feat(bun): Add orchestrion bun build plugin#21410
Open
isaacs wants to merge 1 commit into
Open
Conversation
isaacs
force-pushed
the
experiment/orchestrionjs-auto-instrumentation
branch
from
48fa3e3 to
0157d09
Compare
isaacs
force-pushed
the
isaacs/bun-orchestrion
branch
from
362c870 to
39be3da
Compare
Contributor
size-limit report 📦
|
isaacs
force-pushed
the
experiment/orchestrionjs-auto-instrumentation
branch
from
0157d09 to
25bfdaa
Compare
isaacs
force-pushed
the
isaacs/bun-orchestrion
branch
from
39be3da to
b34aa87
Compare
isaacs
force-pushed
the
experiment/orchestrionjs-auto-instrumentation
branch
from
25bfdaa to
7a8b730
Compare
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
isaacs
force-pushed
the
isaacs/bun-orchestrion
branch
from
b34aa87 to
653fc0e
Compare
isaacs
force-pushed
the
experiment/orchestrionjs-auto-instrumentation
branch
from
7a8b730 to
7b69e3b
Compare
Contributor
isaacs
force-pushed
the
experiment/orchestrionjs-auto-instrumentation
branch
3 times, most recently
from
c26138a to
a16cf66
Compare
isaacs
force-pushed
the
isaacs/bun-orchestrion
branch
from
653fc0e to
8743326
Compare
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
isaacs
force-pushed
the
isaacs/bun-orchestrion
branch
from
b5a794a to
ac38662
Compare
isaacs
force-pushed
the
experiment/orchestrionjs-auto-instrumentation
branch
from
a16cf66 to
5c34ba0
Compare
isaacs
force-pushed
the
isaacs/bun-orchestrion
branch
from
ac38662 to
0cfd982
Compare
isaacs
force-pushed
the
experiment/orchestrionjs-auto-instrumentation
branch
from
5c34ba0 to
c433056
Compare
isaacs
added a commit
that referenced
this pull request
Jun 15, 2026
Use the orchestrion plugin defined in server-utils, and create a plugin that Bun can use in `bun build` mode. Note: this does *not* provide a plugin for use with `bun run`, because that feature is blocked by oven-sh/bun#31770 When that issue resolves, we can look into providing this for the bun runtime, likely with a version guard to avoid the footgun of removing CommonJS exports in some cases.
isaacs
force-pushed
the
isaacs/bun-orchestrion
branch
from
0cfd982 to
ccbd1b2
Compare
JPeer264
approved these changes
Jun 16, 2026
mydea
reviewed
Jun 16, 2026
isaacs
force-pushed
the
experiment/orchestrionjs-auto-instrumentation
branch
from
c433056 to
1551113
Compare
isaacs
added a commit
that referenced
this pull request
Jun 16, 2026
Use the orchestrion plugin defined in server-utils, and create a plugin that Bun can use in `bun build` mode. Note: this does *not* provide a plugin for use with `bun run`, because that feature is blocked by oven-sh/bun#31770 When that issue resolves, we can look into providing this for the bun runtime, likely with a version guard to avoid the footgun of removing CommonJS exports in some cases.
isaacs
force-pushed
the
isaacs/bun-orchestrion
branch
from
33c961c to
58c4c54
Compare
isaacs
force-pushed
the
experiment/orchestrionjs-auto-instrumentation
branch
from
1551113 to
5551e89
Compare
isaacs
added a commit
that referenced
this pull request
Jun 17, 2026
Use the orchestrion plugin defined in server-utils, and create a plugin that Bun can use in `bun build` mode. Note: this does *not* provide a plugin for use with `bun run`, because that feature is blocked by oven-sh/bun#31770 When that issue resolves, we can look into providing this for the bun runtime, likely with a version guard to avoid the footgun of removing CommonJS exports in some cases.
