle in 2013. While the new dual-license model still included a copyleft open-source choice, it became more pragmatic for closed-source, commercial, and even some open-source projects to either buy Oracle’s commercial license or phase-out use of the tool in their projects. For example, Debian moved from Berkeley DB to LMDB.
If you were to build a project with Bun today, you can necessarily avoid vendor lock-in since the software is built to support modern tooling and standards for JavaScript and TypeScript based projects. Also, alternative tooling (e.g. Deno) provides some of the same breadth as Bun. Still - it’s not hard to imagine that Anthropic’s goals may be in direct conflict with Sumner’s roadmap for the software, and that this may result in a change in the licensing model.
Separately, there’s been a lot of activity within the Bun repository on GitHub. Here’s a summary of the timeline (for context, take a look at Zig’s anti-LLM policy first:
May 4, 2026 Sumner adds a Zig-to-Rust porting guide on a divergent branch. This Markdown guide is designed as a detailed system prompt for (most likely) Claude Code.
May 5, 2026 A HackerNews user picks up on this commit. The commit is pushed to the front page and Sumner responds:
I work on Bun and this is my branch
This whole thread is an overreaction. 302 comments about code that does not work. We haven’t committed to rewriting. There’s a very high chance all this code gets thrown out completely.
I’m curious to see what a working version of this looks, what it feels like, how it performs and if/how hard it’d be to get it to pass Bun’s test suite and be maintainable. I’d like to be able to compare a viable Rust version and a Zig version side by side.
May 5 - May 14, 2026 More than 6700 commits were pushed to the branch, mainly by Sumner.
May 14, 2026 The divergent branch was merged to main and introduced to the canary release of Bun.
There are a few different ways to interpret this. On one hand, Sumner’s point that Bun now has “compiler-assisted tools for catching & preventing memory bugs” is inarguable. Rust’s borrow checker can help to eliminate a whole class of memory management bugs inherent in languages like C++ and Zig. Using a tool like Claude Code to rewrite an entire project from Zig or C to Rust in less than two weeks would have been some engineers’ dream five years ago at the peak of “just rewrite it in Rust”.
On the other hand, it feels like some Rust rewriters have fallen prey to shiny object syndrome. In the context of Bun, there’s not necessarily a need for elimination of all memory bugs. If you have a mission- or life-critical application which cannot fail under a memory management bug, you’re not building it on top of Bun (you’re definitely not going anywhere near the JavaScript ecosystem). Surely Anthropic would get more value throwing Sumner and team at some more critical frontier problem?
But maybe therein lies the whole point. After all, why would Anthropic spend some 8- or 9-figure sum to acquire Bun? Perhaps Anthropic noticed industry getting more and more invested into using AI tooling to rewrite large swaths of their IP and needed a case study with Claude Code to boast with. Bun was the perfect target - Anthropic already had stake in Bun, a memory-safe rewrite was probably already on Sumner’s roadmap, and Sumner could act as the talented MTS to lead the rewrite with the help of a fleet of Claude agents.
One of the arguments I’ve seen against Bun’s rewrite is the code quality. Many of these arguments center around the use of unsafe blocks. Sumner built an AI-generated analysis of Bun’s use of unsafe in response to these criticisms. Make of that what you will.
I think some of the angst surrounding Bun’s rewrite is a reflection of our industry’s current anxieties surrounding AI and LLMs. Much of our industry has never seen a buyer-favored job market while more engineers are being forced into an ultimatum at their workplace: make use of AI tooling and get faster at writing software, or find a new place to code.
So what’s the takeaway from Bun specifically? I’m not entirely sure. Personally I’m going to keep a close eye on projects like Bun and rsync which are turning into playgrounds for AI tooling in a very public setting.