install: explain unsupported bun.lock version and suggest 'bun upgrade'

[robobun]

What

When bun install encounters a bun.lock written by a newer release, the error now tells the user what happened and what to do about it.

Before

2 |   "lockfileVersion": 2,
                         ^
error: Unknown lockfile version
    at bun.lock:2:22
UnknownLockfileVersion: failed to parse lockfile: 'bun.lock'

After

2 |   "lockfileVersion": 99,
                         ^
error: Unsupported lockfile version 99. This lockfile was likely created by a newer version of Bun. (This is Bun v1.4.0, which supports lockfile versions up to 2.)
    at bun.lock:2:22

note: Run 'bun upgrade' to update to the latest version of Bun
UnknownLockfileVersion: failed to parse lockfile: 'bun.lock'

The only way Version::from_int returns None is when the number is a valid non-negative integer above Version::CURRENT, so "created by a newer version" is always the right diagnosis here. The earlier branch that rejects negative / non-integer / non-numeric values ("Invalid lockfile version") is unchanged.

Verification

New test in test/cli/install/bun-lock.test.ts writes a bun.lock with lockfileVersion: 99, runs bun install, and asserts the message includes the found version, the "newer version of Bun" explanation, and the bun upgrade note.

bun bd test test/cli/install/bun-lock.test.ts -t "actionable error"   # pass
USE_SYSTEM_BUN=1 bun test test/cli/install/bun-lock.test.ts -t "actionable error"   # fail (old message)

[robobun]

^{Updated 3:34 PM PT - Jun 17th, 2026}

❌ @robobun, your commit 89d2923 has 1 failures in Build #63177 (All Failures):

• test/js/bun/terminal/terminal.test.ts - code 1 on 🍎 14 x64

---

🧪   To try this PR locally:

bunx bun-pr 32465

That installs a local version of the PR into your bun-32465 executable, so you can run:

bun-32465 --bun

[claude]

LGTM — straightforward error-message improvement with a test.

Extended reasoning...

Overview

This PR improves the error message shown when bun install reads a bun.lock whose lockfileVersion is higher than the running build supports. The change is in src/install/lockfile/bun.lock.rs (one error-emit site swapped from add_error to add_range_error_fmt_with_notes with a formatted message and a bun upgrade note) plus a new integration test in test/cli/install/bun-lock.test.ts.

I verified that lockfile_version_num is already constrained to a non-negative u32 by the preceding block (negative / fractional / non-numeric values hit InvalidLockfileVersion first), and Version::from_int exhaustively matches 0/1/2 — so the only way to reach this branch is a value ≥ 3, making the "created by a newer version of Bun" diagnosis and bun upgrade suggestion always accurate. The helper functions used (add_range_error_fmt_with_notes, bun_ast::range_data, bun_core::Global::package_json_version, Version::CURRENT as u32) all exist and are used the same way elsewhere in the codebase.

Security risks

None. This is a diagnostic-string change on an existing error path; control flow (returning ParseError::UnknownLockfileVersion) is unchanged and no new inputs are trusted.

Level of scrutiny

Low. It's a localized UX/error-message tweak following established logging patterns, with no behavioral change to install resolution. The test's exited == 0 expectation is correct because, absent fail_early, a lockfile parse error logs the message, warns "Ignoring lockfile", and proceeds — with empty dependencies that succeeds.

Other factors

The PR includes a targeted test asserting the new wording and the absence of the old "Unknown lockfile version" string. No outstanding reviewer comments, no prior reviews from me, and the bug-hunting system found nothing.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 7237b76b-e21a-47e0-8220-9da98fe37d85

📥 Commits

Reviewing files that changed from the base of the PR and between c79cf49 and 89d2923.

📒 Files selected for processing (1)

• test/cli/install/bun-lock.test.ts

---

Walkthrough

In parse_into_binary_lockfile, the generic "Unknown lockfile version" log entry is replaced with log.add_range_error_fmt_with_notes, which includes the unsupported version number, the current Bun version, the maximum supported lockfile version, and a "Run bun upgrade" note. A new CLI test validates this message shape against a bun.lock with lockfileVersion: 99.

Changes

Unsupported lockfile version error improvement

Layer / File(s)

Summary

Range-based error with upgrade note and CLI test src/install/lockfile/bun.lock.rs, test/cli/install/bun-lock.test.ts

parse_into_binary_lockfile now emits a ranged, formatted error via log.add_range_error_fmt_with_notes that includes the unsupported version, the current Bun version, the maximum supported lockfile version, and a note to run bun upgrade, while still returning ParseError::UnknownLockfileVersion. The CLI test writes a bun.lock with lockfileVersion: 99, runs bun install, and asserts stderr contains the upgrade guidance and does not contain the old generic wording.

