Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Necessity for usage of bytedance/sonic. #4139

Closed
Etherdrake opened this issue Jan 15, 2025 · 1 comment
Closed

Necessity for usage of bytedance/sonic. #4139

Etherdrake opened this issue Jan 15, 2025 · 1 comment

Comments

@Etherdrake
Copy link

Etherdrake commented Jan 15, 2025
edited
Loading

Is it truly necessary for Gin to use bytedance/sonic as a dependency, given that it is written mostly in C and ASM. I worry about the security of this dependency and whether it could be used for supply-chain attacks.

It also depends on https://github.com/cloudwego/iasm which is a rather obscure package. Furthermore, sonic does not seem to produce tangible speed improvements over other packages such as simdjson.
@Etherdrake
Copy link
Author

Closing this as https://github.com/cloudwego/iasm and https://github.com/cloudwego/base64x look safe.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Etherdrake