I have to say, this whole saga is extremely interesting. Not just from a popcorn-enjoyer's point of view, but as a bit of a bell weather for 2026 software dev.
qsera
I think it makes sense to stay away from large code bases built using LLMs until it is proven that it is possible to also maintain such code bases using LLMs or using reasonable human effort.
andai
Electrobun repo: https://github.com/blackboardsh/electrobun > Electrobun aims to be a complete solution-in-a-box for building, updating, and shipping ultra fast, tiny, and cross-platform desktop applications written in Typescript. Under the hood it uses bun to execute the main process and to bundle webview typescript, and has native bindings written in Objc, C++, and several core parts written in zig.
throwatdem12311
It’s really only a matter of time until someone forks the Zig version of Bun. What a slap in the face to all the Zig developers that spent their time, effort and probably even some money contributing to it.
3as-123
Great, the author speaks out what everyone thinks but cannot say, either due to being invested in the hype or due to effectively having a gag order from their employers: https://xcancel.com/YoavCodes/status/2058170216408813583#m The bun rewrite was Anthropic's Vietnam and the open source community needs to react and and build resistance.
mentalgear
While I'm certainly sceptical of pure LLM (re)-written software, I would have to assume in the case of the cyberattack vector that Anthropic used their new Mythos model to adequately test against. Maybe someone has more info of them mentioning that.
bobajeff
This is my first time hearing about Electrobun it sounds like it could be a good alternative to electron. Their site mention CEF bundling as an option has anyone tried this?
feverzsj
I doubt any sane human will continue using Bun.
chuckadams
I'm not joining the chorus condemning Bun for the vibe-rewrite, and I think it's fascinating whether it turns out to be a complete trainwreck or not. But FFS, it should have been a separate repo.
avinassh
TIL electrobun. How does it compare against electron?
krzyk
That name is quite near the infamous Electron, is it similar?
pessimizer
This whole thing of shunning bun is a goofy protest against AI in general by a bunch of programmers about to transition from vastly overpaid to mostly unemployed, sometimes thinly disguised as quality concerns and piggybacking a little bit on the anti-"rewrite it in rust" train. Still, I can't help but entirely support it. I don't want hard dependencies on gigantic megacorps, or on any single provider who can go rogue. Should have always been able to switch between them, and any of them who made that difficult should have been the ones to be shunned. Completely dropping support for bun is equally bad imo, because now your choices are limited to Microsoft and deno, making deno close to a single point of failure. Although I have to wonder what would happen if Anthropic threw a couple of bucks at electrobun (lol, not really.)
insane_dreamer
This makes a lot of sense. For example, we (and many others) depend heavily on numpy. It's been around for decades and heavily battle tested. If someone came out with a new version of numpy vibe-code rewritten in a week, with assurances that "all tests pass", do you think we would adopt it? Absolutely not. We would have no confidence that there aren't some latent bugs or that we can fully trust the results. It has nothing to do with AI having rewritten it, it has to do with being battle tested over time. If a team of humans had rewritten it in a week, I wouldn't trust or use it either.
ksec
At this point I am wondering if anyone will be forking the Zig Bun to something else.
Squarex
They should probably change the name then.
ChrisArchitect
Related: yt-dlp - Bun support is now limited and deprecated https://news.ycombinator.com/item?id=48238789
queenkjuul
I feel like all the replies have totally missed that this Rust port has (reportedly) thousands and thousands of "unsafe" statements and no human review; I'm no rust dev but that doesn't make me very confident, and probably won't consider Bun for new projects either
classicposter
https://github.com/oven-sh/bun/issues/30921 > A CVE wasn’t announced for an HTTP Request Smuggling vulnerability Even before the acquisition of Anthropic, there had never been a single vulnerability report. https://github.com/oven-sh/bun/security Do not use this in production.
