bun-types 1.2.21-canary.20250821T140634 → 1.2.21-canary.20250823T140535

package/docs/guides/test/run-tests.md

@@ -21,7 +21,7 @@ Here's what the output of a typical test run looks like. In this case, there are
 
 ```sh
 $ bun test
-bun test v1.2.21-canary.20250821T140634 (9c68abdb)
+bun test v1.2.21-canary.20250823T140535 (9c68abdb)
 
 test.test.js:
 ✓ add [0.87ms]
@@ -47,7 +47,7 @@ To only run certain test files, pass a positional argument to `bun test`. The ru
 
 ```sh
 $ bun test test3
-bun test v1.2.21-canary.20250821T140634 (9c68abdb)
+bun test v1.2.21-canary.20250823T140535 (9c68abdb)
 
 test3.test.js:
 ✓ add [1.40ms]
@@ -85,7 +85,7 @@ Adding `-t add` will only run tests with "add" in the name. This works with test
 
 ```sh
 $ bun test -t add
-bun test v1.2.21-canary.20250821T140634 (9c68abdb)
+bun test v1.2.21-canary.20250823T140535 (9c68abdb)
 
 test.test.js:
 ✓ add [1.79ms]

package/docs/guides/test/snapshot.md

@@ -18,7 +18,7 @@ The first time this test is executed, Bun will evaluate the value passed into `e
 
 ```sh
 $ bun test test/snap
-bun test v1.2.21-canary.20250821T140634 (9c68abdb)
+bun test v1.2.21-canary.20250823T140535 (9c68abdb)
 
 test/snap.test.ts:
 ✓ snapshot [1.48ms]
@@ -61,7 +61,7 @@ Later, when this test file is executed again, Bun will read the snapshot file an
 
 ```sh
 $ bun test
-bun test v1.2.21-canary.20250821T140634 (9c68abdb)
+bun test v1.2.21-canary.20250823T140535 (9c68abdb)
 
 test/snap.test.ts:
 ✓ snapshot [1.05ms]
@@ -78,7 +78,7 @@ To update snapshots, use the `--update-snapshots` flag.
 
 ```sh
 $ bun test --update-snapshots
-bun test v1.2.21-canary.20250821T140634 (9c68abdb)
+bun test v1.2.21-canary.20250823T140535 (9c68abdb)
 
 test/snap.test.ts:
 ✓ snapshot [0.86ms]

package/docs/guides/test/update-snapshots.md

@@ -29,7 +29,7 @@ To regenerate snapshots, use the `--update-snapshots` flag.
 
 ```sh
 $ bun test --update-snapshots
-bun test v1.2.21-canary.20250821T140634 (9c68abdb)
+bun test v1.2.21-canary.20250823T140535 (9c68abdb)
 
 test/snap.test.ts:
 ✓ snapshot [0.86ms]

package/docs/guides/util/version.md

@@ -5,7 +5,7 @@ name: Get the current Bun version
 Get the current version of Bun in a semver format.
 
