Audit ureq

[Shnatsel]

ureq is a minimal HTTP request library that has a small dependency tree with minimal amounts of unsafe in it (aside of smallvec).

Unlike the more complex solutions, it is a good candidate for an Actually Secure™ HTTP client. It also survived the test of downloading the frontpages of the top million websites without crashes or hangs - while reqwest and even curl failed.

Right now ureq has 3 unsafe blocks of its own.

[Shnatsel]

PR removing the last of unsafe code is open: https://github.com/algesten/ureq/pull/31

[Lokathor]

Is this a tinyvec canidate?

[Shnatsel]

It has a transitive dependency on smallvec via unicode-normalization. So it is, but indirectly.

[Ten0]

There has even been a benchmark for transition to tinyvec: https://pastebin.com/zJnMAGrk

Source: https://medium.com/@shnatsel/smoke-testing-rust-http-clients-b8f2ee5db4e6

[waldyrious]

@Shnatsel https://github.com/algesten/ureq/pull/31 has been fixed via https://github.com/algesten/ureq/pull/68! 🎉