Related Discussions
Found 5 related stories in 80.4ms across 8,303 title embeddings via pgvector HNSW
Discussion Highlights (18 comments)
consumer451
I have to say, this whole saga is extremely interesting. Not just from a popcorn-enjoyer's point of view, but as a bit of a bell weather for 2026 software dev.
qsera
I think it makes sense to stay away from large code bases built using LLMs until it is proven that it is possible to also maintain such code bases using LLMs or using reasonable human effort.
andai
Electrobun repo: https://github.com/blackboardsh/electrobun > Electrobun aims to be a complete solution-in-a-box for building, updating, and shipping ultra fast, tiny, and cross-platform desktop applications written in Typescript. Under the hood it uses bun to execute the main process and to bundle webview typescript, and has native bindings written in Objc, C++, and several core parts written in zig.
throwatdem12311
It’s really only a matter of time until someone forks the Zig version of Bun. What a slap in the face to all the Zig developers that spent their time, effort and probably even some money contributing to it.
3as-123
Great, the author speaks out what everyone thinks but cannot say, either due to being invested in the hype or due to effectively having a gag order from their employers: https://xcancel.com/YoavCodes/status/2058170216408813583#m The bun rewrite was Anthropic's Vietnam and the open source community needs to react and and build resistance.
mentalgear
While I'm certainly sceptical of pure LLM (re)-written software, I would have to assume in the case of the cyberattack vector that Anthropic used their new Mythos model to adequately test against. Maybe someone has more info of them mentioning that.
bobajeff
This is my first time hearing about Electrobun it sounds like it could be a good alternative to electron. Their site mention CEF bundling as an option has anyone tried this?
feverzsj
I doubt any sane human will continue using Bun.
chuckadams
I'm not joining the chorus condemning Bun for the vibe-rewrite, and I think it's fascinating whether it turns out to be a complete trainwreck or not. But FFS, it should have been a separate repo.
avinassh
TIL electrobun. How does it compare against electron?
krzyk
That name is quite near the infamous Electron, is it similar?
pessimizer
This whole thing of shunning bun is a goofy protest against AI in general by a bunch of programmers about to transition from vastly overpaid to mostly unemployed, sometimes thinly disguised as quality concerns and piggybacking a little bit on the anti-"rewrite it in rust" train. Still, I can't help but entirely support it. I don't want hard dependencies on gigantic megacorps, or on any single provider who can go rogue. Should have always been able to switch between them, and any of them who made that difficult should have been the ones to be shunned. Completely dropping support for bun is equally bad imo, because now your choices are limited to Microsoft and deno, making deno close to a single point of failure. Although I have to wonder what would happen if Anthropic threw a couple of bucks at electrobun (lol, not really.)
insane_dreamer
This makes a lot of sense. For example, we (and many others) depend heavily on numpy. It's been around for decades and heavily battle tested. If someone came out with a new version of numpy vibe-code rewritten in a week, with assurances that "all tests pass", do you think we would adopt it? Absolutely not. We would have no confidence that there aren't some latent bugs or that we can fully trust the results. It has nothing to do with AI having rewritten it, it has to do with being battle tested over time. If a team of humans had rewritten it in a week, I wouldn't trust or use it either.
ksec
At this point I am wondering if anyone will be forking the Zig Bun to something else.
Squarex
They should probably change the name then.
ChrisArchitect
Related: yt-dlp - Bun support is now limited and deprecated https://news.ycombinator.com/item?id=48238789
queenkjuul
I feel like all the replies have totally missed that this Rust port has (reportedly) thousands and thousands of "unsafe" statements and no human review; I'm no rust dev but that doesn't make me very confident, and probably won't consider Bun for new projects either
classicposter
https://github.com/oven-sh/bun/issues/30921 > A CVE wasn’t announced for an HTTP Request Smuggling vulnerability Even before the acquisition of Anthropic, there had never been a single vulnerability report. https://github.com/oven-sh/bun/security Do not use this in production.