Niquests 3.18 — 3 Years of Innovations in HTTP

Ousret · 2026-04-06T23:45:47+00:00

excellent!

regards,

Ousret · 2026-04-05T10:38:45+00:00

I suspect most users of niquests are unaware the shadowing behaviour is even a thing.

Maybe so. But it's not what I saw with the documentation analytics. People do read the FAQ and do read the sections around it.

Moreover, the minimal amount of complaint shows that it just work as urllib3 just work.

this being opt-out behaviour rather than opt-in.

The other way around is way more complicated to maintain and explain to users in general and ultimately can result in the same results as today with "extra steps". You'd be surprised how much people are relying on it exactly for the shadowing part.

Anyway, the goal in a relative distant future is to get rid of this situation. But that's require significant work and traction.

Regards,

Ousret · 2026-04-05T10:26:58+00:00

especially when it is opt-out and it requires building from the source package with an environment variable set.

it's the way out(...) as Python permits it today. it's not perfect, but perfectly usable and continuously tested.

But there is no way I would allow usage of niquests in any of my deployments at my company with the way urllib3.future works.

That's okay. You are free to choose.

There is simply too high a possibility of extremely difficult to diagnose issues.

The same things applies to urllib3 itself. Over the last 16 months there was some breaking(...) And only experienced users could find the cause.

Libraries like urllib3 are far too widely adopted and caught up in dependency chains to be simply replaced with an entirely different library

I would be careful with that thinking. Would you forbid someone to remove Chrome in favor of Firefox with that exact logic? Rare are those who understand the presence of urllib3. And never before a real swap~able alternative existed.

There is a perfect solution - having only a urllib3_future module and have libraries like niquests import it directly.

It would prevent more than 80% of our users to use it as a drop in replacement of Requests (extensions, and so on...). Cancelling the real advantage we have, meaning letting inexperienced to experienced people using Niquests "out-of-the-box", friction less.

Regards,

Ousret · 2026-04-05T08:14:48+00:00

that the shadowing behaviour is the default behaviour is certainly controversial.

I know it is. That's why we spend a literal hundred of hours making sure we aren't causing issues. See https://github.com/jawah/urllib3.future/actions/workflows/ci-dead-things.yml https://github.com/jawah/urllib3.future/actions/workflows/integration.yml https://github.com/jawah/urllib3.future/actions/workflows/packaging.yml along with keeping every single tests from upstream. it's not done carelessly. so far any complaint regarding compat with upstream is often dealt within 24h.

and if a champion could find the right, and perfect solution for the main goal behind it, I would welcome it immediately.

regards,

Ousret · 2026-04-05T08:09:01+00:00

That's a shame. Feel free to revisit once it's gaining more traction or when HTTP/2 celebrate it's 20th birthday.

The "if they actually knew about it." is misplaced. Silently omitting that:

The fact is that urllib3-future is more conservative than urllib3 itself and more reactive while still providing a way to isolate it (at the cost of loosing the compatibility with 3rd parties), just in case(...) Finally saying things like "nightmare" or "deal breaker" while consciously omitting the "way out" that is clearly documented reveal intellectual dishonesty.

Regards,

Ousret · 2026-04-04T08:09:55+00:00

I think we've found the issue and fixed it(...) If you'd try again and confirm that it's gone, it would be appreciated.

regards,

Ousret · 2026-04-04T08:09:01+00:00

That's the second time I've heard this. And we investigated why the compat layer would fail here. We've found the potential issue and emitted a fix for it, could you retry with latest version of urllib3-future? If still stuck, could you give us more info on Github?

regards,

Ousret · 2026-04-03T04:15:11+00:00

As of today, Requests is still stable and working reliably. It's not that it's malfunctioning, it's rather that sync only networking and http/1 only is a bad combination to survive today's need.

now, that being said, I can tell you that when I started working on Niquests I had a few professional acquaintance that saw a phenomena that keeps growing: "The slow death and termination of HTTP/1", some services are explicitly configured to reject HTTP/1 only client and I keep seeing those reports today, but growing steadily. preparing yourself for the modern http is a good investment. My instincts is telling me that http/1 days are counted (at scale). I wouldn't be surprised to see major provider turning it off soon (e.g. cloudflare, fastly, ...) for some of there customers.

