Git Product home page Git Product logo

Comments (1)

wagoodman avatar wagoodman commented on May 25, 2024

This looks fun! Leaving behind some information for anyone that might be interested in working on this.

lockfile

The bun lockfile is a binary format:

# $ xxd bun.lockb | head
00000000: 2321 2f75 7372 2f62 696e 2f65 6e76 2062  #!/usr/bin/env b
00000010: 756e 0a62 756e 2d6c 6f63 6b66 696c 652d  un.bun-lockfile-
00000020: 666f 726d 6174 2d76 300a 0200 0000 c8ca  format-v0.......
00000030: bf6e 1c9b 607b da75 2feb c98e 4d95 098f  .n..`{.u/...M...
00000040: 498f 7478 0e53 a7ff cf9e f4b8 dd87 e085  I.tx.S..........
00000050: 0000 0000 0000 5900 0000 0000 0000 0800  ......Y.........
00000060: 0000 0000 0000 0800 0000 0000 0000 8000  ................
00000070: 0000 0000 0000 7558 0000 0000 0000 0000  ......uX........
00000080: 6275 6e2d 6578 0000 7a6f 6400 0000 0000  bun-ex..zod.....
00000090: 7669 7465 0000 0000 6673 6576 656e 7473  vite....fsevents

The code that parses this in zig can be found here. From the docs:

It uses linear arrays for all data. Packages are referenced by an auto-incrementing integer ID or a hash of the package name. Strings longer than 8 characters are de-duplicated. Prior to saving on disk, the lockfile is garbage-collected & made deterministic by walking the package tree and cloning the packages in dependency order.

executable

I'm not seeing any evidence of unencoded packaging information yet in a simple test:

$ cat package.json
   1 {
   2   "name": "alexgoodman",
   3   "version": "1.23.445",
   4   "module": "index.ts",
   5   "type": "module",
   6   "devDependencies": {
   7     "@types/bun": "latest"
   8   },
   9   "peerDependencies": {
  10     "typescript": "^5.0.0"
  11   },
  12   "dependencies": {
  13     "cowsay": "^1.6.0",
  14     "vite": "^5.2.10",
  15     "zod": "^3.23.5"
  16   }
  17 }

$ bun build ./index.ts --compile --outfile myapp
  [31ms]  bundle  1 modules
 [226ms] compile  myapp

$ strings myapp| grep '1\.23\.445'
$ strings myapp| grep 'alexgoodman'

from syft.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.