bun-pm-trust 命令

bun pm trust runs blocked lifecycle scripts (such as postinstall, preinstall, and node-gyp builds) for specified untrusted dependencies and adds those packages to the trustedDependencies array in package.json. Unlike npm, Bun blocks arbitrary lifecycle script execution for installed dependencies by default as a security measure. When Bun blocks a script, it installs the package but silently skips its lifecycle scripts. The bun pm trust command is the mechanism for explicitly opting in to running those scripts for packages you have reviewed and trust. Bun maintains a default allowlist of popular packages known to have safe postinstall scripts. This default list only applies to packages sourced from npm; packages from file:, link:, git:, or github: sources require explicit trustedDependencies entries.

Run `bun pm trust [package1] [package2]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

Trust all currently untrusted dependencies at once, running all their blocked lifecycle scripts and adding them to trustedDependencies in package.json