Comment by user34283

I speculate that I could indeed "vibe code" a better JS build integration because what they have does not make sense at a first look.

It appears they mixed JS building into their python project, aiming to support multiple package managers which are executed from their python script.

This explains the otherwise non-sensical explanation about bun < v2 ignoring the lockfile: they use a separate lockfile for each package manager. They did not check in one for bun v1, which they claimed to support, consequently it is not using a lockfile.

That's not how JS packaging normally works. I would set up a separate folder for the JS project, and use one package manager to build the project, like anyone else does.

Publish the package to npm, or bundle the tarball with your python program.

I guess the permission model of the JS runtime could be another topic, but at least they would have their build fixed without worrying about Node dependency resolution and package managers in their Python code.