Data

Tools

Indexes

Applications

Experiments

Open Source Science

https://github.com/cleitonsilvat/vulnerability-sbqs-2025

https://github.com/cleitonsilvat/vulnerability-sbqs-2025

Science Score: 26.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
    Found .zenodo.json file
  • DOI references
  • Academic publication links
  • Academic email domains
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (5.1%) to scientific vocabulary
Last synced: 6 months ago · JSON representation

Repository

Basic Info
  • Host: GitHub
  • Owner: CleitonSilvaT
  • Language: Python
  • Default Branch: main
  • Size: 385 KB
Statistics
  • Stars: 0
  • Watchers: 0
  • Forks: 0
  • Open Issues: 0
  • Releases: 0
Created 8 months ago · Last pushed 8 months ago
Metadata Files
Readme

README.md

Vulnerability Analysis in the Bun Runtime: A Comparative Study with Node.js

Abstract

The widespread adoption of runtimes such as Node.js and Bun have raised new security challenges. This study conducted a comparative analysis of vulnerabilities found in such packages across both runtimes, using the OWASP Dependency-Check tool. A total of 1,000 popular packages from the \texttt{npm} ecosystem were analyzed, revealing 66 vulnerabilities in Node.js, 32 in Bun with the \texttt{--trust} flag enabled, and 20 in Bun’s default mode. Node.js concentrated most of the critical issues, such as Code Injection and Prototype Pollution, while Bun exhibited fewer and less severe vulnerabilities. These differences were linked to architectural factors, including Bun’s default blocking of installation scripts, its use Zig for native components, and reduced exposure to dynamic behaviors. The analysis highlights the impact of runtime architecture on application security and identifies Bun as a more restrictive and resilient alternative, though not immune, to structural vulnerabilities.

This repository contains all the codes developed in the project

Owner

  • Name: Cleiton Silva Tavares
  • Login: CleitonSilvaT
  • Kind: user
  • Location: Belo Horizonte, Brazil

GitHub Events

Total
  • Member event: 1
  • Push event: 1
  • Create event: 1
Last Year
  • Member event: 1
  • Push event: 1
  • Create event: 1

Dependencies

code/package-lock.json npm
  • @types/node 22.13.5 development
  • csv-parser 3.2.0 development
  • csv-writer 1.6.0 development
  • fs 0.0.1-security development
  • undici-types 6.20.0 development
  • dotenv 16.5.0
code/package.json npm
  • @types/node ^22.13.5 development
  • csv-parser ^3.2.0 development
  • csv-writer ^1.6.0 development
  • fs ^0.0.1-security development
  • dotenv ^16.5.0