10 files changed, 119 insertions, 259 deletions

diff --git a/cli/Cargo.toml b/cli/Cargo.toml
index d9144afff..d02411dc2 100644
--- a/cli/Cargo.toml
+++ b/cli/Cargo.toml
@@ -107,10 +107,6 @@ faster-hex.workspace = true
 flate2.workspace = true
 fs3.workspace = true
 glob = "0.3.1"
-http.workspace = true
-http-body.workspace = true
-http-body-util.workspace = true
-hyper-util.workspace = true
 import_map = { version = "=0.20.0", features = ["ext"] }
 indexmap.workspace = true
 jsonc-parser.workspace = true
@@ -132,6 +128,7 @@ phf.workspace = true
 quick-junit = "^0.3.5"
 rand = { workspace = true, features = ["small_rng"] }
 regex.workspace = true
+reqwest.workspace = true
 ring.workspace = true
 rustyline.workspace = true
 rustyline-derive = "=0.7.0"
diff --git a/cli/http_util.rs b/cli/http_util.rs
index a8646c188..18c0687bd 100644
--- a/cli/http_util.rs
+++ b/cli/http_util.rs
@@ -12,22 +12,18 @@ use deno_core::error::generic_error;
 use deno_core::error::AnyError;
 use deno_core::futures::StreamExt;
 use deno_core::parking_lot::Mutex;
-use deno_core::serde;
-use deno_core::serde_json;
 use deno_core::url::Url;
-use deno_runtime::deno_fetch;
 use deno_runtime::deno_fetch::create_http_client;
+use deno_runtime::deno_fetch::reqwest;
+use deno_runtime::deno_fetch::reqwest::header::HeaderName;
+use deno_runtime::deno_fetch::reqwest::header::HeaderValue;
+use deno_runtime::deno_fetch::reqwest::header::ACCEPT;
+use deno_runtime::deno_fetch::reqwest::header::AUTHORIZATION;
+use deno_runtime::deno_fetch::reqwest::header::IF_NONE_MATCH;
+use deno_runtime::deno_fetch::reqwest::header::LOCATION;
+use deno_runtime::deno_fetch::reqwest::StatusCode;
 use deno_runtime::deno_fetch::CreateHttpClientOptions;
 use deno_runtime::deno_tls::RootCertStoreProvider;
-use http::header::HeaderName;
-use http::header::HeaderValue;
-use http::header::ACCEPT;
-use http::header::AUTHORIZATION;
-use http::header::IF_NONE_MATCH;
-use http::header::LOCATION;
-use http::StatusCode;
-use http_body_util::BodyExt;
-
 use std::collections::HashMap;
 use std::sync::Arc;
 use std::thread::ThreadId;
@@ -212,7 +208,8 @@ pub struct HttpClientProvider {
   // it's not safe to share a reqwest::Client across tokio runtimes,
   // so we store these Clients keyed by thread id
   // https://github.com/seanmonstar/reqwest/issues/1148#issuecomment-910868788
-  clients_by_thread_id: Mutex<HashMap<ThreadId, deno_fetch::Client>>,
+  #[allow(clippy::disallowed_types)] // reqwest::Client allowed here
+  clients_by_thread_id: Mutex<HashMap<ThreadId, reqwest::Client>>,
 }
 
 impl std::fmt::Debug for HttpClientProvider {
@@ -273,15 +270,9 @@ pub struct BadResponseError {
 #[derive(Debug, Error)]
 pub enum DownloadError {
   #[error(transparent)]
-  Fetch(AnyError),
-  #[error(transparent)]
-  UrlParse(#[from] deno_core::url::ParseError),
-  #[error(transparent)]
-  HttpParse(#[from] http::Error),
-  #[error(transparent)]
-  Json(#[from] serde_json::Error),
+  Reqwest(#[from] reqwest::Error),
   #[error(transparent)]
-  ToStr(#[from] http::header::ToStrError),
+  ToStr(#[from] reqwest::header::ToStrError),
   #[error("Redirection from '{}' did not provide location header", .request_url)]
   NoRedirectHeader { request_url: Url },
   #[error("Too many redirects.")]
@@ -292,7 +283,8 @@ pub enum DownloadError {
 
