bun add
Add packages to your project with Bun's fast package manager
To add a particular package:
$ bun add preactTo specify a version, version range, or tag:
$ bun add zod@3.20.0
$ bun add zod@^3.0.0
$ bun add zod@latest--dev
--development, -d, -DTo add a package as a dev dependency ("devDependencies"):
$ bun add --dev @types/react
$ bun add -d @types/react--optional
To add a package as an optional dependency ("optionalDependencies"):
$ bun add --optional lodash--peer
To add a package as a peer dependency ("peerDependencies"):
$ bun add --peer @types/bun--exact
-ETo add a package and pin to the resolved version, use --exact. This will resolve the version of the package and add it to your package.json with an exact version number instead of a version range.
$ bun add react --exact
$ bun add react -EThis will add the following to your package.json:
{
"dependencies": {
// without --exact
"react": "^18.2.0", // this matches >= 18.2.0 < 19.0.0
// with --exact
"react": "18.2.0" // this matches only 18.2.0 exactly
}
}To view a complete list of options for this command:
$ bun add --help--global
Note — This would not modify package.json of your current project folder. Alias - bun add --global, bun add -g, bun install --global and bun install -g
To install a package globally, use the -g/--global flag. This will not modify the package.json of your current project. Typically this is used for installing command-line tools.
$ bun add --global cowsay # or `bun add -g cowsay`
$ cowsay "Bun!"
______
< Bun! >
------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||Trusted dependencies
Unlike other npm clients, Bun does not execute arbitrary lifecycle scripts for installed dependencies, such as postinstall. These scripts represent a potential security risk, as they can execute arbitrary code on your machine.
To tell Bun to allow lifecycle scripts for a particular package, add the package to trustedDependencies in your package.json.
{
"name": "my-app",
"version": "1.0.0",
"trustedDependencies": ["my-trusted-package"]
}Bun reads this field and will run lifecycle scripts for my-trusted-package.
Git dependencies
To add a dependency from a public or private git repository:
$ bun add git@github.com:moment/moment.gitTo install private repositories, your system needs the appropriate SSH credentials to access the repository.
Bun supports a variety of protocols, including github, git, git+ssh, git+https, and many more.
{
"dependencies": {
"dayjs": "git+https://github.com/iamkun/dayjs.git",
"lodash": "git+ssh://github.com/lodash/lodash.git#4.17.21",
"moment": "git@github.com:moment/moment.git",
"zod": "github:colinhacks/zod"
}
}Tarball dependencies
A package name can correspond to a publicly hosted .tgz file. During installation, Bun will download and install the package from the specified tarball URL, rather than from the package registry.
$ bun add zod@https://registry.npmjs.org/zod/-/zod-3.21.4.tgzThis will add the following line to your package.json:
{
"dependencies": {
"zod": "https://registry.npmjs.org/zod/-/zod-3.21.4.tgz"
}
}CLI Usage
$ bun add <package> <@version>Dependency Management
Don't install devDependencies. Alias: -p
Exclude dev, optional, or peer dependencies from install
Install globally. Alias: -g
Add dependency to devDependencies. Alias: -d
Add dependency to optionalDependencies
Add dependency to peerDependencies
Add the exact version instead of the ^ range. Alias: -E
Only add dependencies to package.json if they are not already present
Project Files & Lockfiles
Write a yarn.lock file (yarn v1). Alias: -y
Don't update package.json or save a lockfile
Save to package.json (true by default)
Disallow changes to lockfile
Add to trustedDependencies in the project's package.json and install the
package(s)
Save a text-based lockfile
Generate a lockfile without installing dependencies
Installation Control
Don't install anything
Always request the latest versions from the registry & reinstall all dependencies. Alias:
-f
Skip verifying integrity of newly downloaded packages
Skip lifecycle scripts in the project's package.json (dependency scripts are never
run)
Recursively analyze & install dependencies of files passed as arguments (using Bun's bundler).
Alias: -a
Network & Registry
Provide a Certificate Authority signing certificate
Same as --ca, but as a file path to the certificate
Use a specific registry by default, overriding .npmrc, bunfig.toml, and
environment variables
Maximum number of concurrent network requests (default 48)
Performance & Resource
Platform-specific optimizations for installing dependencies. Possible values:
clonefile (default), hardlink, symlink,
copyfile
Maximum number of concurrent jobs for lifecycle scripts (default 5)
Caching
Store & load cached data from a specific directory path
Ignore manifest cache entirely
Output & Logging
Don't log anything
Excessively verbose logging
Disable the progress bar
Don't print a summary
Global Configuration & Context
Specify path to config file (bunfig.toml). Alias: -c
Set a specific current working directory
Help
Print this help menu. Alias: -h