
Research
/Security News
11 Malicious NuGet Tools Pose as Game Cheats to Drop a Windows Host-Surveillance Payload
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.
@fluojs/platform-bun
Advanced tools
English 한국어
Bun-backed HTTP adapter for the fluo runtime, built on native Bun.serve().
npm install @fluojs/platform-bun
This package is intended to run on Bun. The published manifest intentionally does not declare engines.node, so npm metadata stays aligned with the Bun runtime contract; the repository's Node.js 20+ requirement only applies to the maintainer build/test toolchain.
Use this package when running fluo applications on the Bun runtime. This adapter leverages Bun's high-performance Request/Response bridge and native fetch-style architecture, providing a seamless and fast experience for Bun users.
During application shutdown, the adapter stops all new ingress, including websocket upgrade attempts, with a 503 shutdown response and gives active HTTP handlers a bounded drain window before Bun forcefully tears the server down. If signal-driven shutdown exceeds forceExitTimeoutMs or fails, fluo reports that condition through logging and process.exitCode while leaving final process termination to Bun or the surrounding host.
import { createBunAdapter } from '@fluojs/platform-bun';
import { fluoFactory } from '@fluojs/runtime';
import { AppModule } from './app.module';
const app = await fluoFactory.create(AppModule, {
adapter: createBunAdapter({ port: 3000 }),
});
await app.listen();
If you prefer to manage the Bun server yourself, you can use the fetch handler directly.
import { createBunFetchHandler } from '@fluojs/platform-bun';
const handler = await createBunFetchHandler({
dispatcher: app.getHttpDispatcher(),
});
Bun.serve({
fetch: handler,
port: 3000,
});
The adapter supports Bun's native server.upgrade() through the @fluojs/websockets/bun binding.
// gateways automatically use Bun's native upgrade when the Bun adapter is active
@WebSocketGateway({ path: '/ws' })
export class MyGateway {}
routes Object AccelerationOn Bun >=1.2.3, the adapter opportunistically registers safe static and parameterized fluo routes through Bun.serve({ routes }) while still routing matched requests back through the shared fluo dispatcher.
For semantically safe unversioned routes, Bun hands the pre-matched descriptor and params to the shared dispatcher so duplicate route matching is skipped while raw body, multipart, SSE, error responses, shutdown drain behavior, and websocket upgrade delegation stay on the same shared execution path. If route shape parity is unsafe, such as same-shape parameter routes with different param names, ALL-method handlers, normalization-sensitive paths, or non-URI versioning, the adapter falls back to fetch-only dispatch for those routes instead of changing fluo semantics.
If app middleware rewrites the framework request method or path after a Bun native handoff is attached, the dispatcher discards that stale handoff and rematches the rewritten request. Unsupported methods such as OPTIONS and CORS preflight behavior remain owned by the shared dispatcher/middleware path unless a fluo route explicitly owns them.
createBunAdapter(options): Recommended factory for the Bun adapter.createBunFetchHandler(options): Creates a native fetch(request) handler for custom Bun.serve() setups.bootstrapBunApplication(module, options): Advanced bootstrap without implicit startup logging.runBunApplication(module, options): Compatibility helper for quick startup with signal wiring.The adapter also exports the typed Bun integration seams used by realtime packages:
BunHttpApplicationAdapter: HttpApplicationAdapter implementation backed by Bun.serve().BunAdapterOptions: host, port, TLS, raw-body, multipart, and shutdown options accepted by createBunAdapter().BootstrapBunApplicationOptions and RunBunApplicationOptions: application bootstrap/run options for Bun-hosted apps.BunWebSocketBinding and BunRealtimeBindingHost: binding contracts used by @fluojs/websockets/bun before normal HTTP dispatch.BunWebSocketBindingHost: Backward-compatible alias for configuring Bun realtime bindings.BunServeOptions, BunServerLike, BunWebSocketHandler, BunServerWebSocket, BunWebSocketMessage, BunApplicationSignal, BunCorsInput, BunTlsOptions, and CreateBunFetchHandlerOptions: Lower-level Bun host, websocket, signal, CORS, TLS, and fetch-handler integration types.globalThis.Bun.serve() at listen time. Tests may provide a Bun-compatible test double, but production use is Bun-only.rawBody: true, and SSE framing.routes object is available and a fluo route shape is semantically safe to pre-register, the adapter lets Bun short-circuit path matching before handing the request back to the shared dispatcher. Unsupported or ambiguous route shapes fall back to the regular fetch path, and stale handoffs are ignored if middleware rewrites method/path before handler matching.>=1.2.3; versioned routes, ALL handlers, same-shape conflicts, normalization-sensitive paths, and OPTIONS/CORS preflight stay on the fetch/shared-dispatch path.rawBody, and multipart limits continue to flow through the shared runtime parser.hostname, port, and tls are forwarded to Bun.serve(). Startup logs report the configured HTTP or HTTPS listen URL.close() stops new HTTP and websocket-upgrade ingress with a 503 shutdown response, waits for in-flight HTTP handlers, clears adapter state after drain settles, and removes signal listeners registered by runBunApplication().listen() starts the server. Upgrade requests are offered to the configured binding before falling back to HTTP dispatch while the adapter is accepting new ingress.BunHttpApplicationAdapter exposes getServer(), getListenTarget(), getRealtimeCapability(), configureRealtimeBinding(), configureWebSocketBinding(), listen(), and close().packages/platform-bun/src/adapter.test.ts is the package-local regression target for the documented contract. It includes Bun fetch-style portability assertions for malformed cookies, JSON/text raw-body preservation, multipart raw-body exclusion, SSE framing, native-route param parity, same-path multi-method handoff, versioning fallback, normalization-sensitive fallback, OPTIONS/CORS ownership, same-shape route fallback, and TLS listen-target reporting, plus focused tests for startup logging, shutdown listener cleanup, in-flight drain behavior, timeout reporting, shutdown 503 ingress rejection, and websocket binding delegation.
The broader repository suite also exercises Bun through createWebRuntimeHttpAdapterPortabilityHarness(...) alongside Deno and Cloudflare Workers in packages/testing/src/portability/web-runtime-adapter-portability.test.ts, keeping the shared web-runtime portability baseline aligned across fetch-style platforms.
@fluojs/runtime: Core framework runtime.@fluojs/websockets: Includes specific subpath @fluojs/websockets/bun.@fluojs/socket.io: Supports the native Bun engine.packages/platform-bun/src/adapter.test.tspackages/websockets/src/bun/bun.test.tsFAQs
Bun-based HTTP adapter for the Fluo runtime.
The npm package @fluojs/platform-bun receives a total of 30 weekly downloads. As such, @fluojs/platform-bun popularity was classified as not popular.
We found that @fluojs/platform-bun demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.

Research
/Security News
4 compromised asyncapi packages deliver miasma botnet loader on macOS, Linux and Windows.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.