From e43fdf8dcbb80f077da3f2c7a679969f38618839 Mon Sep 17 00:00:00 2001 From: juangaitanv Date: Wed, 10 Jun 2026 10:04:07 +0200 Subject: [PATCH 1/2] Shrink release binary with size-tuned profile strip + thin LTO + opt-level=z cuts the darwin-arm64 binary 9.35 MB -> 5.84 MB raw (-37%), 3.63 MB -> 2.64 MB zipped (-27%). Binary verified working; release build time unchanged (~2m). --- Cargo.toml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Cargo.toml b/Cargo.toml index d60edad..79391be 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -45,3 +45,8 @@ serde_yaml_ng = "0.10" [target.'cfg(not(target_os = "windows"))'.dependencies] openssl = { version = "0.10", features = ["vendored"] } + +[profile.release] +strip = true +lto = "thin" +opt-level = "z" From 2b02688cebbcca3f003693469427c9910fb9e7a7 Mon Sep 17 00:00:00 2001 From: juangaitanv Date: Wed, 10 Jun 2026 14:47:35 +0200 Subject: [PATCH 2/2] Drop opt-level=z from release profile; keep strip + thin LTO Benchmarks (macOS arm64, 4000-package npm lockfile, 15 runs, median): profile size deps scan deps graph default release 9.80 MB 26 ms 65 ms strip + thin LTO 8.16 MB 31 ms 67 ms + opt-level "s" 7.04 MB 86 ms 76 ms + opt-level "z" 6.13 MB 105 ms 84 ms strip + thin LTO takes half the size win at no measurable runtime cost. opt-level=z bought 2 MB more but made the serde-heavy deps scan path ~4x slower, and would hit the deflate repo-upload path in `corgea scan` hardest. Addresses the PR #98 review comment. --- Cargo.toml | 1 - 1 file changed, 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index 79391be..9ee87d6 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -49,4 +49,3 @@ openssl = { version = "0.10", features = ["vendored"] } [profile.release] strip = true lto = "thin" -opt-level = "z"