Bun disables post-install scripts by default and one can explicitly opt-in to trusting dependencies in the package.json file. One can also delay installing updated dependencies through keys like `minimumReleaseAge`. Bun is a drop-in replacement for the npm CLI and, unlike pnpm, has goals beyond performance and storage efficiency.

Not sure what your analogy is trying to imply.

The suggestion was to use pnpm, and I'm suggesting something I prefer more than pnpm.

Except trying it out takes a minute and costs nothing.