The rising Bun JavaScript runtime is making strides and growing in adoption but what are the looming security risks and insecure code pitfalls youโll end up in? This is the session to deep dive into the shadow realm often hidden from plain sight: the underlying API surface of the runtime.
Through a comparative outlook of Node.js, weโll journey into security vulnerabilities from supply chain threats to and onto command injection, and prototype pollution and how they fare in Bun. What are Bunโs greatest security strengths? Youโll learn those too. This is a unique chance to gain first-hand insights to security weaknesses in both Node.js and Bun runtime and explore the unique threat models, security posture and the security pitfalls and best practices of these two server-side runtime technologies.
Liran Tal is a software developer, and a GitHub Star, world-recognized for his activism in open source communities and advancing web and Node.js security. He engages in security research through his work in the OpenJS Foundation and the Node.js ecosystem security working group, and further promotes open source supply chain security as an OWASP project lead. Liran is also a published author of Essential Node.js Security and O'Reilly's Serverless Security. At Snyk, he is leading the developer advocacy team and on a mission to empower developers with better dev-first security.