Claude Code Plugins

Community-maintained marketplace

Feedback

bun-lockfile-update

@laurigates/claude-plugins
1
0

|

Install Skill

1Download skill
2Enable skills in Claude

Open claude.ai/settings/capabilities and find the "Skills" section

3Upload to Claude

Click "Upload skill" and select the downloaded ZIP file

Note: Please verify skill by going through its instructions before using it.

SKILL.md

created Tue Dec 16 2025 00:00:00 GMT+0000 (Coordinated Universal Time)
modified Tue Dec 16 2025 00:00:00 GMT+0000 (Coordinated Universal Time)
reviewed Tue Dec 16 2025 00:00:00 GMT+0000 (Coordinated Universal Time)
name bun-lockfile-update
description Update Bun lockfiles (bun.lockb) with proper dependency management. Covers bun update, bun install, lockfile regeneration, and security audits. Use when user mentions bun lockfile, bun update, bun.lockb, updating Bun dependencies, or resolving Bun lockfile conflicts.

Bun Lockfile Update

Comprehensive guidance for updating Bun lockfiles (bun.lockb) with proper dependency management practices.

When to Use

Use this skill automatically when:

  • User requests lockfile update or dependency refresh
  • User mentions outdated dependencies or security vulnerabilities
  • User wants to update specific packages or all dependencies
  • Lockfile conflicts occur during git operations
  • User needs to audit or verify dependency integrity

Core Commands

Update All Dependencies

# Update all dependencies to latest versions (respecting semver ranges in package.json)
bun update

# Update all dependencies AND modify package.json to latest versions
bun update --latest

Update Specific Dependencies

# Update specific package(s) to latest compatible version
bun update <package-name>
bun update <package1> <package2>

# Update specific package to latest version (ignoring semver range)
bun update --latest <package-name>

Regenerate Lockfile

# Regenerate lockfile from package.json (clean install)
rm bun.lockb
bun install

# Or force regeneration
bun install --force

Update Strategies

1. Safe Update (Recommended)

Respects semver ranges in package.json:

# Updates within semver constraints (^1.2.3 → 1.x.x, ~1.2.3 → 1.2.x)
bun update

# Review changes
git diff bun.lockb package.json

# Test thoroughly
bun test
bun run build

When to use:

  • Regular maintenance updates
  • CI/CD pipeline updates
  • Production deployments
  • When stability is priority

2. Aggressive Update

Updates to absolute latest versions:

# Updates AND modifies package.json to latest versions
bun update --latest

# Review ALL changes carefully
git diff bun.lockb package.json

# Test exhaustively (breaking changes likely)
bun test
bun run build
bun run lint

When to use:

  • Major version upgrades
  • Modernization efforts
  • Security vulnerability fixes requiring latest versions
  • Development/experimental branches

3. Selective Update

Updates specific packages only:

# Update one critical package
bun update lodash

# Update multiple related packages
bun update @types/node @types/react @types/react-dom

# Update to latest version (ignore semver)
bun update --latest typescript

When to use:

  • Targeted security patches
  • Specific bug fixes
  • Gradual migration strategies
  • Reducing blast radius of changes

Best Practices Workflow

Pre-Update Checklist

  1. Commit current state: Ensure clean working directory

    git status
git add .
git commit -m "chore: checkpoint before dependency update"

  2. Check for outdated packages:

    bun outdated

  3. Review security advisories:

    bun audit

Update Process

  1. Choose strategy: Safe, aggressive, or selective
  2. Execute update command
  3. Review changes:
    git diff bun.lockb package.json

Post-Update Validation

  1. Verify installation:

    rm -rf node_modules
bun install

  2. Run test suite:

    bun test

  3. Run build:

    bun run build

  4. Run linting:

    bun run lint

  5. Check bundle size:

    bun run build --analyze  # If available

  6. Test application manually:

    • Critical user flows
    • Edge cases
    • Cross-browser testing (if web app)

Commit Changes

# For safe updates
git add bun.lockb
git commit -m "chore(deps): update dependencies

Updates all dependencies to latest compatible versions.
All tests passing."

# For aggressive updates
git add bun.lockb package.json
git commit -m "chore(deps): upgrade dependencies to latest

BREAKING CHANGES:
- Updated React 17 → 18
- Updated TypeScript 4.9 → 5.3
- Updated Vite 4 → 5

See CHANGELOG for migration notes.
All tests passing."

