This is like saying "use MacOS and you won't get viruses" in the 2000s

Bun disables post-install scripts by default and one can explicitly opt-in to trusting dependencies in the package.json file. One can also delay installing updated dependencies through keys like `minimumReleaseAge`. Bun is a drop-in replacement for the npm CLI and, unlike pnpm, has goals beyond performance and storage efficiency.

Not sure what your analogy is trying to imply.

Which was for the most part true.

The suggestion was to use pnpm, and I'm suggesting something I prefer more than pnpm.

Except trying it out takes a minute and costs nothing.