chore: standardize on bun for dev and CI

[jcstein]

Summary

Settles on bun as the single build/runtime tool for dev and CI, per the decision in #150.

• README: yarn → bun commands, documents bun as the package manager
• CI (deploy.yml, lint.yml): actions/setup-node + yarn → oven-sh/setup-bun@v2 + bun install --frozen-lockfile; lint steps run via bun run <script>
• package.json: lint/typecheck/format moved into scripts so CI and devs always use the locked local bins; the pagefind step is chained explicitly into build — bun does not auto-run post* lifecycle scripts (yarn v1 did), so the old postbuild would have silently stopped running and broken search
• prettier added as a pinned devDependency (it was never declared — npx/bunx just fetched latest)
• Removed yarn.lock and .npmrc (npm-specific)
• Regenerated bun.lock from scratch. The committed one was migrated from yarn.lock, leaving tarball-URL resolutions with empty metadata — on a clean install bun linked only 7 of ~40 binaries. node_modules/.bin/tsc didn't exist, so CI's tsc fell through to the GitHub runner's global TypeScript 6, which rejects the deprecated baseUrl in tsconfig (TS5101). pagefind's bin was missing too, which would have broken the Pages deploy the same way after merge.
• nextra pinned to ~4.5.0 (resolves 4.5.1): the fresh lockfile resolve pulled in nextra 4.6.1, whose stricter component validation breaks prerendering several pages (expected nonoptional, received undefined → at children). Upgrading nextra belongs in its own PR.

Note on resolutions

bun warns that it ignores the nested yarn-style resolutions (e.g. @eslint/config-array/minimatch). The flat ones are honored, and the nested ones resolve to the same patched versions anyway, so they're left in place as documentation of the security pins.

Verification (clean room: rm -rf node_modules + bun 1.3.14, same as CI)

• bun install --frozen-lockfile ✅ — all bins link
• bun run lint / bun run typecheck / bun run format:check ✅
• bun run build ✅ — static export + pagefind index lands in out/_pagefind
• Lint CI green on the PR ✅

⚠️ The deploy workflow only runs on push to main, so the bun-based Pages deploy gets its first real run after merge — worth watching that one deploy.

Closes #150

🤖 Generated with Claude Code

[nuke-web3]

 bun install
bun install v1.1.29 (6d43b366)
  🚚 @solana/rpc-api [3381/3381]

this one was hanging for me on first bun install but resolved when I tried again... but why do we have that as a dep at all? Maybe we need an audit of deps too in this PR?

Otherwise LTGM

[nuke-web3]

Also afaik we should commit bun.lockb that is missing in the PR, I rebased on this PR branch in #146 that includes that lockfile

[jcstein]

Replying to both comments:

Re: @solana/rpc-api — good catch to question it, but it's transitive, not direct:

wagmi → @wagmi/connectors → @base-org/account (Coinbase's Base wallet SDK)
      → @coinbase/cdp-sdk → @solana/kit → @solana/rpc-api

@wagmi/connectors ships every wallet connector, and the Coinbase/Base one supports Solana, so its SDK lands in node_modules. We only use the injected connector (app/providers.tsx), so none of it reaches the client bundle — install-time weight only, and not removable without dropping wagmi. Our direct deps are lean (16 + 8 dev, all used); the 3381-package tree is just the wagmi/viem ecosystem. A proper dep audit is worth doing but orthogonal to this PR — happy to open a follow-up issue.

Re: bun.lockb — the lockfile is committed: it's bun.lock, the text format that replaced binary bun.lockb as the default in bun 1.2 (better diffs, mergeable). Your paste shows bun 1.1.29, which predates the text format and silently ignores bun.lock — that's also exactly why your first install hung: it did a full cold resolve of all 3381 packages, unpinned. bun upgrade fixes both (CI uses latest). We shouldn't commit both formats — two lockfiles that can silently drift apart, with which one wins depending on bun version.

The bun.lockb in #146 was generated by the old bun, so it should be dropped on rebase. Added a README note about the >= 1.2 requirement in 10f7c0a.