5 years.

The language itself will probably stabilize in maybe 3 years. The last things they'll do is work on the std lib, documentation, spec. That will take time but the language will be ready before then.

To be honest, I think it's good enough.

I really curious about what exactly they need to improve to release 1.0

Most users don't need it. Having it on by default is a feature for malware writers not users.

But to your point, Node has had permission flags for a while[0] but allows everything by default. Npm could use them to increase security even more. I just hope it doesn't take them another 10 years to change the default.

[0] https://nodejs.org/api/permissions.html

Most packages don’t need it, but I imagine a large percentage of users do since most projects pull in an insane number of packages.

Still, “default off” is better. It would be nice if there were a lightweight way to fork upstream packages, and cache the native builds. It’d improve build times, make the build step more explicit / sandboxable and allow for easier binary builds for operating systems and processors that M$ treats as second class.

I like the terminal aesthetics but please, for accessibility's sake, make input boxes look more like input boxes and buttons look like buttons.

thank you for the feedback, yeah i've been going and trimming a few places where i think my own tendencies have gone a bit too far.

i will also say on accessibility, i recognize the site is a bit too small font in general — and will fix it soon.

I would humbly suggest that a reasonable site should assume that the user has set the comfortable font size in the browser, and make all other font sizes in percentages, or using rem units.

Generally probably shouldn’t try to innovate in too many places at once

we are well aware and duly noted. thank you for the feedback

Removes a barrier of entry if you can look at it from a browser instead of installing a CLI/TUI.

Don't try to make me install a random program if I can view it in my sandboxed browser safely.

Also, browsers have greasemonkey to help me personalize websites easily. TUIs don't.

I guess Bun had the better marketing then. I liked how every new feature came with a benchmark against the previous version and node. See this for example: https://xcancel.com/bunjavascript/status/2048228152397459590

I'd love to see a site comparing the 3 of them in a similar way.

To me it feels more like the old "this site only supports IE6". Instead of checking which JS engine the user has, check for specific api support and fail gracefully.

According to the bun team, it was already vibecoded for months before the Anthropic acquisition.

vibe coding on top of an existing battle-tested codebase is very different than merging a 1 million LoC pull request that is a week old

Probably a lie tbh

Why is it so hard to believe that Jarred Sumner, a self-described "Thiel Fellow and a high school dropout", had values aligned with Anthropic's before Bun was approached for acquisition? It's not like Claude was an asteroid that crashed into Eden.

"Man explicitly aligned with evil does thing that not everyone agrees with" is not that surprising when you put it like that

No problem.

the proof is on github; it's true

Does it use your tokens when it does this check for malware? or is that part covered by anthropic?

I misread that as "current times" and thought it would sing the news.

It does need more streams for other timezones.

Drop the AI written story, take me straight to the "Explore Your Record" view. That's more interesting.

Fair. Just added a "skip to timeline →" button visible from the first second of the loading screen. Story is the hook for some users (see Imustaskforhelp's comment below) but shouldn't be forced. You can bypass immediately now.