All posts

Bun rewrites its runtime in Rust after Anthropic acquisition

Huma ShaziaJuly 11, 2026 at 2:47 AM5 min read

Key Takeaways

  • Bun is migrating from Zig to Rust to eliminate memory safety bugs that plague its JavaScript runtime
  • Anthropic acquired Bun in December 2025; the rewrite uses Claude Fable 5, an unreleased Anthropic model
  • Bun now has 22 million monthly CLI downloads and powers tools like Claude Code and OpenCode

Bun, the JavaScript runtime that positioned itself as a faster alternative to Node.js, is abandoning Zig for Rust. Creator Jarred Sumner announced the rewrite on Bun's official blog, citing a persistent stream of memory safety bugs that the team can no longer fix one-off. The decision comes months after Anthropic acquired Bun in December 2025.

The shift marks a rare large-scale language migration for a project with 22 million monthly CLI downloads. Sumner disclosed that he used a pre-release version of Claude Fable 5, an unreleased Anthropic model, to assist with the Rust rewrite. Both he and other Bun team members now work at Anthropic.

Advertisement

Why Zig worked until it didn't

Sumner wrote his first line of Zig on April 16, 2021. He chose the language after spotting its single-page Language Reference on Hacker News and getting excited about its low-level control. The bet paid off: in one year, working alone in a cramped Oakland apartment before LLMs existed, he built a JavaScript transpiler, bundler, package manager, test runner, and partial Node.js API implementation.

"Zig made Bun possible," Sumner wrote. "I would never have been able to build this much in 1 year if it wasn't for Zig." The runtime's scope was massive from day one: JavaScript, TypeScript, and CSS transpiling, npm compatibility, Jest-like testing, HTTP/1.1 and WebSocket clients, plus dozens of Node.js modules like fs, net, and tls.

That scope became the problem. Bun's v1.3.14 release notes read like a memory safety horror show. The team fixed heap-use-after-free crashes in node:zlib when calling .reset() during async writes. They patched use-after-free crashes in node:http2 triggered by re-entrant JavaScript callbacks that caused hashmap rehashes. Buffer#copy and Buffer#fill had out-of-bounds reads when valueOf callbacks detached ArrayBuffers during argument coercion.

The garbage collection problem

Bun's architecture creates an unusual challenge: mixing garbage-collected JavaScript with manually-managed memory. JavaScriptCore, the engine Bun uses, has strict rules around exception handling and garbage collection. Zig, like C, doesn't manage memory automatically. It lacks constructors and destructors; cleanup requires explicit defer statements at each call site.

Sumner doesn't blame Zig. "Other users of Zig don't have the bugs we had," he wrote. The issue is that mixing GC with manual memory management is uncommon enough that no language designs for it. Rust's ownership model and borrow checker offer compile-time guarantees that catch the exact class of bugs filling Bun's changelog.

The Bun team wasn't slacking on safety measures. They patched the Zig compiler to add Address Sanitizer support. They run ASAN on every commit. Windows builds ship with Zig's safety-checked ReleaseSafe mode. They fuzz the runtime 24/7 using Fuzzilli, the same JavaScript engine fuzzer used by V8 and JavaScriptCore. They have extensive end-to-end memory leak tests.

It wasn't enough. "Our bugfix list felt bad and I was tired of going to sleep worrying about crashes in Bun," Sumner admitted.

Advertisement

What the Anthropic acquisition changes

Language rewrites were historically one-way decisions for projects of Bun's scale. The Anthropic acquisition changed the calculus. Sumner now has access to Claude Fable 5, an unreleased model that apparently makes large-scale code migration feasible. The blog post doesn't detail Fable 5's capabilities, but using an AI coding assistant to rewrite a 200,000+ line codebase suggests meaningful advances in code translation.

The acquisition also explains why an AI company would own a JavaScript runtime. Bun powers Claude Code, Anthropic's AI coding tool, and OpenCode. Vercel, Railway, and DigitalOcean all have first-party Bun support. For Anthropic, owning the runtime that runs their flagship developer product means controlling the entire stack.

ℹ️

Disclosure

Some links in this post are affiliate links — Logicity earns a commission if you sign up, at no extra cost to you. We only link products we have used or actively recommend.

Should you migrate to Bun now?

The rewrite raises questions for teams considering Bun adoption. A runtime mid-migration between languages carries risk. Existing Zig code will coexist with new Rust code during the transition, creating potential integration bugs. The blog post doesn't provide a timeline for completion.

On the other hand, Rust's memory safety guarantees address the exact bugs that made Bun unstable. The rewrite is a response to production problems, not a chase for novelty. And Anthropic's resources make completing the migration more likely than if Bun remained an independent startup.

For startups already on Bun, the announcement validates the choice of runtime, if not the timing. For those evaluating runtimes now, Node.js remains the conservative option while Deno offers a Rust-based alternative that's further along. Bun's Rust rewrite, once complete, would combine Bun's speed advantages with Rust's safety guarantees.

ℹ️

Logicity's Take

This rewrite signals something larger than a technical decision. Anthropic didn't buy Bun just to run Claude Code faster. They bought control over developer infrastructure at a moment when AI coding tools are becoming the primary interface between developers and their runtimes. The Rust migration eliminates a liability while Claude Fable 5's role in the rewrite serves as a proof point for AI-assisted code transformation. Founders building developer tools should note: the stack that AI assistants run on is becoming as strategic as the AI itself.

Frequently Asked Questions

Is Bun still safe to use during the Rust rewrite?

Bun continues to ship updates and fix bugs. The Zig codebase remains active while Rust components are gradually introduced. Production users should monitor release notes for any migration-related changes.

Will the Rust rewrite change Bun's API or Node.js compatibility?

The rewrite targets internal implementation, not external APIs. Bun's goal remains Node.js compatibility, so existing code should continue working.

What is Claude Fable 5?

A pre-release Anthropic model that Sumner used for the Rust migration. No public details exist about its capabilities beyond this mention in the Bun blog post.

Why didn't Bun choose Rust from the start?

Sumner chose Zig in 2021 for its low-level control and performance characteristics. The language enabled rapid development of Bun's massive scope. The bugs that prompted the Rust migration emerged later as the codebase grew.

Also Read
Two $1B rounds in one week: AI chips and cybersecurity lead

Context on how AI companies are acquiring and funding developer infrastructure

ℹ️

Need Help Implementing This?

Evaluating JavaScript runtimes for your startup? Logicity's technical advisory can help you benchmark Node.js, Bun, and Deno for your specific workloads. Contact us at advisory@logicity.in.

Source: Hacker News: Best

Advertisement
H

Huma Shazia

Senior AI & Tech Writer

Produced with AI assistance and reviewed by the Logicity editorial team. Learn more in our Editorial Policy.