isaacs
force-pushed
the
isaacs/bun-orchestrion
branch
from
58c4c54 to
942cbc7
Compare
isaacs
added a commit
that referenced
this pull request
Jun 17, 2026
Use the orchestrion plugin defined in server-utils, and create a plugin that Bun can use in `bun build` mode. Note: this does *not* provide a plugin for use with `bun run`, because that feature is blocked by oven-sh/bun#31770 When that issue resolves, we can look into providing this for the bun runtime, likely with a version guard to avoid the footgun of removing CommonJS exports in some cases.
isaacs
force-pushed
the
isaacs/bun-orchestrion
branch
from
942cbc7 to
b7d3bf4
Compare
isaacs
force-pushed
the
experiment/orchestrionjs-auto-instrumentation
branch
from
5551e89 to
df94b15
Compare
isaacs
added a commit
that referenced
this pull request
Jun 17, 2026
Use the orchestrion plugin defined in server-utils, and create a plugin that Bun can use in `bun build` mode. Note: this does *not* provide a plugin for use with `bun run`, because that feature is blocked by oven-sh/bun#31770 When that issue resolves, we can look into providing this for the bun runtime, likely with a version guard to avoid the footgun of removing CommonJS exports in some cases.
isaacs
force-pushed
the
isaacs/bun-orchestrion
branch
from
b7d3bf4 to
5b4cb48
Compare
isaacs
force-pushed
the
experiment/orchestrionjs-auto-instrumentation
branch
from
df94b15 to
fa84662
Compare
isaacs
added a commit
that referenced
this pull request
Jun 17, 2026
Use the orchestrion plugin defined in server-utils, and create a plugin that Bun can use in `bun build` mode. Note: this does *not* provide a plugin for use with `bun run`, because that feature is blocked by oven-sh/bun#31770 When that issue resolves, we can look into providing this for the bun runtime, likely with a version guard to avoid the footgun of removing CommonJS exports in some cases.
isaacs
force-pushed
the
isaacs/bun-orchestrion
branch
from
5b4cb48 to
cfe1a03
Compare
isaacs
force-pushed
the
experiment/orchestrionjs-auto-instrumentation
branch
from
fa84662 to
3300ba7
Compare
isaacs
added a commit
that referenced
this pull request
Jun 18, 2026
Use the orchestrion plugin defined in server-utils, and create a plugin that Bun can use in `bun build` mode. Note: this does *not* provide a plugin for use with `bun run`, because that feature is blocked by oven-sh/bun#31770 When that issue resolves, we can look into providing this for the bun runtime, likely with a version guard to avoid the footgun of removing CommonJS exports in some cases.
isaacs
force-pushed
the
isaacs/bun-orchestrion
branch
from
cfe1a03 to
568911f
Compare
isaacs
force-pushed
the
experiment/orchestrionjs-auto-instrumentation
branch
from
3300ba7 to
c9f3507
Compare
|
Semgrep found 1 Risk: Affected versions of esbuild are vulnerable to Download of Code Without Integrity Check / Untrusted Search Path. esbuild's Deno distribution module ( Manual Review Advice: A vulnerability from this advisory is reachable if you invoke the esbuild Deno module directly as a CLI tool (e.g. Fix: Upgrade this library to at least version 0.28.1 at sentry-javascript/yarn.lock:15987. Reference(s): GHSA-gv7w-rqvm-qjhr |
isaacs
force-pushed
the
experiment/orchestrionjs-auto-instrumentation
branch
3 times, most recently
from
7d1f62e to
7323f1a
Compare
isaacs
added a commit
that referenced
this pull request
Jun 18, 2026
Use the orchestrion plugin defined in server-utils, and create a plugin that Bun can use in `bun build` mode. Note: this does *not* provide a plugin for use with `bun run`, because that feature is blocked by oven-sh/bun#31770 When that issue resolves, we can look into providing this for the bun runtime, likely with a version guard to avoid the footgun of removing CommonJS exports in some cases.
isaacs
force-pushed
the
isaacs/bun-orchestrion
branch
from
568911f to
69a65aa
Compare
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 69a65aa. Configure here.
|
|
||
| // Delegate to the upstream code-transformer, which registers the `onLoad` | ||
| // hook that does the actual channel injection. | ||
| transformer.setup(build); |
There was a problem hiding this comment.
