syn

Syn is the de facto parser for procedural macros in Rust, and it earns that position through exceptional design. The API feels intuitive once you understand the pattern: parse to AST nodes, pattern match, transform. The type system guides you perfectly - each syntax element has a dedicated struct with well-named fields that mirror Rust's own grammar. IDE autocomplete works flawlessly, making it easy to explore what fields are available on parsed nodes.

The feature flag system deserves special mention - you can opt into just what you need (like `derive`, `parsing`, `printing`) which keeps compile times reasonable. The `parse_quote!` and `quote!` integration is seamless, letting you write Rust-like code to generate Rust code. Error messages from syn are clear and point to the exact token that failed parsing.

Documentation is comprehensive with the examples repository providing real-world macro implementations you can learn from. The 1.x to 2.0 migration was well-documented with clear breaking changes listed. My only gripes are the learning curve for newcomers to proc macros (though that's more about macros than syn itself) and occasionally verbose pattern matching for complex syntax trees.

Working with syn daily for proc macro development, it's the de facto standard for Rust AST parsing with good reason. The library is meticulously designed with a minimal attack surface - it strictly parses Rust syntax without executing code or performing filesystem operations. Input validation is inherent to its purpose: invalid Rust code fails to parse with clear error messages that don't leak sensitive information.

From a supply chain perspective, syn has an exceptionally clean dependency tree. It relies primarily on proc-macro2, quote, and unicode-ident - all maintained by the same team with consistent security practices. Updates are frequent and CVE response is handled through Rust's security advisory process. The crate follows secure-by-default principles: parsing operations are deterministic and side-effect free.

The error handling is particularly well-designed. Parse errors contain span information for diagnostics without exposing internal state. There's no crypto or network code to misconfigure, and the API design makes it nearly impossible to accidentally introduce injection vulnerabilities in generated code when combined with the quote crate's proper escaping.

From a security perspective, syn is remarkably well-designed. It's a pure parser with no network access, no filesystem operations beyond what rustc provides, and no cryptographic primitives to misconfigure. The attack surface is essentially limited to malicious input code, which the library handles defensively with explicit error types rather than panics.

The error handling is exemplary - parse failures return Result types with structured error information that never leaks sensitive data. When you call parse_quote! or Parser::parse on malformed input, you get precise span information without exposing internals. The library follows secure-by-default principles: features are additive and opt-in ("full", "parsing", "printing"), letting you minimize your dependency tree.

The supply chain risk is low. Syn has minimal dependencies (proc-macro2, quote, unicode-ident), all from the same trusted maintainer. No optional dependencies that could introduce unexpected behavior. Version 2.x has been stable with consistent API contracts, making CVE response straightforward when needed (though rare). The documentation clearly shows token validation patterns that prevent injection-style attacks in generated code.