 #[derive(Debug)]
 pub struct HttpClient {
-  client: deno_fetch::Client,
+  #[allow(clippy::disallowed_types)] // reqwest::Client allowed here
+  client: reqwest::Client,
   // don't allow sending this across threads because then
   // it might be shared accidentally across tokio runtimes
   // which will cause issues
@@ -303,56 +295,22 @@ pub struct HttpClient {
 impl HttpClient {
   // DO NOT make this public. You should always be creating one of these from
   // the HttpClientProvider
-  fn new(client: deno_fetch::Client) -> Self {
+  #[allow(clippy::disallowed_types)] // reqwest::Client allowed here
+  fn new(client: reqwest::Client) -> Self {
     Self {
       client,
       _unsend_marker: deno_core::unsync::UnsendMarker::default(),
     }
   }
 
-  pub fn get(&self, url: Url) -> Result<RequestBuilder, http::Error> {
-    let body = http_body_util::Empty::new()
-      .map_err(|never| match never {})
-      .boxed();
-    let mut req = http::Request::new(body);
-    *req.uri_mut() = url.as_str().parse()?;
-    Ok(RequestBuilder {
-      client: self.client.clone(),
-      req,
-    })
-  }
-
-  pub fn post(
-    &self,
-    url: Url,
-    body: deno_fetch::ReqBody,
-  ) -> Result<RequestBuilder, http::Error> {
-    let mut req = http::Request::new(body);
-    *req.method_mut() = http::Method::POST;
-    *req.uri_mut() = url.as_str().parse()?;
-    Ok(RequestBuilder {
-      client: self.client.clone(),
-      req,
-    })
+  // todo(dsherret): don't expose `reqwest::RequestBuilder` because it
+  // is `Sync` and could accidentally be shared with multiple tokio runtimes
+  pub fn get(&self, url: impl reqwest::IntoUrl) -> reqwest::RequestBuilder {
+    self.client.get(url)
   }
 
-  pub fn post_json<S>(
-    &self,
-    url: Url,
-    ser: &S,
-  ) -> Result<RequestBuilder, DownloadError>
-  where
-    S: serde::Serialize,
-  {
-    let json = deno_core::serde_json::to_vec(ser)?;
-    let body = http_body_util::Full::new(json.into())
-      .map_err(|never| match never {})
-      .boxed();
-    let builder = self.post(url, body)?;
-    Ok(builder.header(
-      http::header::CONTENT_TYPE,
-      "application/json".parse().map_err(http::Error::from)?,
-    ))
+  pub fn post(&self, url: impl reqwest::IntoUrl) -> reqwest::RequestBuilder {
+    self.client.post(url)
   }
 
   /// Asynchronously fetches the given HTTP URL one pass only.
@@ -364,35 +322,27 @@ impl HttpClient {
     &self,
     args: FetchOnceArgs<'a>,
   ) -> Result<FetchOnceResult, AnyError> {
-    let body = http_body_util::Empty::new()
-      .map_err(|never| match never {})
-      .boxed();
-    let mut request = http::Request::new(body);
-    *request.uri_mut() = args.url.as_str().parse()?;
+    let mut request = self.client.get(args.url.clone());
 
     if let Some(etag) = args.maybe_etag {
       let if_none_match_val = HeaderValue::from_str(&etag)?;
-      request
-        .headers_mut()
-        .insert(IF_NONE_MATCH, if_none_match_val);
+      request = request.header(IF_NONE_MATCH, if_none_match_val);
     }
     if let Some(auth_token) = args.maybe_auth_token {
       let authorization_val = HeaderValue::from_str(&auth_token.to_string())?;
-      request
-        .headers_mut()
-        .insert(AUTHORIZATION, authorization_val);
+      request = request.header(AUTHORIZATION, authorization_val);
     }
     if let Some(accept) = args.maybe_accept {
       let accepts_val = HeaderValue::from_str(&accept)?;
-      request.headers_mut().insert(ACCEPT, accepts_val);
+      request = request.header(ACCEPT, accepts_val);
     }
-    let response = match self.client.clone().send(request).await {
+    let response = match request.send().await {
       Ok(resp) => resp,
       Err(err) => {
-        if is_error_connect(&err) {
+        if err.is_connect() || err.is_timeout() {
           return Ok(FetchOnceResult::RequestError(err.to_string()));
         }
-        return Err(err);
+        return Err(err.into());
       }
     };
 
