upvote
> without having to rely on a bunch of external dependencies. Which in our highly regulated business would require security policies for each dependency explaining the risks, why we accept them and how we mitigate them.

How about the dependencies Bun is pulling? How did you ever managed to pass security policies with Bun which has so many segfaults that nobody even bothers to write CVEs for them.

reply
Cargo itself doesn't pull the dependencies, but yes to Rust's standard library being much more lean than Go. Bring your own HTTP, text templating, and such, but core data structures are provided.

Go gives you a bunch of goodies in the standard library.

Rust provides things like your build system, testing, and package management all together, which is what I assume OP meant.

reply