Wow, this page looks so bad information-wise. There's a trend with such LLM "reporting" of just throwing bunch of numbers, graphs, charts, whatever on the page. Looks impressive from the outside, totally incomprehensible when you try to actually read it.
Assertions without context, charts about other charts, numbers (so many numbers) without data. An audit with no auditor. Pure infoslop. What a time to be alive.
I can't help thinking about Mitchell Hashimoto's recent post about "whole companies consumed by AI psychosis." I read that as naming Bun without directly naming Bun...
Could you imagine if Postgres decided to yolo a port (even if unreleased) to rust? Why port the whole thing like this? Why not do it piecemeal and get each piece to prod?
Look no further than their owner for the reason, unless it is merely a coincidence this only happened after a change in ownership…
That’s the most absurd IMHO. Why not do the same experiment but module by module? And little by little rustify the whole codebase. It really feels like the whole project is a marketing experiment for Mythos
It seems that this era is a marketing experiment for Mythos.
We're running forward without any idea of how we can get agents to write code that is even remotely safe or secure. It _will_ blow up with increasingly large blast radiuses.
As a human I would likely port it the same way. First a translation close to 1:1 from the source, then redesign/refactor areas little by little to match the target language idioms
In some cases it's impossible. C to TCL almost fine, C mapped to Scheme, or Prolog, hell awaits, because Scheme's functions can reduce tons of redundant functions to a single one.
C2Rust, the most popular transpiler from C to Rust will leave a bunch of unsafe blocks. After the initial port it is expected for the authors to go in and work to remove them.
Porting is usually a messy process. Do you know it's less safe than the Zig version? Maybe it's just highlighting where the problems already existed. Regardless, wild hyperbole are not constructive.
Ironically, suggesting that 13k is ridiculous compared to an unknown (the zig version is available for assessment) is as compelling as any other vibes.
> Bun's Rust port has not shipped in a released build yet. The Bun you install today still runs the original Zig implementation. This audit is the pre-release pass over the port.
That's good to see. I was getting a bit worried but now feeling better about it.
I trust them because of their reputation.
I have been a bun user before v1.0.0 and I experienced some shortcomings, bugs, memory leaks and things of that nature. But all of them were eventually patched, and it has become my go to runtime for at least 2 years now.
I trust their judgement to do the right thing.
I don’t understand the overreaction since this is a parallel development.
If it turns out to be better than make it default. Bugs get fixed it’s not like their zig version didn’t have issues before.
Anthropic has a serious savior complex (when it is actually about total control) and believe that you should not run your own models locally and they do not care about you and I.
This Bun Zig to Rust rewrite is great content for them and for their IPO prospectus, but it isn't performative in the sense that it is fake. (It is real with terrible code.)
What this really means is that it gives the green light to managers and everyone else to use Claude to do massive rewrites; even when it produces hundreds of thousands of lines of slop.
Unless comprehension debt is what you want.
You do not have the same amount of token-spend as the Bun team does.
> I trust their judgement to do the right thing.
They will do the "right thing" for their investors (and soon Wall Street).
When I see something tagged as "AI generated" (as it does in this webpage at the top), I find valuable and interesting to know which AI was behind it. Bun being anthropic, curious to what they have access to and what they used for this. I assumed Mythos or Opus 4.7, but I guess could be any other model as well.
Rust and Zig both use the same optimizing compiler (LLVM) so assuming the vibe coded port didn't introduce performance pitfalls and kept the algorithms the same, the end result should be in the single digit performance difference with the original.
13k unsafe blocks is a reminder that unsafe on its own isn’t the problem, it’s whether that unsafe boundary is small and audited. The number that matters more is how much of the codebase depends on unchecked invariants. If the answer is most of it, the port is moving too fast.
If you want to dig into Bun's port to Rust, I suggest waiting until they actually release something instead of generating LLM slop charts about unfinished source code.
Wow, this page looks so bad information-wise. There's a trend with such LLM "reporting" of just throwing bunch of numbers, graphs, charts, whatever on the page. Looks impressive from the outside, totally incomprehensible when you try to actually read it.
Assertions without context, charts about other charts, numbers (so many numbers) without data. An audit with no auditor. Pure infoslop. What a time to be alive.
And the tone, I hate it so much. Would it have been really that bad to use technical prose instead of every single sentence reading like a punchline?
I can't help thinking about Mitchell Hashimoto's recent post about "whole companies consumed by AI psychosis." I read that as naming Bun without directly naming Bun...
Could you imagine if Postgres decided to yolo a port (even if unreleased) to rust? Why port the whole thing like this? Why not do it piecemeal and get each piece to prod?
Look no further than their owner for the reason, unless it is merely a coincidence this only happened after a change in ownership…
That’s the most absurd IMHO. Why not do the same experiment but module by module? And little by little rustify the whole codebase. It really feels like the whole project is a marketing experiment for Mythos
It seems that this era is a marketing experiment for Mythos.
We're running forward without any idea of how we can get agents to write code that is even remotely safe or secure. It _will_ blow up with increasingly large blast radiuses.
Remember kids, unsafe is not undefined behaviour. It just means you need to prove via unchecked English statements that your code is not UB.
Just write C then.
Is clanker defined behavior in this case
The current level of insanity with AI is off the charts.
