tungstenite-rs VS cargo-geiger

You can start by following tungstenite-rs client example. And since you are connecting to an tls enabled endpoint you should enable tls features. And according to your API's doc it requires you to send serialized json string for requesting message response and you can use serde ande serde_json for serialization. This is a complete example where a hardcode string request:

staticpi, is a websocket forwarding service. Basically, it enables one to keep a Raspberry pi, or any computer, “connected”, in order to send and receive messages to and from any client, without having to deal with a static IP address, open ports on your router, or similar. Built in Rust, using axum, which in turn uses tungestine-rs for the websocket connections, tokio, sqlx, redis-rs and others.

There is a client module and client examples. If using tokio, there is tokio-tungstenite on top, which has various client functions.

tungstenite: "Lightweight stream-based WebSocket implementation. It's formerly WS2, the 2nd implementation of WS. WS2 is the chemical formula of tungsten disulfide, the tungstenite mineral."

tungstenite-rs

If you just want to connect to an existing api, async-tungstenite has a connect function. It should work with wss. See some discussion of this issue here.

Instead of looking at the crates themselves, you might want to check your (or others') Rust application with https://github.com/rust-secure-code/cargo-geiger to get a sense of effective prevalence. I also dispute that the presence of unsafe somewhere in the dependency tree is an issue in itself, but that's a different discussion that many more had in other sub-threads.

There's still plenty. Run cargo geiger on any of your projects and see for yourself.

On point 2, the answer is cargo geiger, and judging how much memory safety you need for a given project.

You can use cargo-geiger or cargo-crev to check for whether people you trusted (e.g. u/jonhoo ) trust this crate.

The amount of unsafe code is also a factor. cargo geiger is a handy tool for measuring it.

We have cargo-geiger that does just that.

For that, I believe you need to use cargo-geiger[0] and audit the results.

[0] - https://github.com/rust-secure-code/cargo-geiger

cargo-geiger is a subcommand you can install which will check all the crates in your dependency graph for unsafe blocks and print out a report (which also shows if a crate has #![forbid(unsafe_code)] or not). You can then inspect those crates' sources to judge their use of unsafe for yourself. I don't think it has a "check" mode that simply errors if your dependency graph contains unsafe though, it's more about just collecting that information.

wrt to memory safety, keep in mind that many rust crates use "unsafe" internally. There are tools available that can find these such as cargo-geiger. So I would suggest to avoid unsafe deps as much as possible. Since they cannot be avoided entirely, it is a good idea to keep a list of unsafe deps.