Common Scenarios

Scenario 1: Regular Maintenance

Goal: Keep dependencies fresh without breaking changes

# Weekly/monthly routine
bun update
bun test
git add bun.lockb
git commit -m "chore(deps): update dependencies"

Scenario 2: Security Vulnerability

Goal: Patch specific vulnerable package

# Check vulnerability report
bun audit

# Update vulnerable package to latest (may require --latest)
bun update --latest <vulnerable-package>

# Verify fix
bun audit

# Test and commit
bun test
git add bun.lockb package.json
git commit -m "fix(deps): patch security vulnerability in <package>

Fixes: CVE-XXXX-XXXXX"

Scenario 3: Major Version Upgrade

Goal: Migrate to new major version of framework/library

# 1. Create feature branch
git checkout -b chore/upgrade-react-18

# 2. Update target package
bun update --latest react react-dom

# 3. Update related packages
bun update --latest @types/react @types/react-dom

# 4. Review breaking changes documentation
# (Check official migration guide)

# 5. Update code for breaking changes
# (Fix deprecated APIs, adjust imports, etc.)

# 6. Run comprehensive tests
bun test
bun run build
bun run lint

# 7. Manual testing
# (Test all critical flows)

# 8. Commit and create PR
git add .
git commit -m "chore(deps): upgrade React 17 → 18

BREAKING CHANGES:
- Automatic batching changes render behavior
- Updated ReactDOM.render to createRoot
- Removed IE 11 support

See docs/migration/react-18.md for details."

Scenario 4: Lockfile Conflict Resolution

Goal: Resolve merge conflict in bun.lockb

# 1. Accept either version (doesn't matter which)
git checkout --theirs bun.lockb  # Or --ours

# 2. Regenerate lockfile from package.json
rm bun.lockb
bun install

# 3. Verify installation
bun test

# 4. Commit resolution
git add bun.lockb
git commit -m "chore: resolve lockfile merge conflict"

Scenario 5: Dependency Audit & Cleanup

Goal: Remove unused dependencies and update remaining

# 1. Audit dependencies
bun pm ls  # List installed packages

# 2. Check for unused dependencies
npx depcheck  # Or manual review of package.json

# 3. Remove unused packages
bun remove <unused-package>

# 4. Update remaining dependencies
bun update

# 5. Verify everything still works
bun test
bun run build

Bun-Specific Features

Binary Lockfile

  • Bun uses binary lockfile format (bun.lockb)
  • Much faster to parse than package-lock.json or yarn.lock
  • Not human-readable (use bun pm ls to inspect)

Workspaces

# Update all workspace packages
bun update

# Update specific workspace
bun update --filter <workspace-name>

Compatibility

# Install with npm/yarn compatibility
bun install --backend=npm

# Generate package-lock.json for compatibility
bun install --lockfile-only

Troubleshooting

Lockfile Corruption

# Symptoms: Install errors, checksum mismatches
# Solution: Regenerate lockfile
rm bun.lockb
bun install

Peer Dependency Conflicts

# Symptoms: Peer dependency warnings during install
# Solution: Update peer dependencies or use --force
bun install --force

# Or resolve conflicts manually in package.json

Cache Issues

# Clear Bun cache
rm -rf ~/.bun/install/cache

# Reinstall
rm -rf node_modules bun.lockb
bun install

Version Mismatch Errors

# Symptoms: Package version doesn't match expectations
# Solution: Verify package.json and regenerate lockfile
cat package.json  # Check version ranges
rm bun.lockb
bun install

Security Best Practices

Regular Audits

# Check for vulnerabilities
bun audit

# Get detailed report
bun audit --json > audit-report.json

Automated Updates

# Use Renovate or Dependabot for automated PRs
# Configure in .github/renovate.json or .github/dependabot.yml

Review Dependencies

# Before updating, review package reputation
# Check npm package page, GitHub stars, maintenance status
bun pm ls <package-name>

Lockfile Integrity

# Verify lockfile matches package.json
bun install --frozen-lockfile  # CI/CD
bun install --production --frozen-lockfile  # Production

Integration with CI/CD

GitHub Actions Example

- name: Install dependencies
  run: bun install --frozen-lockfile

- name: Run tests
  run: bun test

- name: Update lockfile (scheduled job)
  run: |
    bun update
    bun test
  if: github.event_name == 'schedule'

Pre-commit Hook

# .husky/pre-commit or similar
#!/bin/sh
bun install --frozen-lockfile
bun test

Related Skills

  • Node.js Development - Modern JavaScript/TypeScript patterns with Bun
  • Git Branch PR Workflow - Managing dependency update PRs
  • GitHub Actions Inspection - Debugging CI/CD lockfile issues

References