Possibly related PRs

• oven-sh/bun#31539: Directly modifies the same Version::from_int handling path in src/install/lockfile/bun.lock.rs, adding V2 lockfile version support and changing version-gated parsing logic that this PR's error improvement sits adjacent to.

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically summarizes the main change: improving error messaging for unsupported bun.lock versions with actionable guidance.
Description check	✅ Passed	The description covers both required sections: 'What' explains the improvement with before/after examples, and 'How did you verify' details the new test added to validate the changes.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@test/cli/install/bun-lock.test.ts`:
- Around line 863-866: The test assertions for the lockfile version error
(around line 863-866) verify key text phrases but do not validate the version
details part of the diagnostic message (current Bun version and max supported
lockfile version). Add an additional expect assertion that checks for
version-related information in the err string, such as a pattern that matches
the current Bun version number and the maximum supported lockfile version
number, to prevent future regressions from silently dropping this important
diagnostic information.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: e7aa82d7-48f3-4186-bc38-e98b2cd2abc3

📥 Commits

Reviewing files that changed from the base of the PR and between 0c537fe and c79cf49.

📒 Files selected for processing (2)

• src/install/lockfile/bun.lock.rs
• test/cli/install/bun-lock.test.ts

[claude]

LGTM — focused error-message improvement on the unsupported-lockfile-version path, with a test.

Extended reasoning...

Overview

This PR touches two files: src/install/lockfile/bun.lock.rs (one error-path block in parse_into_binary_lockfile) and test/cli/install/bun-lock.test.ts (one new test). It replaces the terse "Unknown lockfile version" diagnostic with a formatted range error that names the found version, the running Bun version, the max supported lockfile version (Version::CURRENT as u32), and attaches a "Run 'bun upgrade'" note. Control flow is unchanged — it still returns ParseError::UnknownLockfileVersion, so the caller in install_with_manager.zig continues to print "failed to parse lockfile" / "Ignoring lockfile" and proceed (which is why the test correctly expects exit code 0 with empty dependencies).

I verified the referenced symbols exist with matching signatures: log.add_range_error_fmt_with_notes (src/ast/lib.rs:2017), bun_ast::range_data (src/ast/lib.rs:3104), bun_ast::Range::NONE (src/ast/lib.rs:1467), bun_core::Global::package_json_version (src/bun_core/Global.rs:433), and Version::from_int / Version::CURRENT (src/install/lockfile/bun.lock.rs:120-134). The PR's claim that from_int only returns None for values above CURRENT is accurate — the input is already a validated non-negative u32 by this point, and the earlier "Invalid lockfile version" branch handles non-numeric/negative cases.

Security risks

None. This is a diagnostic-string change on an error path; no parsing semantics, trust boundaries, or filesystem/network behavior change. The version number echoed back is the integer the user already wrote into their own bun.lock.

Level of scrutiny

Low. It only changes user-facing error text on an existing failure path, the return value is identical, and the new call uses an established log helper already used elsewhere (e.g. js_parser/p.rs). The test's toMatch(/This is Bun v\\d+\\.\\d+\\.\\d+/) is robust to the -debug / canary suffix because toMatch does not anchor.

Other factors

The CodeRabbit suggestion to assert the version-details clause was addressed in 89d2923 with two regex assertions; that thread is resolved. No CODEOWNERS cover src/install/lockfile/. The robobun comment shows uniform build-rust failures across many platforms on c79cf49 — given the empty "ci: retrigger" commit and the fact the checked-out Rust is well-formed against current bun_ast/bun_core APIs, that reads as infra rather than a code defect; CI being green is a merge gate, not a code-review blocker for this change.

[robobun]

CI status for 89d2923 (build #63177):

• The new test in test/cli/install/bun-lock.test.ts passes on every lane.
• The only error-level failure is test/js/bun/terminal/terminal.test.ts timing out on darwin-14-x64 ("creates subprocess with terminal attached", 90s timeout). That's a PTY test unrelated to this lockfile error-message change.
• Everything else is in the flaky bucket (install-registry peer hoisting, docker-build, napi GC, solc, streams-leak, http backpressure, and the test/package.json install-step timeouts).

The previous run (#63166) failed only on v8-heap-snapshot.test.ts SIGKILL plus the same flaky bucket. Neither run hit anything touched by this diff. Ready to merge from my end.

[KilianB]

This message gives slightly misleading advise when the lock file is only valid via the canary version