@@ -456,12 +406,18 @@ impl HttpClient {
     Ok(FetchOnceResult::Code(body, result_headers))
   }
 
-  pub async fn download_text(&self, url: Url) -> Result<String, AnyError> {
+  pub async fn download_text(
+    &self,
+    url: impl reqwest::IntoUrl,
+  ) -> Result<String, AnyError> {
     let bytes = self.download(url).await?;
     Ok(String::from_utf8(bytes)?)
   }
 
-  pub async fn download(&self, url: Url) -> Result<Vec<u8>, AnyError> {
+  pub async fn download(
+    &self,
+    url: impl reqwest::IntoUrl,
+  ) -> Result<Vec<u8>, AnyError> {
     let maybe_bytes = self.download_inner(url, None, None).await?;
     match maybe_bytes {
       Some(bytes) => Ok(bytes),
@@ -471,7 +427,7 @@ impl HttpClient {
 
   pub async fn download_with_progress(
     &self,
-    url: Url,
+    url: impl reqwest::IntoUrl,
     maybe_header: Option<(HeaderName, HeaderValue)>,
     progress_guard: &UpdateGuard,
   ) -> Result<Option<Vec<u8>>, DownloadError> {
@@ -482,26 +438,26 @@ impl HttpClient {
 
   pub async fn get_redirected_url(
     &self,
-    url: Url,
+    url: impl reqwest::IntoUrl,
     maybe_header: Option<(HeaderName, HeaderValue)>,
   ) -> Result<Url, AnyError> {
-    let (_, url) = self.get_redirected_response(url, maybe_header).await?;
-    Ok(url)
+    let response = self.get_redirected_response(url, maybe_header).await?;
+    Ok(response.url().clone())
   }
 
   async fn download_inner(
     &self,
-    url: Url,
+    url: impl reqwest::IntoUrl,
     maybe_header: Option<(HeaderName, HeaderValue)>,
     progress_guard: Option<&UpdateGuard>,
   ) -> Result<Option<Vec<u8>>, DownloadError> {
-    let (response, _) = self.get_redirected_response(url, maybe_header).await?;
+    let response = self.get_redirected_response(url, maybe_header).await?;
 
     if response.status() == 404 {
       return Ok(None);
     } else if !response.status().is_success() {
       let status = response.status();
-      let maybe_response_text = body_to_string(response).await.ok();
+      let maybe_response_text = response.text().await.ok();
       return Err(DownloadError::BadResponse(BadResponseError {
         status_code: status,
         response_text: maybe_response_text
@@ -513,77 +469,60 @@ impl HttpClient {
     get_response_body_with_progress(response, progress_guard)
       .await
       .map(Some)
-      .map_err(DownloadError::Fetch)
+      .map_err(Into::into)
   }
 
   async fn get_redirected_response(
     &self,
-    mut url: Url,
+    url: impl reqwest::IntoUrl,
     mut maybe_header: Option<(HeaderName, HeaderValue)>,
-  ) -> Result<(http::Response<deno_fetch::ResBody>, Url), DownloadError> {
-    let mut req = self.get(url.clone())?.build();
+  ) -> Result<reqwest::Response, DownloadError> {
+    let mut url = url.into_url()?;
+    let mut builder = self.get(url.clone());
     if let Some((header_name, header_value)) = maybe_header.as_ref() {
-      req.headers_mut().append(header_name, header_value.clone());
+      builder = builder.header(header_name, header_value);
     }
-    let mut response = self
-      .client
-      .clone()
-      .send(req)
-      .await
-      .map_err(DownloadError::Fetch)?;
+    let mut response = builder.send().await?;
     let status = response.status();
     if status.is_redirection() {
       for _ in 0..5 {
         let new_url = resolve_redirect_from_response(&url, &response)?;
-        let mut req = self.get(new_url.clone())?.build();
+        let mut builder = self.get(new_url.clone());
 
         if new_url.origin() == url.origin() {
           if let Some((header_name, header_value)) = maybe_header.as_ref() {
-            req.headers_mut().append(header_name, header_value.clone());
+            builder = builder.header(header_name, header_value);
           }
         } else {
           maybe_header = None;
         }
 
