New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

barejs

Package Overview
Dependencies
Maintainers
1
Versions
57
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

barejs

High-performance JIT-specialized web framework for Bun

latest
Source
npmnpm
Version
0.1.47
Version published
Weekly downloads
7
-70.83%
Maintainers
1
Weekly downloads
 
Created
Source

BareJS

The "Metal" of Web Frameworks

An ultra-high-performance web engine built for Bun, architected strictly for Mechanical Sympathy.

NPM Version Performance Bun Version License

📊 Benchmarks: Real-World Performance

BareJS leads in complex, real-world scenarios. We measure engine efficiency using a stress test involving 10+ middlewares and deep radix tree routing to ensure performance holds under high concurrency.

FrameworkLatencySpeed
BareJS1.79 µsBaseline
Elysia2.44 µs1.36x slower
Hono9.86 µs5.52x slower

Last Updated: 2026-01-14 (github action)

[!TIP] **View our Continuous Benchmark Dashboard** for historical data and detailed performance trends.

🚀 Key Features

  • JIT Pipeline Compilation: Routes and middleware chains are flattened into a single function at runtime.
  • Object Pooling: Recycles Context objects via a circular buffer, drastically reducing GC pressure.
  • Internal High-Performance Logger: Zero-overhead logging integrated directly into the JIT engine.
  • Precise Radix Router: v0.1.46 introduces optimized segment matching for deep-nested paths.
  • Mechanical Sympathy: Intentionally designed to align with V8's optimization and Bun's I/O.

🛠️ Installation

bun add barejs

The "Bare" Minimum

import { BareJS, type Context } from 'barejs';

const app = new BareJS();

// Enable Internal Logger
app.useLog(true);

app.get('/', (ctx: Context) => ctx.json({ hello: "world" }));

app.listen(3000);

📘 Comprehensive Guide

1. ⚡ Standardized Response & Chaining

BareJS v0.1.46 provides a fluent API for building responses.

app.get('/api/v1/health', (ctx: Context) => {
  // Chainable status and standardized send helper
  return ctx.status(200).send("System is healthy", { 
    uptime: process.uptime() 
  });
});

// Output: { "status": "success", "msg": "System is healthy", "uptime": ... }

2. 🛡️ Security & Authentication (Dual-API)

import { bareAuth, createToken, Password, Hash, type Context } from 'barejs';

const SECRET = process.env.JWT_SECRET || "your-secret";

app.post('/register', async (ctx: Context) => {
  const body = await ctx.jsonBody();
  
  // High-performance Argon2id Hashing (64MB default)
  const hash = await Password.make(body.password); 
  
  // Verify with ease
  const isValid = await Hash.verify(body.password, hash);
  
  if (isValid) {
    const token = await createToken({ id: 1 }, SECRET);
    return { token };
  }
});

// Protect routes with built-in JWT middleware
app.get('/me', bareAuth(SECRET), (ctx: Context) => {
  return ctx.send("Authenticated", { user: ctx.get('user') });
});

3. ✅ Data Validation (3 Styles)

BareJS is the only engine that offers JIT-optimized validation paths.

import { typebox, zod, native, t, type Context } from 'barejs';
import { z } from 'zod';

// Style A: TypeBox (JIT Optimized - Recommended)
// Pre-compiled validation to outperform competitors by 55%
const Schema = t.Object({ name: t.String() });
app.post('/user', typebox(Schema), (ctx) => ctx.json(ctx.body));

// Style B: Zod (Industry Standard)
const ZodSchema = z.object({ age: z.number() });
app.post('/age', zod(ZodSchema), (ctx) => ctx.json(ctx.body));

// Style C: Native (Zero Dependency - Simple Checks)
app.post('/native', native({ properties: { id: { type: 'number' } } }), (ctx) => ctx.json(ctx.body));

4. 🔌 Essential Middleware

import { cors, staticFile } from 'barejs';

app.use(cors());
app.use(staticFile("public"));

🧠 Context API

Method / PropertyDescription
ctx.reqRaw incoming Bun Request object.
ctx.paramsRoute parameters (e.g., :id).
ctx.jsonBody()[Async] Parses and caches JSON body for performance.
ctx.status(code)Sets the HTTP status code (Chainable).
ctx.send(msg, ext)Returns a standardized JSON response.
ctx.json(data)Returns an optimized raw JSON response.
ctx.setHeader(k, v)Sets a response header.
ctx.set / ctx.getManual storage within the request lifecycle.

⚙️ Performance Tuning

OS Variable / FileDefaultDescription
bare.config.ts-Centralized config for Port and Hash algorithms.
BARE_POOL_SIZE1024Context pool size (Must be Power of 2).
NODE_ENVdevelopmentSet to production to enable peak JIT optimizations.

Maintained by xarhang | License: MIT

Keywords

bun
framework
fastest
jit
typebox
zod

FAQs

Package last updated on 14 Jan 2026

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Supply Chain Attack on Axios Pulls Malicious Dependency from npm

Research

Supply Chain Attack on Axios Pulls Malicious Dependency from npm

A supply chain attack on Axios introduced a malicious dependency, plain-crypto-js@4.2.1, published minutes earlier and absent from the project’s GitHub releases.

By Socket Research Team  -  Mar 31, 2026