A recent tweet from Theo, founder of t3.gg, has sparked significant discussion within the developer community by highlighting a stark contrast in the use of unsafe Rust code between two prominent projects: Bun's experimental Rust port and the Python package manager uv. According to Theo's post, the Bun Rust port currently contains over 681,000 lines of Rust code with more than 13,000 unsafe calls, while uv boasts 350,000 lines of Rust with only 73 unsafe calls.
The comparison underscores a fundamental difference in approach to Rust's memory safety features. unsafe blocks in Rust allow developers to bypass some of the language's strict compile-time checks, typically used for performance-critical code, foreign function interfaces (FFI), or direct memory manipulation. While necessary in certain scenarios, extensive use of unsafe can reintroduce potential for memory errors and undefined behavior, which Rust is designed to prevent.
The Bun project, a JavaScript runtime and toolkit, is reportedly exploring a port from its original Zig codebase to Rust. This experimental branch, named claude/phase-a-port, has been the subject of considerable debate, particularly as it is believed to be largely generated with the assistance of large language models (LLMs). Jarred Sumner, Bun's creator, clarified on Hacker News that this is an exploratory effort, stating, "We haven't committed to rewriting. There's a very high chance all this code gets thrown out completely. I'm curious to see what a working version of this looks like." The high number of unsafe calls in this AI-generated port suggests a direct translation from Zig's more C-like memory model, rather than an idiomatic Rust implementation that leverages its safety guarantees.
Conversely, uv, a Rust-powered Python package installer and resolver developed by Astral, is lauded for its speed and reliability. Designed as a drop-in replacement for pip and pip-tools, uv emphasizes performance while adhering closely to Rust's safety principles. Its minimal use of unsafe code reflects a deliberate design choice to maintain memory safety and prevent common programming errors, a key selling point for its adoption in the Python ecosystem.
The discussion surrounding these projects highlights ongoing conversations about the role of AI in code generation, the implications of unsafe Rust for project maintainability and security, and the differing philosophies in systems programming. While LLMs can rapidly translate large codebases, the resulting code may require significant human review and refactoring to align with the target language's best practices and safety standards. The substantial disparity in unsafe call counts between Bun's experimental port and uv serves as a tangible metric in this evolving technological landscape.