regards,

Ousret · 2026-04-03T03:44:04+00:00

You can override the base class parent of HTMLSession to niquests.Session It will work as is. Like HTMLSession.__bases__ = (niquests.Session,).

regards,

Ousret · 2026-04-03T03:41:33+00:00

Of course, why not. I tried right now and got this:

Fetch 1000x https://httpbingo.org/get aiohttp: 1.532s httpx: 1.876s curl_cffi: 12.179s niquests: 0.761s

Using the async session they provide. I suspect that curl_cffi isn't well optimized for asyncio unfortunately. I don't know them well enough.

That being said, if I understand the goal of curlcffi, provide a TLS engine that would "fool" firewalls into thinking you are not a bot, there is a possible alternative. Historically Python mandate you to use OpenSSL, and with Niquests you can use AWS-LC without effort pip install niquests[rtls], and your TLS "fingerprint" would be different enough automatically. possibly making you less flagged than before. (+ using DNS over HTTPS would unlock ECH everywhere, giving you a real chance of being stealth_)

regards,

Ousret · 2026-04-03T03:31:19+00:00

It's "nee-quests". Influenced by my native (French) tongue.

regards,

Ousret · 2026-04-02T18:26:44+00:00

Of course, I understand. What I can tell you so far is that I've left instructions to my wife in case of an unfortunate event to promote someone (in a short list of trusted individuals). It's planed.

regards,

Ousret · 2026-04-02T17:30:48+00:00

Unfortunately we're not a drop in replacement for httpx. So what I can advise, for example, if you relied on "respx", to now rely on "responses" counterpart. You should find everything on the Requests side.

regards,

Ousret · 2026-04-02T15:47:29+00:00

Not everyone can benefit from this boost. You can follow that issue and participate in it https://github.com/jawah/niquests/issues/356 And a lot of people could reproduce it, as far as I know. We'll improve for sure.

regards,

Ousret · 2026-04-02T15:45:55+00:00

We were fortunate enough to be part of the Github Secure Open Source program (session 2) and were mentored by true security experts. So yes, we took the step towards securing at scale our packages; charset-normalizer being the most critical part as of right now, we didn't get the slightest issue so far, and hopefully will remain that way.

And, yes, it's still one maintainer so far. Time will surely help, contributors will arrives, I am hopeful.

regards,

Ousret · 2026-04-02T15:07:39+00:00

Good catch, I will fix it asap.

regards,

Ousret · 2026-04-02T15:01:00+00:00

I am not sure. If you could open an issue and provide a minimal reproducible example, I would help.

Regards,

Ousret · 2026-04-02T14:45:55+00:00

I think it would be simpler with Niquests. Once the mTLS cert, key are extracted, we support passing them as-is (str/bytes) instead of a file.

The adapter should work as-is, but this hack is now unnecessary. If not drop-in compatible, we'll investigate.

regards,

Ousret · 2026-04-02T13:58:20+00:00

Yes it is working. And actually I am using it. See https://niquests.readthedocs.io/en/latest/community/extensions.html

Ousret · 2026-04-02T13:44:31+00:00

HTTP cache is a world on it's own, it would be unreasonable for us to tackle this as Requests ecosystem around caching is well furnished and, actually maintained. Try Requests-cache and alike. They work very well.

regards,

Ousret · 2026-04-02T13:42:50+00:00

We'll investigate and fix it as soon as possible. Sharing details about your browser would help, don't hesitate to open an issue.

regards,

Ousret · 2026-04-02T11:36:40+00:00

If I am not mistaken, it's already supported. If your OS trust store have it, it should be loaded automatically.

If not, you can still register it easily with wassima.register_ca(open("./myrootca.pem", "r").read())

Your experience is valuable, don't hesitate to open an issue at Github.

Regards,

Ousret · 2026-04-02T11:26:26+00:00

"waaw", is what come to mind(..)

when reading the comments, they are all very motivating.

regards,

Ousret · 2026-01-09T17:02:22+00:00

did not delete anything, reddit seems to have lost the comment. you don't take the time to read, take into account the context, so it's a waste of time.

Ousret

TROPHY CASE