Migrate test suite and dev toolchain to Bun

.github/dependabot.yml

@@ -5,7 +5,7 @@
 
 version: 2
 updates:
-  - package-ecosystem: "npm" # See documentation for possible values
+  - package-ecosystem: "bun" # See documentation for possible values
     directory: "/" # Location of package manifests
     schedule:
       interval: "weekly"

.github/workflows/pr.yml

@@ -1,42 +1,29 @@
 name: PR Build
 on: pull_request
 jobs:
-  code-quality:
+  build-test:
     runs-on: ubuntu-latest
     timeout-minutes: 5
     steps:
       - uses: actions/checkout@v6
-      - uses: actions/setup-node@v6
+      - uses: oven-sh/setup-bun@v2
         with:
-          node-version: lts/*
-      - run: npm ci
-      - run: npm run build
-      - run: npm run lint
-      - run: npm run format:check
+          bun-version: 1.3.11 # match packageManager in package.json
+      - run: bun ci
+      - run: bun test
+      - run: bun run build # sanity-check tsc still passes
+      - run: bun run lint
+      - run: bun run format:check
 
   # Fails the PR on high/critical CVEs in production dependencies.
-  # --omit=dev is required: known devDep findings (mocha/sinon transitive chain)
-  # are tracked separately in #22 and would otherwise cause spurious failures.
-  # If a production transitive CVE ever becomes unfixable, consider layering
-  # an allowlist tool (audit-ci, better-npm-audit) on top of this step.
+  # Replaces the npm audit job added in #36 (known devDep findings
+  # tracked in #22; --prod scopes to production deps only).
   security:
     runs-on: ubuntu-latest
     timeout-minutes: 5
     steps:
       - uses: actions/checkout@v6
-      - uses: actions/setup-node@v6
+      - uses: oven-sh/setup-bun@v2
         with:
-          node-version: lts/*
-      - run: npm audit --omit=dev --audit-level=high
-
-  test:
-    runs-on: ubuntu-latest
-    timeout-minutes: 5
-    steps:
-      - uses: actions/checkout@v6
-      - uses: actions/setup-node@v6
-        with:
-          node-version: lts/*
-      - run: npm ci
-      - run: npm run build
-      - run: npm test
+          bun-version: 1.3.11
+      - run: bun audit --prod --audit-level=high

CONTRIBUTING.md

@@ -37,10 +37,26 @@ Before submitting code, verify it works in:
 - Ensure all existing tests pass
 - If your change affects browser/edge compatibility, note this in the PR
 
+### Toolchain
+
+This project uses [Bun](https://bun.sh) as its test runner and package manager. Install Bun before running any commands below:
+
+```bash
+curl -fsSL https://bun.sh/install | bash
+```
+
+Then:
+
+```bash
+bun install       # install dependencies
+bun test          # run the test suite
+bun run build     # build lib/ via tsc
+```
+
 ### Code Style
 
-- Run `npm run lint` before submitting
-- Run `npm run format` to format code with Prettier
+- Run `bun run lint` before submitting
+- Run `bun run format` to format code with Prettier
 - TypeScript is preferred for new code
 
 ## Issue Expiration

Readme.md

@@ -1,3 +1,22 @@
+<!-- START doctoc generated TOC please keep comment here to allow auto update -->
+<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
+
+- [fetch-soap](#fetch-soap)
+  - [Features](#features)
+  - [What's Different from node-soap](#whats-different-from-node-soap)
+  - [Installation](#installation)
+  - [Basic Usage](#basic-usage)
+  - [API Documentation](#api-documentation)
+    - [Creating a Client](#creating-a-client)
+    - [Calling Methods](#calling-methods)
+    - [Security](#security)
+  - [Migration from node-soap](#migration-from-node-soap)
+  - [Contributing](#contributing)
+  - [License](#license)
+  - [Acknowledgments](#acknowledgments)
+
+<!-- END doctoc generated TOC please keep comment here to allow auto update -->
+
 # fetch-soap
 
 A universal SOAP client using the Fetch API - works in browsers, edge runtimes (Cloudflare Workers, Vercel Edge, Deno), and Node.js.
@@ -22,6 +41,12 @@ A universal SOAP client using the Fetch API - works in browsers, edge runtimes (
 
 ```bash
 npm install fetch-soap
+# or
+bun add fetch-soap
+# or
+pnpm add fetch-soap
+# or
+yarn add fetch-soap
 ```
 
 ## Basic Usage
@@ -94,7 +119,7 @@ fetch-soap aims to be a drop-in replacement for node-soap's client functionality
 
 ## Contributing
 
-Contributions are welcome! Please see [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
+Contributions are welcome! The project uses [Bun](https://bun.sh) as its test runner and package manager — see [CONTRIBUTING.md](CONTRIBUTING.md) for setup and guidelines.
 
 ## License
 

eslint.config.mjs

@@ -6,7 +6,7 @@ export default tseslint.config(
   eslint.configs.recommended,
   ...tseslint.configs.recommended,
   {
-    ignores: ['lib/', 'node_modules/', 'test/'],
+    ignores: ['lib/', 'node_modules/', 'test/', 'docs/'],
   },
   {
     plugins: {