Really? Do you have links to any good analysis on this?
I'd be shocked, given that the bun team has shown a ton of maturity in all their messaging as far as API compatibility, engineering chops, and attention to detail. Nothing I've seen suggests that they'd be sloppy on the security side.
The issue list is full of bugs with segfaults. At least used to be when I last time checked it. But that is what you get with C/C++/Zig et all. It takes a lot of time to get good enough fuzzing and testing process to eliminate all that. In Chrome, for example, you could get $20,000 bounty just for demonstration of memory issue without an actual exploit.
"1 more step function in performance bro, V8 was cool but just 1 more and we'll have enough to make CRUD apps in JS, bro I promise"
Or you can use React Query/Tanstack Query, not waste cycles and bandwidth on RSC, get an app with better UX (http://ilovessr.com), and a simpler mental model that's easier to maintain.
Yeah Vite+Reat+Tanstack SPA apps is definitely the way to go for a majority of web apps. I would still stick with nextjs for ecommerce or pages that need to load instantly when clicked from google however.
Bun unfortunately isn’t production ready for years for any serious application. Too many security problems.
Really? Do you have links to any good analysis on this?
I'd be shocked, given that the bun team has shown a ton of maturity in all their messaging as far as API compatibility, engineering chops, and attention to detail. Nothing I've seen suggests that they'd be sloppy on the security side.
The issue list is full of bugs with segfaults. At least used to be when I last time checked it. But that is what you get with C/C++/Zig et all. It takes a lot of time to get good enough fuzzing and testing process to eliminate all that. In Chrome, for example, you could get $20,000 bounty just for demonstration of memory issue without an actual exploit.
"1 more step function in performance bro, V8 was cool but just 1 more and we'll have enough to make CRUD apps in JS, bro I promise"
Or you can use React Query/Tanstack Query, not waste cycles and bandwidth on RSC, get an app with better UX (http://ilovessr.com), and a simpler mental model that's easier to maintain.
Yeah Vite+Reat+Tanstack SPA apps is definitely the way to go for a majority of web apps. I would still stick with nextjs for ecommerce or pages that need to load instantly when clicked from google however.