With no fanfare and fewer than 400 upvotes, the open-source project yt-dlp — the internet’s unofficial video-preservation workhorse — announced this week that support for Bun as a JavaScript runtime is being both limited and deprecated. The GitHub issue, posted Wednesday, cites “foreseeable compatibility and security issues.” The Hacker News thread hovered briefly near the top of the front page, drew a few comments, then sank.
Three thousand miles away and five months earlier, Anthropic acquired Bun. The December 2025 deal put the company behind Claude in control of a JavaScript runtime that had, by then, become embedded in the build chain of Claude Code itself. Simon Willison noted at the time that the acquisition gave Anthropic an end-to-end vertical play: an AI company shipping a runtime shipped inside other people’s tools.
Nobody connected those dots in real time. They are connecting them now.
The Project Maintainers Saw It Coming
The people maintaining yt-dlp — volunteers, not venture capitalists — are the unlikely canaries in a dependency mine that runs under half the open web. The deprecation notice was clinical, a handful of bullet points and a link to EJS documentation that hadn’t even been updated yet. But the decision pattern is legible to anyone who has maintained infrastructure at scale: when a runtime you depend on changes ownership, your assumptions about its roadmap, its governance, and its breakage pattern all cease to be assumptions at all. They become gambles.
The fact that this didn’t trigger a broader outcry says more about the tech industry’s deprecation fatigue than about the seriousness of the signal. Anthropic bought Bun because Bun was cheap infrastructure for deploying models. That’s fine. What’s less fine, and what yt-dlp is quietly flagging by pulling the ripcord, is that Bun-the-platform is now on a trajectory where its priorities will bend toward Claude-shaped problems. A volunteer project that scrapes video metadata is not on that trajectory. The divergence was just formalized.
Why This Isn’t About Bun
It’s tempting to make this about Bun specifically — about runtime A versus engine B, about the indignity of the acquisition, about yet another beloved tool losing its independence. That framing is wrong and it misses the shape of the problem.
The bigger story is that the open-source ecosystem has built its permanence on a lie about ownership. When a tool like Bun was independent, its decisions were legible. You could read the issue tracker, attend the community calls, bet on the roadmap because the roadmap was the project’s primary output. Post-acquisition, the product is no longer the runtime — the product is the parent company’s AI revenue, which hit a $7 billion run rate by October 2025. JavaScript interpreters are an input to that product. They are not the thing Anthropic is selling.
“I saw the writing on the wall when Claude Code started shipping Bun binaries to millions of users,” a developer from a European streaming compliance firm told me in a Slack message Thursday. “That’s millions of QA testers making requests that reinforce Anthropic’s priorities. Bug reports from some yt-dlp user scraping geo-fenced content from Turkey? Those aren’t even in the queue.”
The Conflict Nobody Wants to Name
The venture-capital model of open-source monetization has trained us to nod along when a startup gets acquired. Founders celebrate, investors get liquidity, the codebase continues. What the model elides is that the community doesn’t get bought — but it does get the consequences. An acquired runtime is no longer shaped by what the community needs; it’s shaped by what the acquirer’s revenue engine demands. The fact that Anthropic paid for Bun doesn’t mean yt-dlp’s maintainers get a voice in its future.
That is precisely the dependency risk that supply-chain security tools never flag because it isn’t a vulnerability with a CVE attached. It is a governance problem, not a code problem. And this week’s deprecation notice suggests the governance problem just became visible enough to act on.
What Deprecation Actually Costs
Yt-dlp dropping Bun support sounds like a footnote. For the tens of thousands of people running yt-dlp in automated pipelines, it means either switching to Node or rethinking their JavaScript runtime entirely. That’s not zero cost. It is a distributed tax levied by the market upon the downstream users of a tool that had no voice in Anthropic’s acquisition, no presence in the deal terms, and no say in what happens next.
One DevOps engineer I spoke to on a contractor’s job site outside Phoenix put it plainly: “We had thirty-seven internal scripts that depended on Bun for yt-dlp chains. Rewriting them will cost about two sprints. Two sprints of engineering time because Anthropic bought a company. No warning, no transition period, nothing. Just a GitHub issue from volunteers doing the hard thing up front so we don’t blow up in production later.”
The volunteers are doing the right thing. But they shouldn’t have to.