Porting to a safe language without the safety features.
As a human I would likely port it the same way. First a translation close to 1:1 from the source, then redesign/refactor areas little by little to match the target language idioms
In some cases it's impossible. C to TCL almost fine, C mapped to Scheme, or Prolog, hell awaits, because Scheme's functions can reduce tons of redundant functions to a single one.
Sure, but that doesn’t really apply to zig => rust
C2Rust, the most popular transpiler from C to Rust will leave a bunch of unsafe blocks. After the initial port it is expected for the authors to go in and work to remove them.
But if that's the goal then I _think_ the "port" is perfectly achievable without LLMs. Zig transpiles to C, then C2Rust would do the rest
There's more than one way to crack an egg.
Porting is usually a messy process. Do you know it's less safe than the Zig version? Maybe it's just highlighting where the problems already existed. Regardless, wild hyperbole are not constructive.
Nobody knows if it is less safe than the Zig version because nobody has ever read the code. Maintainers included
Ironically, suggesting that 13k is ridiculous compared to an unknown (the zig version is available for assessment) is as compelling as any other vibes.
> Bun's Rust port has not shipped in a released build yet. The Bun you install today still runs the original Zig implementation. This audit is the pre-release pass over the port.
That's good to see. I was getting a bit worried but now feeling better about it.
I am looking forward to the first release tomorrow though!
Guys, does anyone know why the decision to port Bun from Zig to Rust? Is it to move to a less niche language?
I don't know definitively, but the Zig project has been vocally anti-LLM code; Bun was bought by an LLM company.
The bun team communicated about it, it’s to reduce the number of memory issues they have to deal with IIRC
Correct.
https://news.ycombinator.com/reply?id=48133519&goto=threads%...
I wonder if the actual reason is that Zig declined their slop PR.
right at the very top:
> Bun · Rust codebase audit · May 21, 2026 · AI generated
nice of them to be up-front about it, I guess.
the port is AI slop, littered with 13k unsafe blocks.
and this blog post is more AI slop, claiming to present a "plan" for how to reduce that number.
why should anyone trust anything they output? all they're trying to do is cover up their slop with more slop.
if you're cleaning your house, and the dirt can't all fit under one rug, the obvious solution is to buy another rug.
Let's save the accusations of sweeping things under the rug for if and when they actually release this rewrite in a sloppy, buggy state.
Dunno, AI was quick to prove it could be done. I’ve found while it’s initial attempts might be slop, with good direction it can really tidy things up
I trust them because of their reputation. I have been a bun user before v1.0.0 and I experienced some shortcomings, bugs, memory leaks and things of that nature. But all of them were eventually patched, and it has become my go to runtime for at least 2 years now.
I trust their judgement to do the right thing.
I don’t understand the overreaction since this is a parallel development.
If it turns out to be better than make it default. Bugs get fixed it’s not like their zig version didn’t have issues before.
> I trust them because of their reputation.
Anthropic has a serious savior complex (when it is actually about total control) and believe that you should not run your own models locally and they do not care about you and I.
This Bun Zig to Rust rewrite is great content for them and for their IPO prospectus, but it isn't performative in the sense that it is fake. (It is real with terrible code.)
What this really means is that it gives the green light to managers and everyone else to use Claude to do massive rewrites; even when it produces hundreds of thousands of lines of slop.
Unless comprehension debt is what you want.
You do not have the same amount of token-spend as the Bun team does.
> I trust their judgement to do the right thing.
They will do the "right thing" for their investors (and soon Wall Street).
Comprehension debt will be the next manager's problem after I get promoted because of the massive vibecoded rewrite.
He must be suffering from AI psychosis.
Also, was this done with Mythos or Opus 4.7?
Does that matter?
When I see something tagged as "AI generated" (as it does in this webpage at the top), I find valuable and interesting to know which AI was behind it. Bun being anthropic, curious to what they have access to and what they used for this. I assumed Mythos or Opus 4.7, but I guess could be any other model as well.
FWIW I would be really surprised if it’s not done with Mythos
I have such contempt for this effort by Anthropic. Jarred has torpedoed so much of the goodwill Bun had earned.
Bun is(was?) a lot about performance. How does it compare to zig?
Rust and Zig both use the same optimizing compiler (LLVM) so assuming the vibe coded port didn't introduce performance pitfalls and kept the algorithms the same, the end result should be in the single digit performance difference with the original.
I believe in the latest (possibly two latest?) releases of Zig you have the option to build a self hosted compiler.
That may ne useful for bootstrapping but there's no way a self-made compiler can be competitive with LLVM. Optimizing compilers are crazy beasts.
This PR piece is only making things worse.
13k unsafe blocks is a reminder that unsafe on its own isn’t the problem, it’s whether that unsafe boundary is small and audited. The number that matters more is how much of the codebase depends on unchecked invariants. If the answer is most of it, the port is moving too fast.
If you want to dig into Bun's port to Rust, I suggest waiting until they actually release something instead of generating LLM slop charts about unfinished source code.
This is posted by Bun on bun.com
Oh, I didn't notice the URL, the page didn't seem at all official. In that case it's weird that they present this clearly LLM-generated "report".
Not reading this AI slop.
[flagged]
[dead]