github.com/gocolly/colly

Colly provides an elegant API for web scraping with callback-based architecture that makes building crawlers intuitive. The library handles rate limiting, parallelism, and cookie management out of the box, which is great for rapid development. However, from a security perspective, there are notable concerns that require careful attention in production environments.

The library hasn't been updated since 2019, which is a red flag for dependency supply chain management. It uses older versions of golang.org/x/net and other crypto dependencies that may have unpatched vulnerabilities. TLS configuration requires manual hardening - the defaults don't enforce modern cipher suites or certificate validation patterns I'd want in production. Error handling often exposes full URLs and response details in logs, requiring wrapper code to sanitize output.

Input validation is largely left to the developer. When scraping untrusted sites, you need to implement your own sanitization for extracted data and URL handling. The library doesn't provide secure-by-default patterns for preventing SSRF attacks or handling redirects to internal networks, making it risky for user-supplied URL scenarios without additional safeguards.

Colly provides an elegant callback-based API that feels natural for web scraping tasks. The OnHTML, OnRequest, and OnResponse hooks let you compose scrapers declaratively, and the API is immediately understandable even without deep documentation study. Setting up a basic scraper takes minutes, and the examples in the docs translate directly to real-world use cases.

The type system works well with Go's patterns - collector configuration through functional options is clean, and while there's no generics support (predating Go 1.18), the string-based selectors and interface{} returns are manageable. Error handling could be more granular; you often get generic HTTP errors that require additional debugging. The documentation has solid examples but lacks depth on advanced scenarios like handling complex authentication flows or debugging rate limiting issues.

The library hasn't seen updates since 2019, which shows in missing features like modern context support and some edge cases with JavaScript-heavy sites. Despite this, it remains highly functional for traditional server-rendered HTML scraping and continues to work reliably in production environments.

Colly provides one of the most developer-friendly APIs in the Go web scraping ecosystem. The callback-based approach with OnHTML, OnRequest, and OnError handlers feels natural and keeps scraping logic clean and organized. CSS selectors using goquery under the hood make DOM traversal straightforward for anyone familiar with jQuery-style syntax. Setting up a basic scraper takes minutes, and the API surface is small enough to learn quickly.

The documentation includes practical examples for common scenarios like form submission, authentication, and rate limiting. Request queueing and parallelization work out of the box with sensible defaults. Error messages are generally clear, though network failures sometimes require digging into underlying http.Client errors.

The main drawback is the package hasn't seen updates since 2019, leaving it on older Go module conventions and missing modern context handling patterns. You'll encounter rough edges with Go 1.18+ generics and newer stdlib features. Despite this, the core functionality remains solid for standard scraping tasks, and the codebase is stable enough that lack of updates isn't necessarily problematic for production use.