Here's a question worth pondering: when is "unmaintained" not actually a problem?

This week, a frustrated developer sparked one of the most honest conversations about Rust's ecosystem maturity I've seen in months. Their concern? Too many crates haven't been touched in years, maintained by solo developers, while competitors like Go have corporate-backed libraries. The community's response revealed something fascinating about how Rust code ages differently.

Meanwhile, Cloudflare is proving that production Rust isn't just ready it's rewriting the rules. They're handling 90 million requests per second with 70% less CPU than nginx. And if you've ever wondered whether choosing between std::sync::Mutex and parking_lot actually matters, new benchmarks show the performance gap is way more nuanced than "just use parking_lot."

From internet-scale infrastructure to the hidden complexities of diagnostic rendering, this edition dives deep into what it really means to ship Rust in production.

Let's get into it.

How Cloudflare Handles 90 Million Requests Per Second with Rust

Ever wondered what it takes to handle a quarter of the internet's traffic? In a recent Rust in Production podcast episode, Cloudflare engineers Edward Wang and Kevin Guthrie share how they replaced nginx with Pingora, their Rust-based HTTP proxy.

The numbers are striking: 90 million requests per second with 70% less CPU and 67% less memory compared to their nginx infrastructure. The key? Moving from multi-process to multi-threaded architecture, enabled by Rust's memory safety guarantees.

Why It Works

nginx's process-based model couldn't share connections efficiently at Cloudflare's scale. Pingora leverages Tokio for async operations and integrates Rustls for TLS. The result: 5ms faster median TTFB and better resource utilization across hundreds of data centers.

Cloudflare open-sourced shellflip for graceful process restarts and uses DashMap for high-performance concurrent operations. They also built custom tooling for logging and metrics, critical when running Rust at internet scale.

The Community Impact

While Pingora is a framework requiring code, River a collaboration between Prossimo, Cloudflare, Shopify, and Chainguard, aims to be a ready-to-run nginx replacement with load balancing, KDL configuration, and WASM scriptability.

The takeaway? Async Rust handles internet-scale workloads, memory safety enables confident refactoring, and open sourcing core infrastructure elevates the entire ecosystem. If you're building network services in Rust, this episode is required listening.

The Secret Behind Rust's Beautiful Error Messages

If you've ever compiled Rust code, you know the feeling: an error message that doesn't just tell you what went wrong, but guides you toward the solution. Those beautifully formatted diagnostics? They're the result of over a decade of intentional design by hundreds of contributors.

And now, that same power is becoming available to everyone.

From Compiler to Ecosystem

Back in March 2019, someone proposed extracting the compiler's error formatting into a standalone crate. Enter annotate-snippets, created by Zibi Braniecki (ICU4X, Firefox i18n). Today, rustc is switching to use it by default, a six-year journey coming full circle.

As Jakub Beránek documented, those error messages represent "continuous design, implementation, review and testing by hundreds of contributors over ten years." Every colored highlight and helpful arrow required deliberate craft.

Now that capability is packaged as a general-purpose library, already used by ~9,000 projects. The integration work—handling rustc's complex needs, porting thousands of UI tests, fixing bugs has been meticulous, led by Scott Schafer (Muscraft).

What's Coming

The library supports Unicode decorations for even more polished output (try typos to see it in action). Once it's the standard renderer, the library can evolve independently of compiler releases, and the ecosystem gets consistent, high-quality diagnostics.

You might know miette, a full diagnostic framework. annotate-snippets is different it's purely the renderer, but battle-tested by rustc itself. As oli-obk noted: "use it and get pretty diagnostics instead of rolling your own."

Rust could have shipped "good enough" errors. Instead, the community invested a decade perfecting them. Now that investment multiplies across every tool that adopts annotate-snippets. Build something excellent once, then share it widely.

The Great Rust Maintenance Debate: When "Unmaintained" Doesn't Mean Broken

A heated Reddit discussion sparked honest conversations about what "maintenance" really means. The concern? Too many crates haven't been touched in years, maintained by solo developers, while Go has corporate-backed libraries. Add FFI wrappers around C libraries, and Rust's safety benefits feel like a facade.

But here's the twist: the community pushes back hard. User trailing_zero_count shared serde_json_any_key—500K downloads, no updates in 3 years, zero issues. Why update? It's done. fxhash went 8 years without changes because its hash algorithm simply didn't need updates. Safe Rust code doesn't rot like other languages.

The Reality Is More Complex

A comprehensive October 2025 analysis by Frank Denis reveals the other side: 45.2% of 200,000+ crates haven't been updated in 2+ years, and 249 abandoned dependencies exist in the top 1,000 most-downloaded crates. quickcheck: unmaintained 4.8 years, 52 dependents. fxhash? Now officially unmaintained, migrate to rustc-hash.

On FFI wrappers: yes, they depend on C, but battle-tested C libraries have decades of hardening. The Rust wrapper gives your application code, the untested part, memory safety guarantees. Even Python's popular libraries wrap C/C++. Pure Rust alternatives like russh (1.5M downloads) are emerging, just not at enterprise speed.

Stone Soup Economics

The uncomfortable truth: companies profit from volunteer-maintained open source while contributing little. The solution? "Fork, clone, maintain, push PR during work hours. Not for all crates, just one."

Long-term maintenance strategies matter: minimize dependencies, prefer 1.0+ crates, use Dependabot, budget time for upstream contributions. Use Go where it dominates (containerization). Use Rust where it excels (parsing, systems programming, web services).

The debate reflects Rust's adolescence. The language is mature; the ecosystem is maturing. The question isn't whether to use Rust, but whether your organization can participate not just extract.

Mutex Showdown: When parking_lot Beats std (And When It Doesn't)

Think all mutexes are created equal? A detailed deep-dive by Cuong Le reveals the choice between std::sync::Mutex and parking_lot is more nuanced than "just use parking_lot."

std wins by 9% in short-hold scenarios with moderate contention. parking_lot dominates elsewhere: 18.5% faster in bursty workloads, 261.6% higher throughput preventing monopolization, and 49x better fairness under heavy contention (3.67ms vs 188.73ms latency variation).

The starvation problem is dramatic: with one aggressive thread, std showed 95.3% variation in lock acquisitions—some threads barely got the lock. parking_lot: 1.9% variation. Why? std's futex uses "barging" (any thread grabs the lock), maximizing throughput but causing starvation. parking_lot implements "eventual fairness"—unfair for performance, but forces fair unlocks every ~0.5ms to prevent starvation.

Use std for: low-moderate contention, brief critical sections, no dependencies, debugging panics. Use parking_lot for: fairness guarantees, monopolization risk, bursty workloads, predictable latency. Performance isn't one-dimensional—sometimes fairness matters more than raw speed.

Snippets

• Ghosts in the compilation: debugging cargo-semver-checks build failures that users couldn't reproduce
• How Signal uses Rust to secure the communications of millions
• Building a CLI coding agent from scratch in Rust
• Rust Release 1.91.0

We are thrilled to have you as part of our growing community of Rust enthusiasts! If you found value in this newsletter, don't keep it to yourself — share it with your network and let's grow the Rust community together.

👉 Take Action Now:

• Share: Forward this email to share this newsletter with your colleagues and friends.

• Engage: Have thoughts or questions? Reply to this email.

• Subscribe: Not a subscriber yet? Click here to never miss an update from Rust Trends.
  
  

Cheers,
Bob Peters

Want to sponsor Rust Trends? We reach thousands of Rust developers biweekly. Get in touch!