Bun JavaScript runtime faces scrutiny over Rust code quality and AI reliance

A GitHub issue filed on 14 May 2026 has drawn attention to potential stability concerns within the Bun JavaScript runtime. The report, lodged against the oven-sh/bun repository, alleges that the project’s Rust codebase contains undefined behaviour within safe Rust code and fails basic Miri checks.

The issue, opened by user AwesomeQubic, cites a specific error involving a dangling reference in src/main.rs. The submitter highlighted a failure in the Miri interpreter, which is designed to detect undefined behaviour in Rust’s intermediate representation. The error message indicated that the program constructed an invalid value by encountering a dangling reference with no provenance.

The report included a code snippet demonstrating the alleged issue, which involved creating a box, initializing a PathString, and then dropping the test variable before accessing the slice. The submitter argued that this sequence triggered undefined behaviour, suggesting a flaw in how the code handles memory safety despite being written in safe Rust.

Beyond the technical specifics, the submission criticised the project’s development methodology. The author urged the Bun team to hire experienced Rust developers rather than relying on AI-generated code, describing the current approach as "vibe coding" and asserting that artificial intelligence models are not currently proficient at writing correct Rust.

As of the report date, the issue remains open with no assignees, labels, or linked pull requests. The oven-sh/bun repository, which has garnered approximately 90.6k stars and 4.5k forks, has not publicly acknowledged the findings or provided a resolution in the available data. The scope of the undefined behaviour claim is limited to the specific instance highlighted, and it remains unclear whether this affects stable releases or only development builds.