Show HN: Xmloxide – an agent made rust replacement for libxml2

The internet’s longtime XML/HTML engine, libxml2, went unmaintained with known security issues — and now an AI-assisted Rust remake called xmloxide bursts in claiming memory safety and a perfect score on official tests. It parses messy documents, searches with XPath (a query language), and even ships a command-line tool. Sounds heroic, right? The crowd loved the ambition — but the comments immediately turned into a spicy reality show.

Safety hawks zeroed in on the phrase ‘zero unsafe in the public API,’ asking if there’s risky stuff tucked under the hood. Security worriers wanted receipts: does it really fix the flaws that helped sink libxml2? Metrics goblins asked for line counts. And the ‘agent-made’ origin lit a bonfire — one dev pushed to normalize warnings for ‘vibe-coded’ packages, basically: if AI helped write this, label it loud so teams know the risk.

The hottest take dragged Big Tech: so many companies relied on libxml2, and yet nobody stepped up to maintain it. Cue memes about trillion-dollar free riders and “XML PTSD” jokes. Fans cheered the 100% test pass and speed talk, skeptics demanded transparency on any hidden sharp edges, and cynics sighed about industry neglect. Translation for non-nerds: a core web tool broke, a bold fix arrived, and the comments turned into a courtroom drama over trust, safety, and who pays the maintenance bill. Also, yes, XML is a data format from the early web era — XML is still everywhere, which is why this matters.