 ```ts#index.ts
-Bun.version; // => "1.2.21-canary.20250821T140634"
+Bun.version; // => "1.2.21-canary.20250823T140535"
 ```
 
 ---

package/docs/install/security-scanner-api.md

@@ -0,0 +1,81 @@
+Bun's package manager can scan packages for security vulnerabilities before installation, helping protect your applications from supply chain attacks and known vulnerabilities.
+
+## Quick Start
+
+Configure a security scanner in your `bunfig.toml`:
+
+```toml
+[install.security]
+scanner = "@acme/bun-security-scanner"
+```
+
+When configured, Bun will:
+
+- Scan all packages before installation
+- Display security warnings and advisories
+- Cancel installation if critical vulnerabilities are found
+- Automatically disable auto-install for security
+
+## How It Works
+
+Security scanners analyze packages during `bun install`, `bun add`, and other package operations. They can detect:
+
+- Known security vulnerabilities (CVEs)
+- Malicious packages
+- License compliance issues
+- ...and more!
+
+### Security Levels
+
+Scanners report issues at two severity levels:
+
+- **`fatal`** - Installation stops immediately, exits with non-zero code
+- **`warn`** - In interactive terminals, prompts to continue; in CI, exits immediately
+
+## Using Pre-built Scanners
+
+Many security companies publish Bun security scanners as npm packages that you can install and use immediately.
+
+### Installing a Scanner
+
+Install a security scanner from npm:
+
+```bash
+$ bun add -d @acme/bun-security-scanner
+```
+
+> **Note:** Consult your security scanner's documentation for their specific package name and installation instructions. Most scanners will be installed with `bun add`.
+
+### Configuring the Scanner
+
+After installation, configure it in your `bunfig.toml`:
+
+```toml
+[install.security]
+scanner = "@acme/bun-security-scanner"
+```
+
+### Enterprise Configuration
+
+Some enterprise scanners might support authentication and/or configuration through environment variables:
+
+```bash
+# This might go in ~/.bashrc, for example
+export SECURITY_API_KEY="your-api-key"
+
+# The scanner will now use these credentials automatically
+bun install
+```
+
+Consult your security scanner's documentation to learn which environment variables to set and if any additional configuration is required.
+
+### Authoring your own scanner
+
+For a complete example with tests and CI setup, see the official template:
+[github.com/oven-sh/security-scanner-template](https://github.com/oven-sh/security-scanner-template)
+
+## Related
+
+- [Configuration (bunfig.toml)](/docs/runtime/bunfig#installsecurityscanner)
+- [Package Manager](/docs/install)
+- [Security Scanner Template](https://github.com/oven-sh/security-scanner-template)

package/docs/installation.md

@@ -14,7 +14,7 @@ Kernel version 5.6 or higher is strongly recommended, but the minimum is 5.1. Us
 ```bash#macOS/Linux_(curl)
 $ curl -fsSL https://bun.com/install | bash # for macOS, Linux, and WSL
 # to install a specific version
-$ curl -fsSL https://bun.com/install | bash -s "bun-v1.2.21-canary.20250821T140634"
+$ curl -fsSL https://bun.com/install | bash -s "bun-v1.2.21-canary.20250823T140535"
 ```
 
 ```bash#npm
@@ -189,10 +189,10 @@ Since Bun is a single binary, you can install older versions of Bun by re-runnin
 
 ### Installing a specific version of Bun on Linux/Mac
 
-To install a specific version of Bun, you can pass the git tag of the version you want to install to the install script, such as `bun-v1.2.0` or `bun-v1.2.21-canary.20250821T140634`.
+To install a specific version of Bun, you can pass the git tag of the version you want to install to the install script, such as `bun-v1.2.0` or `bun-v1.2.21-canary.20250823T140535`.
 
 ```sh
-$ curl -fsSL https://bun.com/install | bash -s "bun-v1.2.21-canary.20250821T140634"
+$ curl -fsSL https://bun.com/install | bash -s "bun-v1.2.21-canary.20250823T140535"
 ```
 
 ### Installing a specific version of Bun on Windows
@@ -201,7 +201,7 @@ On Windows, you can install a specific version of Bun by passing the version num
 
 ```sh
 # PowerShell:
-$ iex "& {$(irm https://bun.com/install.ps1)} -Version 1.2.21-canary.20250821T140634"
+$ iex "& {$(irm https://bun.com/install.ps1)} -Version 1.2.21-canary.20250823T140535"
 ```
 
 ## Downloading Bun binaries directly

package/docs/runtime/bun-apis.md

@@ -200,7 +200,7 @@ Click the link in the right column to jump to the associated documentation.
 ---
 
 - Low-level / Internals
-- `Bun.mmap`, `Bun.gc`, `Bun.generateHeapSnapshot`, [`bun:jsc`](https://bun.com/docs/api/bun-jsc)
+- `Bun.mmap`, `Bun.gc`, `Bun.generateHeapSnapshot`, [`bun:jsc`](https://bun.com/reference/bun/jsc)
 
