jarle/Bun Security Scanner API
skills/bun-pm-security-scanner-api/SKILL.md
Security Scanner API
$ install --global
skillsauthnpx skillsauth add jarle/bun-skills Bun Security Scanner APIInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 6, 2026, 2:54 AM92.8s1 file scanned
SKILL.md
- name:
- Bun Security Scanner API
- description:
- Security Scanner API
Security Scanner API
Bun's package manager can scan packages for security vulnerabilities before installation, helping protect your applications from supply chain attacks and known vulnerabilities.
Quick Start
Configure a security scanner in your bunfig.toml:
[install.security]
scanner = "@acme/bun-security-scanner"
When configured, Bun will:
- Scan all packages before installation
- Display security warnings and advisories
- Cancel installation if critical vulnerabilities are found
- Automatically disable auto-install for security
How It Works
Security scanners analyze packages during bun install, bun add, and other package operations. They can detect:
- Known security vulnerabilities (CVEs)
- Malicious packages
- License compliance issues
- ...and more!
Security Levels
Scanners report issues at two severity levels:
fatal- Installation stops immediately, exits with non-zero codewarn- In interactive terminals, prompts to continue; in CI, exits immediately
Using Pre-built Scanners
Many security companies publish Bun security scanners as npm packages that you can install and use immediately.
Installing a Scanner
Install a security scanner from npm:
bun add -d @acme/bun-security-scanner
Configuring the Scanner
After installation, configure it in your bunfig.toml:
[install.security]
scanner = "@acme/bun-security-scanner"
Enterprise Configuration
Some enterprise scanners might support authentication and/or configuration through environment variables:
# This might go in ~/.bashrc, for example
export SECURITY_API_KEY="your-api-key"
# The scanner will now use these credentials automatically
bun install
Consult your security scanner's documentation to learn which environment variables to set and if any additional configuration is required.
Authoring your own scanner
For a complete example with tests and CI setup, see the official template: github.com/oven-sh/security-scanner-template
Related
- Configuration (bunfig.toml)
- Package Manager
- Security Scanner Template
Related Skills
jarle/Bun TypeScript
development
VerifiedTrustedCommunity
Using TypeScript with Bun, including type definitions and compiler options
1SKILL.mdUpdated Apr 6, 2026
jarle/Bun Writing tests
development
VerifiedTrustedCommunity
Learn how to write tests using Bun's Jest-compatible API with support for async tests, timeouts, and various test modifiers
1SKILL.mdUpdated Apr 6, 2026
jarle/Bun Snapshots
testing
VerifiedTrustedCommunity
Learn how to use snapshot testing in Bun to save and compare output between test runs
1SKILL.mdUpdated Apr 6, 2026
jarle/Bun Runtime behavior
testing
VerifiedTrustedCommunity
Learn about Bun test's runtime integration, environment variables, timeouts, and error handling
1SKILL.mdUpdated Apr 6, 2026