![Yt-dlp – [Announcement] Bun support is now limited and deprecated](https://geeksalad.org/wp-content/uploads/2026/05/yt-dlp-announcement-bun-support-is-now-limited-and-deprecated-featured.jpg)
TL;DR
Yt-dlp has announced that support for Bun as a JavaScript runtime will be limited and deprecated. Only versions 1.2.11 to 1.3.14 will be supported moving forward, due to security and compatibility concerns. The change aims to mitigate risks from recent Bun rewrites and npm supply chain vulnerabilities.
Yt-dlp has announced that support for Bun as an ejs-compatible JavaScript runtime will be limited and deprecated, effective immediately, due to security and compatibility issues with recent Bun versions.
According to the official statement, yt-dlp will now only support Bun versions 1.2.11 through 1.3.14. The decision stems from the need to address security concerns related to npm supply chain attacks, as building the ejs package with Bun versions earlier than 1.2.0 results in ignored lockfiles, creating potential vulnerabilities.
The minimum supported version has been raised from 1.0.31 to 1.2.11 because the ejs test suite cannot run with Bun versions earlier than 1.2.11. Additionally, support will be limited to the last release built from the original zig codebase, version 1.3.14, as newer versions are based on a rewritten Rust codebase that the yt-dlp team finds problematic. Support for Bun will be deprecated, with the possibility of complete removal if maintaining support becomes too burdensome.
Why It Matters
This change impacts users relying on Bun for video downloading and processing through yt-dlp, especially those using versions outside the supported range. It reflects ongoing security concerns in the JavaScript runtime ecosystem and signals a shift away from Bun’s recent development trajectory, which could influence future support policies for other tools.
Video and Audio Downloader PRO 3 software for YouTube – download your favorite YouTube videos as MP4 video or MP3 audio – compatible with Win 11, 10
NEW: Now with integrated video search
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background
Support for Bun in yt-dlp was introduced to enable users to leverage Bun’s performance benefits as an ejs-compatible runtime. Recently, Bun was rewritten in Rust, moving away from its original zig codebase, which has caused compatibility and stability issues. The decision to limit support follows security advisories about npm supply chain attacks and the inability of the ejs test suite to run on versions earlier than 1.2.11. Previously, support was broader but is now being scaled back in response to these technical and security challenges.
“Support for Bun will now be limited to versions 1.2.11 through 1.3.14, and support for earlier versions will be deprecated.”
— yt-dlp developers
“The support floor is being bumped to 1.2.11 because the ejs test suite cannot be run with versions of Bun earlier than 1.2.11, and recent rewrites have raised compatibility concerns.”
— yt-dlp team
Bun Runtime Essentials: The Fastest JavaScript Server Environment: Bun Runtime Essentials: The Fastest JavaScript Server Environment
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What Remains Unclear
It is not yet clear whether support for Bun will be completely dropped in future updates or if the supported version range might be expanded again. The team has indicated support could be entirely removed if maintaining it becomes burdensome, but no timeline or specific plans have been announced.
JFROG ARTIFACTORY: THE COMPLETE GUIDE TO UNIVERSAL ARTIFACT MANAGEMENT: Binary Repository, Package Management, CI/CD Integration, and DevSecOps for Docker, Maven, NPM, and Python
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What’s Next
Next steps include monitoring the impact of this change on users, potential updates to the yt-dlp documentation, and possible future support adjustments depending on Bun’s development trajectory. Users relying on Bun are advised to stay within the supported version range or consider alternative runtimes.
Practical Image and Video Processing Using MATLAB (IEEE Press)
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
Why is yt-dlp limiting Bun support now?
Support is limited due to security concerns related to npm supply chain attacks and compatibility issues with recent versions of Bun, especially after its rewrite in Rust and the inability to run the ejs test suite on earlier versions.
Which versions of Bun will still be supported?
Versions 1.2.11 through 1.3.14 will continue to be supported for now, as they are the last supported versions built from the original zig codebase.
Will support for Bun be completely removed?
The yt-dlp team has reserved the right to completely drop support for Bun if it becomes too burdensome to maintain, but no specific timeline has been provided.
What should users relying on Bun do now?
Users should ensure they are using supported Bun versions within the supported range or consider switching to alternative JavaScript runtimes until further updates are announced.
Source: Hacker News