 ---
 

package/docs/runtime/bunfig.md

@@ -496,6 +496,32 @@ Whether to generate a non-Bun lockfile alongside `bun.lock`. (A `bun.lock` will
 print = "yarn"
 ```
 
+### `install.security.scanner`
+
+Configure a security scanner to scan packages for vulnerabilities before installation.
+
+First, install a security scanner from npm:
+
+```bash
+$ bun add -d @acme/bun-security-scanner
+```
+
+Then configure it in your `bunfig.toml`:
+
+```toml
+[install.security]
+scanner = "@acme/bun-security-scanner"
+```
+
+When a security scanner is configured:
+
+- Auto-install is automatically disabled for security
+- Packages are scanned before installation
+- Installation is cancelled if fatal issues are found
+- Security warnings are displayed during installation
+
+Learn more about [using and writing security scanners](/docs/install/security).
+
 ### `install.linker`
 
 Configure the default linker strategy. Default `"hoisted"`.

package/docs/runtime/debugger.md

@@ -124,11 +124,11 @@ await fetch("https://example.com", {
 This prints the `fetch` request as a single-line `curl` command to let you copy-paste into your terminal to replicate the request.
 
 ```sh
-[fetch] $ curl --http1.1 "https://example.com/" -X POST -H "content-type: application/json" -H "Connection: keep-alive" -H "User-Agent: Bun/1.2.21-canary.20250821T140634" -H "Accept: */*" -H "Host: example.com" -H "Accept-Encoding: gzip, deflate, br" --compressed -H "Content-Length: 13" --data-raw "{\"foo\":\"bar\"}"
+[fetch] $ curl --http1.1 "https://example.com/" -X POST -H "content-type: application/json" -H "Connection: keep-alive" -H "User-Agent: Bun/1.2.21-canary.20250823T140535" -H "Accept: */*" -H "Host: example.com" -H "Accept-Encoding: gzip, deflate, br" --compressed -H "Content-Length: 13" --data-raw "{\"foo\":\"bar\"}"
 [fetch] > HTTP/1.1 POST https://example.com/
 [fetch] > content-type: application/json
 [fetch] > Connection: keep-alive
-[fetch] > User-Agent: Bun/1.2.21-canary.20250821T140634
+[fetch] > User-Agent: Bun/1.2.21-canary.20250823T140535
 [fetch] > Accept: */*
 [fetch] > Host: example.com
 [fetch] > Accept-Encoding: gzip, deflate, br
@@ -170,7 +170,7 @@ This prints the following to the console:
 [fetch] > HTTP/1.1 POST https://example.com/
 [fetch] > content-type: application/json
 [fetch] > Connection: keep-alive
-[fetch] > User-Agent: Bun/1.2.21-canary.20250821T140634
+[fetch] > User-Agent: Bun/1.2.21-canary.20250823T140535
 [fetch] > Accept: */*
 [fetch] > Host: example.com
 [fetch] > Accept-Encoding: gzip, deflate, br

