Curl website traffic Feb 2025

&gt; It seems to imply that a vast amount of it is not browser-based,<p>Given the number of CI pipelines I&#x27;ve seen which download package X and then install it, and do this every time the pipeline is run... I&#x27;m not surprised<p>Yes, one should be using some artifact caching solution. But I don&#x27;t think any of them are truly seamless, they all involve extra busywork in each pipeline to actually turn them on, and it isn&#x27;t surprising a lot of people don&#x27;t. Or else, people do set it up for <i>some</i> things in the pipeline (e.g. APT&#x2F;RPM, Maven, Gradle, PyPI, NPM, etc) but then there&#x27;s some random other thing it needs which just gets pulled in with wget or curl.

This is mind blowing. if such a huge majority uses their hosted CA bundle, that makes curl a very attractive target. All under the control of a single individual (I am not questioning his integrity, just saying too much reliance on a single project&#x2F;individual). We have seen such examples in past (e.g openssl)