bun-development

This is a Bun development skill / documentation that is consistent with its stated purpose. It contains standard developer guidance (installing Bun, creating projects, using Bun APIs). The primary security concern is the inclusion of direct download-and-execute installer commands (curl | bash and PowerShell irm | iex) and unpinned git installs; these are legitimate convenience instructions but are high-risk supply-chain patterns because remote content executes on users' machines. No explicit credential harvesting, obfuscated malware, or exfiltration is present in the document itself. Recommend treating installer commands as risky: prefer verified installers, checksums/signatures, pinned releases, and caution when installing from arbitrary git URLs or running global installs.