External deps skip instrumentation
Medium Severity
The Bun orchestrion plugin only merges the bundler marker into build.config.banner and never adjusts build.config.external. If a Bun.build call marks an instrumented package such as mysql as external, that dependency is resolved from node_modules at runtime without passing through the transformer's onLoad hook, so diagnostics-channel injection is skipped with no error.
Reviewed by Cursor Bugbot for commit 69a65aa. Configure here.
isaacs
force-pushed
the
experiment/orchestrionjs-auto-instrumentation
branch
from
7323f1a to
92b508d
Compare
isaacs
added a commit
that referenced
this pull request
Jun 18, 2026
Use the orchestrion plugin defined in server-utils, and create a plugin that Bun can use in `bun build` mode. Note: this does *not* provide a plugin for use with `bun run`, because that feature is blocked by oven-sh/bun#31770 When that issue resolves, we can look into providing this for the bun runtime, likely with a version guard to avoid the footgun of removing CommonJS exports in some cases.
isaacs
force-pushed
the
isaacs/bun-orchestrion
branch
from
69a65aa to
ea45a82
Compare
Use the orchestrion plugin defined in server-utils, and create a plugin that Bun can use in `bun build` mode. Note: this does *not* provide a plugin for use with `bun run`, because that feature is blocked by oven-sh/bun#31770 When that issue resolves, we can look into providing this for the bun runtime, likely with a version guard to avoid the footgun of removing CommonJS exports in some cases.
isaacs
force-pushed
the
isaacs/bun-orchestrion
branch
from
ea45a82 to
623d0c5
Compare
Comment on lines
+35
to
+40
| // `@apm-js-collab/code-transformer-bundler-plugins/bun` is published ESM-only | ||
| // (no `require` arm, unlike its `/vite` entry). The ESM build imports it; the | ||
| // CJS build requires it. Bun resolves correctly for ESM modules in either | ||
| // module system. | ||
| import codeTransformer from '@apm-js-collab/code-transformer-bundler-plugins/bun'; | ||
| import { SENTRY_INSTRUMENTATIONS } from '@sentry/server-utils/orchestrion/config'; |
Contributor
There was a problem hiding this comment.
Bug: The CJS build of the plugin attempts to require() an ESM-only dependency, which will fail in a Node.js environment.
Severity: MEDIUM
Suggested Fix
Either remove the CJS export for the plugin from package.json to prevent its use in Node.js environments, or replace the static require() with a dynamic import() to correctly load the ESM-only dependency.
Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's
not valid.
Location: packages/bun/src/plugin.ts#L35-L40
Potential issue: The `@sentry/bun` package publishes both CJS and ESM builds. The CJS
build of `plugin.ts` uses `require()` to import the
`@apm-js-collab/code-transformer-bundler-plugins/bun` package. However, this dependency
is ESM-only and does not provide a CJS entry point. While Bun's runtime can handle this,
standard Node.js cannot and will throw an `ERR_REQUIRE_ESM` error. Since the
`package.json` exports the CJS build path, any user attempting to use this plugin in a
Node.js-based environment (like a CI pipeline running a build script with Node) will
encounter a runtime crash when `require('@sentry/bun/plugin')` is executed.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Use the orchestrion plugin defined in server-utils, and create a plugin that Bun can use in
bun buildmode.Note: this does not provide a plugin for use with
bun run, because that feature is blocked by oven-sh/bun#31770When that issue resolves, we can look into providing this for the bun runtime, likely with a version guard to avoid the footgun of removing CommonJS exports in some cases.