Interesting, I'm not aware of that many nodejs alternatives...

That's a yes and no. Venture funded companies like Anthropic have a history of low follow through with peripheral projects (like Bun is for them). Of course they do - their responsibility is ultimately primarily to their investors - not to Bun. So the risk now is that Anthropic will can Bun whenever they just lose interest or feel it's just a drain that's not contributing directly to their bottom line.

Node.js itself did have trouble finding a corporate home that was interested in providing good support for the project, and that's how we got the oi.js fork of Node, which luckily led to Node being transitioned to a foundation and the projects merged. This whole history is what made me so surprised that Ryan of all people would attempt another js runtime (Deno) project as a corporate project.

And it's the reason I'm staying away from both Bun and Node. I can't afford platform risk like this. I need my startup to be built on a project that has a more reliable future trajectory, which is what you get with a proper open source project (emphasis on project) that you get with Node. Node is stable and still getting features, but most importantly it's not going away.

It really doesn't. You think Anthropic will still be in business in 10 years? If they are, it's not likely they'll be in the same shape.

Running out of money is never the issue with a big company buying an open source project. There are countless examples of projects dying or changing significantly for the worse after acquisition.

Also “no human wrote any of this code” is not my personal benchmark for a reliable dependency.

Afaik there is no proof Anthropic is profitable. This, and uv buyout by OpenAI only adds a risk to supply chains. In few years these companies can be overrun by open source models or startups delivering new hardware/software breakthrough in LLM. It is not like uv and bun are acquired by IBMs or Alphabets of today.

> It means they're a whole lot less likely to run out of money, which makes them a safer bet as a dependency.

I don't think this logically follows. That is, yes being acquired makes one less likely to run out of money, but doesn't necessarily make something safer as a dependency.

Plenty of open source projects have little to no funding and continue on for years with no problems. But being acquired suddenly creates a requirement of return-on-investment. A corporation will happily shut the whole thing down if and when it's decided that they're just not gaining enough value from it.

(There's also the general fact that, a corporate-acquired project is going to first and forement serve the needs of the corporation vs. the community at large - if your use case or edge case doesn't align with the needs of Anthropic then you should probably not hold your breath waiting for the Bun project to address it.)

> safer bet as a dependency.

The recent 1 million line vibe coded PR suggests it is not so reliable as a dependency.

Yes, famously, acquisitions only make services more reliable, as in the case of Microsoft and Github, or Apple and DarkSky.

running out of money, for an open source project of almost any kind, is safer than "running into money" with the wrong strings attached

(still reserving judgement on Bun, though — I mean, we'll soon see, one way or the other!)

> which makes them a safer bet as a dependency

Wouldn't node be the safest bet as a dependency?

For those who care about their dependencies being "safe bets", Bun should already be out of the question after the recent "vibe code the entire thing into a different language in a week with zero human intervention" fiasco.