package/docs/test/dom.md

@@ -55,7 +55,7 @@ Let's run this test with `bun test`:
 
 ```bash
 $ bun test
-bun test v1.2.21-canary.20250821T140634
+bun test v1.2.21-canary.20250823T140535
 
 dom.test.ts:
 ✓ dom test [0.82ms]

package/extensions.d.ts

@@ -8,6 +8,16 @@ declare module "*.toml" {
   export = contents;
 }
 
+declare module "*.yaml" {
+  var contents: any;
+  export = contents;
+}
+
+declare module "*.yml" {
+  var contents: any;
+  export = contents;
+}
+
 declare module "*.jsonc" {
   var contents: any;
   export = contents;

package/index.d.ts

@@ -22,6 +22,7 @@
 /// <reference path="./shell.d.ts" />
 /// <reference path="./experimental.d.ts" />
 /// <reference path="./sql.d.ts" />
+/// <reference path="./security.d.ts" />
 
 /// <reference path="./bun.ns.d.ts" />
 

package/package.json

@@ -1,5 +1,5 @@
 {
-  "version": "1.2.21-canary.20250821T140634",
+  "version": "1.2.21-canary.20250823T140535",
   "name": "bun-types",
   "license": "MIT",
   "types": "./index.d.ts",

package/security.d.ts

@@ -0,0 +1,101 @@
+declare module "bun" {
+  /**
+   * `bun install` security related declarations
+   */
+  export namespace Security {
+    export interface Package {
+      /**
+       * The name of the package
+       */
+      name: string;
+
+      /**
+       * The resolved version to be installed that matches the requested range.
+       *
+       * This is the exact version string, **not** a range.
+       */
+      version: string;
+
+      /**
+       * The URL of the tgz of this package that Bun will download
+       */
+      tarball: string;
+
+      /**
+       * The range that was requested by the command
+       *
+       * This could be a tag like `beta` or a semver range like `>=4.0.0`
+       */
+      requestedRange: string;
+    }
+
+    /**
+     * Advisory represents the result of a security scan result of a package
+     */
+    export interface Advisory {
+      /**
+       * Level represents the degree of danger for a security advisory
+       *
+       * Bun behaves differently depending on the values returned from the
+       * {@link Scanner.scan `scan()`} hook:
+       *
+       * > In any case, Bun *always* pretty prints *all* the advisories,
+       * > but...
+       * >
+       * > → if any **fatal**, Bun will immediately cancel the installation
+       * > and quit with a non-zero exit code
+       * >
+       * > → else if any **warn**, Bun will either ask the user if they'd like
+       * > to continue with the install if in a TTY environment, or
+       * > immediately exit if not.
+       */
+      level: "fatal" | "warn";
+
+      /**
+       * The name of the package attempting to be installed.
+       */
+      package: string;
+
+      /**
+       * If available, this is a url linking to a CVE or report online so
+       * users can learn more about the advisory.
+       */
+      url: string | null;
+
+      /**
+       * If available, this is a brief description of the advisory that Bun
+       * will print to the user.
+       */
+      description: string | null;
+    }
+
+    export interface Scanner {
+      /**
+       * This is the version of the scanner implementation. It may change in
+       * future versions, so we will use this version to discriminate between
+       * such versions. It's entirely possible this API changes in the future
+       * so much that version 1 would no longer be supported.
+       *
+       * The version is required because third-party scanner package versions
+       * are inherently unrelated to Bun versions
+       */
+      version: "1";
+
+      /**
+       * Perform an advisory check when a user ran `bun add <package>
+       * [...packages]` or other related/similar commands.
+       *
+       * If this function throws an error, Bun will immediately stop the
+       * install process and print the error to the user.
+       *
+       * @param info An object containing an array of packages to be added.
+       * The package array will contain all proposed dependencies, including
+       * transitive ones. More simply, that means it will include dependencies
+       * of the packages the user wants to add.
+       *
+       * @returns A list of advisories.
+       */
+      scan: (info: { packages: Package[] }) => Promise<Advisory[]>;
+    }
+  }
+}

package/sql.d.ts

@@ -82,6 +82,13 @@ declare module "bun" {
       );
     }
 
+    class MySQLError extends SQLError {
+      public readonly code: string;
+      public readonly errno: number | undefined;
+      public readonly sqlState: string | undefined;
+      constructor(message: string, options: { code: string; errno: number | undefined; sqlState: string | undefined });
+    }
+
     class SQLiteError extends SQLError {
       public readonly code: string;
       public readonly errno: number;
@@ -128,7 +135,7 @@ declare module "bun" {
       onclose?: ((err: Error | null) => void) | undefined;
     }
 
-    interface PostgresOptions {
+    interface PostgresOrMySQLOptions {
       /**
        * Connection URL (can be string or URL object)
        */
@@ -196,7 +203,7 @@ declare module "bun" {
        * Database adapter/driver to use
        * @default "postgres"
        */
-      adapter?: "postgres";
+      adapter?: "postgres" | "mysql" | "mariadb";
 
       /**
        * Maximum time in seconds to wait for connection to become available
@@ -265,14 +272,11 @@ declare module "bun" {
        */
       ssl?: TLSOptions | boolean | undefined;
 
-      // `.path` is currently unsupported in Bun, the implementation is
-      // incomplete.
-      //
-      // /**
-      //  * Unix domain socket path for connection
-      //  * @default ""
-      //    */
-      // path?: string | undefined;
+      /**
+       * Unix domain socket path for connection
+       * @default undefined
+       */
+      path?: string | undefined;
 
       /**
        * Callback executed when a connection attempt completes
@@ -332,7 +336,7 @@ declare module "bun" {
      * };
      * ```
      */
-    type Options = SQLiteOptions | PostgresOptions;
+    type Options = SQLiteOptions | PostgresOrMySQLOptions;
 
     /**
      * Represents a SQL query that can be executed, with additional control