seanmonstar

Jan 27 2026

2025 in review

Come along with me as I review the past year. Heh, I often start these kinds of posts right at the start of the year, but it takes a few weeks longer than I ever expect to think them through.1

Two years of being independent

After a second year of operating as an independent open source maintainer, it’s starting to feel more normal.

In terms of personal execution, it felt pretty fantastic, actually. Thanks to high-touch conversations from my retainers, I knew what was needed; there was an underlying trend. And I was able to spec out a grant that made a project out of that trend. All while managing to do the necessary maintenance work that the ecosystem requires. Granted, it did occasionally feel like a conflict of priorities, but that’s life.

Honestly, though, I wasn’t so sure when trying to plan this all out initially.

Maintaining hyper

Perhaps the biggest deal for hyper this year was launching our first user survey. I’ve thought of doing it a few times over the years, but finally remembered in Q4 to launch it. Thanks to all who answered! I’ve looked through the results, and I think this will be extremely useful. Some stats real quick: 96% of respondents have upgraded to hyper v1.x, most commonly combine it with Tokio (99%) and rustls (92%).2 A proper analysis coming soon!

katelyn martin joined us as a collaborator, and has continued to be a multiplier with kind reviews and maintenance glue. And general maintenance doesn’t stop, including growing security reports (more below).3

Besides all that, I took on a larger project for the year. You see, after updating the roadmap at the end of the previous year, I started to focus on one of the four defined areas: improved hyper-util. This lined up with what many have been asking for.

I did that by modularizing parts out of reqwest.

Modularizing reqwest

Most of my year was spent on modularizing reqwest. Or, from another angle, giving back the building blocks that reqwest has accumulated over the years. A lot of functionality that people rely on in reqwest started life as internal glue, and this was the year I finally pulled many of those pieces out into places where the rest of the ecosystem could use them too. Between reqwest and hyper‑util, that work ended up producing quite a few releases: 14 for reqwest itself, and 8 for hyper‑util.

Ages ago, I added a bunch of features that you expect any client to have directly into reqwest. Later, as tower-http grew, it copied some of those same features. Meanwhile, reqwest was used in weirder and weirder places, so we hardened those features, and tossed in some tests to check for the weird. But tower-http never saw any of that.

This year, we completely tossed the redirect and decompression code from reqwest, depended on the tower-http pieces, and then allowed the test suite to find the difference. The tower-http layers got those fixes backported, and now everyone benefits.

We also created new things, but still modular.

Easier retries were added to reqwest, making use of the lower-level pieces in tower. I’m still interested in ways to improve the feature, so more people can use retries more safely.

reqwest has grown extensive support for connection proxies. But an increasingly common pattern was people using reqwest only for the proxy support; they didn’t need any other feature. So I extracted proxy matchers and proxy connectors (tunnel, socks) into hyper-util.

The largest piece was designing and implementing composable pools for hyper-util. In many ways, this was my highlight of the year. It’s a problem I’ve been thinking about since … 2018? I’d done a lot of research throughout the years, and never found anything quite like it. Now, it’s not quite “done”, but it’s a base that allows a lot of new layers and compositions to be explored.

To end the year, we released v0.13 with rustls as default. It’s a big improvement for most people. But. I am not currently happy with how difficult it is to build the defaults on some other targets (Windows, Cranelift, cross-compiling). I want that fixed. Maybe that’s improvements to upstream aws-lc-rs; it looks like it’s already been improved to not need cmake. Or maybe we use a different default crypto provider on some targets.

The value of deadlines

The work on composable pools was hard. The reason it had taken me years to finally try was that I wasn’t sure about some of the design. After staring hard at it during the summer, I did solve some of the questions. But there was one problem towards the end that consumed another month or so of staring. And this time, I couldn’t stop staring.

With a hard deadline set, however, there was no possibility of waiting longer. Instead, I had to settle with shipping what I had, and accepting that it can always be better.

And that’s also the beauty of deadlines: they keep you user-driven. As long as I’m staring hard at a problem, holding back shipping, users have nothing. But software doesn’t need to be shipped all at once. It’s a lesson I’ve learned before, and yet it pops up to, uh, delight me over and over.

I feel like I go through waves: I hate setting a deadline, and many times feel disappointed at not shipping all the glory that was in my head. But I always appreciate that at least they got something.

Security takes time

We take security seriously, and the amount of reports we receive is slowly increasing. This past year, we had a 8 in total, including our first AI slop report (yay!).

The biggest one resulted in a large coordinated disclosure event. But hyper was just fine.

That didn’t stop it from being stressful trying to handle reports while simultaneously sticking to feature deadlines.

It is a reminder, though, that this is often urgent and important work that must be handled, but that traditional pay-for-features doesn’t support. Sponsorships and retainers make this sort of maintenance much more sustainable.

Talks

On the 10th anniversary of Rust 1.0, I gave a talk for the Rust for Lunch meetup. It was sort of ‘lessons using Rust for 10 years’, but also ‘why you should consider Rust’.

And I did a podcast episode on Netstack.FM, discussing the history of Rust’s networking ecosystem.

Pondering

Last year, I liked just sharing some questions I’m thinking about. It wasn’t a promise to work on them actively, but I look at them from time to time to see if there’s something that I can tackle soon.

Here’s just a few things I’m thinking about at the start of 2026:

  • How do I balance keeping up with LLM advances while keeping my mind and skills sharp?
  • How far can one reasonably go with typestate builders, considering ergonomics and correctness?

I wonder.

  1. See some previous yearly reviews: 2024, 2023, 2022, 2021

  2. Though a significant amount also use other runtimes and TLS libraries. As mentioned, more coming soon. 

  3. There were three feature releases of hyper and two of http, bringing support for things like on_informational and constants for EARLY_HINTS. There was also five bug fix releases of h2, hardening the HTTP/2 story for Rust. 

  • #yearly
  • #rust
  • #open-source
  • #hyper
  • #hyper-util
  • #reqwest