jarle/Bun Codesign a single-file JavaScript executable on macOS
skills/bun-guides-runtime-codesign-macos-executable/SKILL.md
Fix the "can't be opened because it is from an unidentified developer" Gatekeeper warning when running your JavaScript executable.
$ install --global
skillsauthnpx skillsauth add jarle/bun-skills Bun Codesign a single-file JavaScript executable on macOSInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 6, 2026, 2:38 AM11.7s1 file scanned
SKILL.md
- name:
- Bun Codesign a single-file JavaScript executable on macOS
- description:
- Fix the "can't be opened because it is from an unidentified developer" Gatekeeper warning when running your JavaScript executable.
Codesign a single-file JavaScript executable on macOS
Fix the "can't be opened because it is from an unidentified developer" Gatekeeper warning when running your JavaScript executable.
Compile your executable using the --compile flag.
bun build --compile ./path/to/entry.ts --outfile myapp
List your available signing identities. One of these will be your signing identity that you pass to the codesign command. This command requires macOS.
security find-identity -v -p codesigning
1. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX "Developer ID Application: Your Name (ZZZZZZZZZZ)"
1 valid identities found
Optional, but recommended: create an entitlements.plist file with the necessary permissions for the JavaScript engine to work correctly.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.cs.disable-executable-page-protection</key>
<true/>
<key>com.apple.security.cs.allow-dyld-environment-variables</key>
<true/>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
</dict>
</plist>
Sign your executable using the codesign command and verify it works.
codesign --entitlements entitlements.plist -vvvv --deep --sign "XXXXXXXXXX" ./myapp --force
codesign -vvv --verify ./myapp
For more information on macOS codesigning, refer to Apple's Code Signing documentation. For details about creating single-file executables with Bun, see Standalone Executables. This guide requires Bun v1.2.4 or newer.
Related Skills
jarle/Bun TypeScript
development
VerifiedTrustedCommunity
Using TypeScript with Bun, including type definitions and compiler options
1SKILL.mdUpdated Apr 6, 2026
jarle/Bun Writing tests
development
VerifiedTrustedCommunity
Learn how to write tests using Bun's Jest-compatible API with support for async tests, timeouts, and various test modifiers
1SKILL.mdUpdated Apr 6, 2026
jarle/Bun Snapshots
testing
VerifiedTrustedCommunity
Learn how to use snapshot testing in Bun to save and compare output between test runs
1SKILL.mdUpdated Apr 6, 2026
jarle/Bun Runtime behavior
testing
VerifiedTrustedCommunity
Learn about Bun test's runtime integration, environment variables, timeouts, and error handling
1SKILL.mdUpdated Apr 6, 2026