[Audit] prologue: /compression uses third-party zippy library instead of built-in compression #130
Description
Violation
File: frameworks/prologue/src/server.nim, line 4 (import) and compression handler
Endpoint: /compression
What it does
Prologue uses the zippy library for gzip compression:
import zippy
# ...
let compressed = compress(jsonLargeResponse, BestSpeed, dfGzip)zippy is a third-party pure-Nim compression library (server.nimble declares requires "zippy >= 0.10.0"). It is not part of Nim's standard library.
What the spec requires
MUST use BUILT-IN compression only (no custom gzip, no third-party compression libs)
Why this matters
Third-party compression libraries may use different algorithms, optimizations, or compression ratios compared to the standard zlib implementation that other frameworks use. This makes the benchmark comparison unfair — the test is supposed to measure framework + built-in compression overhead, not the performance of alternative compression libraries.
Suggested fix
Replace zippy with Nim's standard library std/zlib module, which wraps the system zlib:
import std/zlib
# ...
let compressed = compress(jsonLargeResponse, level=1, stream=GZIP_STREAM)Or alternatively, use Nim's std/httpclient zlib wrapper for gzip output.
Notes
- The compression level is correct —
BestSpeedmaps to level 1 ✅ - The pre-serialized JSON at startup is a gray area (same pattern as many frameworks) — not flagging that
- The rest of the implementation is clean