For bun users

aube can install directly from Bun lockfiles. You do not need to delete bun.lock or remove node_modules before trying aube.

Start from the Bun lockfile

aube install

aube reads and updates the text-format bun.lock at lockfileVersion: 1 in place and installs packages into node_modules/.aube/.

aube does not read Bun's older binary bun.lockb format. Projects still on bun.lockb can generate the text lockfile with a modern Bun once:

bun install --save-text-lockfile

Commit the resulting bun.lock and drop bun.lockb before switching to aube.

Keep Bun working during rollout

Commit the updated bun.lock so both Bun and aube users see the same resolved versions. You do not need aube import for a normal rollout; aube install keeps bun.lock as the shared source of truth.

Use aube import only if the team intentionally wants to convert the project to aube-lock.yaml. After import succeeds, remove bun.lock so future installs keep writing aube-lock.yaml.

Differences from Bun

• aube keeps package files in a global content-addressable store.
• aube produces an isolated symlink layout under node_modules/.aube/ rather than Bun's hoisted tree.
• aube does not manage a JavaScript runtime. Use mise (mise use node@22) if you need a Node version alongside or in place of Bun.
• Dependency lifecycle scripts (preinstall, install, postinstall) are gated by an allowlist. aube reads Bun's top-level trustedDependencies array in addition to pnpm's pnpm.allowBuilds / pnpm.onlyBuiltDependencies, so an existing Bun manifest keeps running its install scripts without edits. aube approve-builds writes new entries into pnpm-workspace.yaml's onlyBuiltDependencies; a package in pnpm.neverBuiltDependencies is denied even if it appears in trustedDependencies.

Reference: bun install