This is a problem I'm pretty invested in so let's take a look.
If we add the list of dependencies from the modules this is what we get
anyhow = "1.0.98"
base64 = "0.22.1"
bytes = "1.10.1"
constcat = "0.6.1"
futures-channel = "0.3.31"
http = "1.3.1"
http-body = "1.0.1"
http-body-util = "0.1.3"
http-serde = "2.1.1"
hyper = { version = "1.6.0", features = ["client", "http1"] }
libc = "0.2.174"
nginx-sys = "0.5.0-beta"
ngx = { version = "0.5.0-beta", features = ["async", "serde", "std"] }
openssl = { version = "0.10.73", features = ["bindgen"] }
openssl-foreign-types = { package = "foreign-types", version = "0.3" }
openssl-sys = { version = "0.9.109", features = ["bindgen"] }
scopeguard = "1"
serde = { version = "1.0.219", features = ["derive"] }
serde_json = "1.0.142"
siphasher = { version = "1.0.1", default-features = false }
thiserror = { version = "2.0.12", default-features = false }
zeroize = "1.8.1"
Now vendoring and counting the lines of those we get 2,171,685 lines of rust. Now this includes the vedored packages from cargo vendor so what happens when we take just the dependecies for our OS. Vendoring for just x86 linux chops our line count to 1,220,702 not bad for just removing packages that aren't needed, but still alot. Let's actually see what's taking up all that space.
996K ./regex
1.0M ./libc/src/unix/bsd
1.0M ./serde_json
1.0M ./tokio/src/runtime
1.1M ./bindgen-0.69.5
1.1M ./tokio/tests
1.2M ./bindgen
1.2M ./openssl/src
1.4M ./rustix/src/backend
1.4M ./unicode-width/src
1.4M ./unicode-width/src/tables.rs
1.5M ./libc/src/unix/linux_like/linux
1.5M ./openssl
1.6M ./vcpkg/test-data/no-status
1.6M ./vcpkg/test-data/no-status/installed
1.6M ./vcpkg/test-data/no-status/installed/vcpkg
1.7M ./regex-syntax
1.7M ./regex-syntax/src
1.7M ./syn/src
1.9M ./libc/src/unix/linux_like
1.9M ./vcpkg/test-data/normalized/installed/vcpkg/info
2.0M ./vcpkg/test-data/normalized
2.0M ./vcpkg/test-data/normalized/installed
2.0M ./vcpkg/test-data/normalized/installed/vcpkg
2.2M ./unicode-width
2.4M ./syn
2.6M ./regex-automata/src
2.7M ./rustix/src
2.8M ./rustix
2.9M ./regex-automata
3.6M ./vcpkg/test-data
3.9M ./libc/src/unix
3.9M ./tokio/src
3.9M ./vcpkg
4.5M ./libc/src
4.6M ./libc
5.3M ./tokio
12M ./linux-raw-sys
12M ./linux-raw-sys/src
Coming in at 12MB we have linux raw sys which provides bindings to the linux userspace, a pretty reasonable requirement. LibC and tokio. Since this is async Tokio is a must have and is pretty much bound to rust at this point. This project is extremely well vetted and is used in industry daily.
Removing those we are left with 671,031 lines of rust
Serde is a well known dependecy that allows for marshalling of data types
Hyper is the curl of the rust world allowing interaction with the network
I feel like this is an understandable amount of code given the complexity of what it's doing. Of course to some degree I agree with you and often worry about dependencies. I have a whole article on it here.
https://vincents.dev/blog/rust-dependencies-scare-me/?
I think I'd be more satisfied if things get "blessed" by the foundation like rustls is being. This way I know the project is not likely to die, and has the backing of the language as a whole.
https://rustfoundation.org/media/rust-foundation-launches-ru...
I think we can stand to write more things on our own (sudo-rs did this) https://www.memorysafety.org/blog/reducing-dependencies-in-s...
But to completely ignore or not interact with the language seems like throwing the baby out with the bathwater to me
