Summary
Using @wgtechlabs/secrets-engine in a package that is built for Node and published to npm can fail at runtime because the package imports bun:sqlite.
In practice this makes the package Bun-only for bundled Node CLI releases, even when the consumer application itself targets Node.
Repro
Consumer build:
bun build src/index.ts --outfile dist/index.js --target node
node dist/index.js --version
Actual result
Node fails during module loading with:
Error [ERR_UNSUPPORTED_ESM_URL_SCHEME]: Only URLs with a scheme in: file, data, and node are supported by the default ESM loader. Received protocol 'bun:'
Why this matters
I hit this in a released npm CLI because Bun bundled the dependency graph into a Node-targeted artifact, and the resulting build still contained bun:sqlite imports.
That means the package is not currently safe to consume from a published Node CLI unless the consumer is also effectively Bun-only.
Expected result
One of these should happen:
- The package provides a Node-safe backend or conditional runtime adapter.
- The package clearly documents that it is Bun-only.
- The package exposes a storage abstraction that allows Node consumers to avoid bundling
bun:* imports.
Notes
I am happy to help test a fix from the consumer side.
Summary
Using
@wgtechlabs/secrets-enginein a package that is built for Node and published to npm can fail at runtime because the package importsbun:sqlite.In practice this makes the package Bun-only for bundled Node CLI releases, even when the consumer application itself targets Node.
Repro
Consumer build:
Actual result
Node fails during module loading with:
Why this matters
I hit this in a released npm CLI because Bun bundled the dependency graph into a Node-targeted artifact, and the resulting build still contained
bun:sqliteimports.That means the package is not currently safe to consume from a published Node CLI unless the consumer is also effectively Bun-only.
Expected result
One of these should happen:
bun:*imports.Notes
I am happy to help test a fix from the consumer side.