Home 零对冲(ZeroHedge)每日HackerNews

Yt-dlp – [Announcement] Bun support is now limited and deprecated

原始链接: https://github.com/yt-dlp/yt-dlp/issues/16766

Yt-dlp is limiting and deprecating support for the Bun JavaScript runtime, citing security concerns and concerns over Bun’s recent development trajectory. Moving forward, only Bun versions 1.2.11 through 1.3.14 will be supported. The minimum version has been raised to 1.2.11 to resolve a critical security issue where older versions ignore lockfiles, and to ensure the EJS test suite remains functional. A support ceiling of 1.3.14 has been established because that is the final version built using the original Zig codebase. The team expressed alarm regarding Bun’s transition to being "vibe-coded" in Rust, labeling the project’s future direction as a potential maintenance headache. Consequently, while the specified version range remains supported for now, yt-dlp reserves the right to drop Bun support entirely if it becomes too burdensome. Users are advised to check the EJS wiki for updates regarding supported runtimes.

**yt-dlp** 的开发者已正式宣布,他们将弃用并限制对 **Bun** 运行时的支持。 Hacker News 上的讨论反映了社区对此截然不同的反应。支持该决定的人认为,yt-dlp 团队将项目与 Bun 分离是一个负责任的工程选择,他们对 Bun 的代码质量及其项目的长期可靠性表示担忧。一些用户特别批评了 Bun 近期的发展方向——包括其被 Anthropic 收购以及在开发过程中表现出的“凭感觉编码”(vibe-coded)倾向,认为这些是该项目不稳定的信号。 相反,反对者则认为该决定是基于推测性的偏见,而非纯粹的技术优劣。然而,在支持 yt-dlp 的人群中,主流观点认为依赖管理需要防范风险;项目应优先考虑长期稳定性,避免使用与其自身工程标准不符的运行时。
相关文章
原文

Due to foreseeable compatibility and security issues, yt-dlp's support for Bun as an ejs-compatible JavaScript runtime is being both limited and deprecated.

As of the next yt-dlp and/or ejs release, only Bun versions 1.2.11 through 1.3.14 will be supported. The rationale for this change is twofold:

  1. The minimum required version is being raised from 1.0.31 to 1.2.11 because building the ejs package with a version earlier than 1.2.0 results in the ejs lockfile being ignored, which is a significant security concern for users when considering all of the recent npm supply chain attacks. Additionally, the support floor is being bumped to 1.2.11 instead of 1.2.0 because the ejs test suite cannot be run with versions of Bun earlier than 1.2.11.

  2. Bun was recently rewritten in Rust using Claude, and its development seems to have taken a turn towards being fully vibe-coded. This is alarming and disappointing for a number of reasons, and frankly it seems like a future headache that we'd prefer to avoid. We are adding a support ceiling of version 1.3.14, as that is the last release built from the original zig codebase.

Bun support will also be deprecated. This means that while yt-dlp will continue to support this narrower range of Bun versions for as long as they're able to meet the needs of yt-dlp and ejs, we reserve the right to completely drop support for Bun should it at any point become too burdensome to maintain.

See the EJS wiki article for more information about supported JavaScript runtimes, but note that it has not yet been updated to reflect the changes announced in this post.

联系我们 contact @ memedata.com