-        let new_response = self
-          .client
-          .clone()
-          .send(req)
-          .await
-          .map_err(DownloadError::Fetch)?;
+        let new_response = builder.send().await?;
         let status = new_response.status();
         if status.is_redirection() {
           response = new_response;
           url = new_url;
         } else {
-          return Ok((new_response, new_url));
+          return Ok(new_response);
         }
       }
       Err(DownloadError::TooManyRedirects)
     } else {
-      Ok((response, url))
+      Ok(response)
     }
   }
 }
 
-fn is_error_connect(err: &AnyError) -> bool {
-  err
-    .downcast_ref::<hyper_util::client::legacy::Error>()
-    .map(|err| err.is_connect())
-    .unwrap_or(false)
-}
-
 async fn get_response_body_with_progress(
-  response: http::Response<deno_fetch::ResBody>,
+  response: reqwest::Response,
   progress_guard: Option<&UpdateGuard>,
-) -> Result<Vec<u8>, AnyError> {
-  use http_body::Body as _;
+) -> Result<Vec<u8>, reqwest::Error> {
   if let Some(progress_guard) = progress_guard {
-    if let Some(total_size) = response.body().size_hint().exact() {
+    if let Some(total_size) = response.content_length() {
       progress_guard.set_total_size(total_size);
       let mut current_size = 0;
       let mut data = Vec::with_capacity(total_size as usize);
-      let mut stream = response.into_body().into_data_stream();
+      let mut stream = response.bytes_stream();
       while let Some(item) = stream.next().await {
         let bytes = item?;
         current_size += bytes.len() as u64;
@@ -593,7 +532,7 @@ async fn get_response_body_with_progress(
       return Ok(data);
     }
   }
-  let bytes = response.collect().await?.to_bytes();
+  let bytes = response.bytes().await?;
   Ok(bytes.into())
 }
 
@@ -624,9 +563,9 @@ fn resolve_url_from_location(base_url: &Url, location: &str) -> Url {
   }
 }
 
-fn resolve_redirect_from_response<B>(
+fn resolve_redirect_from_response(
   request_url: &Url,
-  response: &http::Response<B>,
+  response: &reqwest::Response,
 ) -> Result<Url, DownloadError> {
   debug_assert!(response.status().is_redirection());
   if let Some(location) = response.headers().get(LOCATION) {
@@ -641,49 +580,6 @@ fn resolve_redirect_from_response<B>(
   }
 }
 
-pub async fn body_to_string<B>(body: B) -> Result<String, AnyError>
-where
-  B: http_body::Body,
-  AnyError: From<B::Error>,
-{
-  let bytes = body.collect().await?.to_bytes();
-  let s = std::str::from_utf8(&bytes)?;
-  Ok(s.into())
-}
-
-pub async fn body_to_json<B, D>(body: B) -> Result<D, AnyError>
-where
-  B: http_body::Body,
-  AnyError: From<B::Error>,
-  D: serde::de::DeserializeOwned,
-{
-  let bytes = body.collect().await?.to_bytes();
-  let val = deno_core::serde_json::from_slice(&bytes)?;
-  Ok(val)
-}
-
-pub struct RequestBuilder {
-  client: deno_fetch::Client,
-  req: http::Request<deno_fetch::ReqBody>,
-}
-
-impl RequestBuilder {
-  pub fn header(mut self, name: HeaderName, value: HeaderValue) -> Self {
-    self.req.headers_mut().append(name, value);
-    self
-  }
-
-  pub async fn send(
-    self,
-  ) -> Result<http::Response<deno_fetch::ResBody>, AnyError> {
-    self.client.send(self.req).await
-  }
-
-  pub fn build(self) -> http::Request<deno_fetch::ReqBody> {
-    self.req
-  }
-}
-
 #[allow(clippy::print_stdout)]
 #[allow(clippy::print_stderr)]
 #[cfg(test)]
@@ -704,20 +600,14 @@ mod test {
 
     // make a request to the redirect server
     let text = client
-      .download_text(
-        Url::parse("http://localhost:4546/subdir/redirects/redirect1.js")
-          .unwrap(),
-      )
+      .download_text("http://localhost:4546/subdir/redirects/redirect1.js")
       .await
       .unwrap();
     assert_eq!(text, "export const redirect = 1;\n");
 
     // now make one to the infinite redirects server
     let err = client
-      .download_text(
-        Url::parse("http://localhost:4549/subdir/redirects/redirect1.js")
-          .unwrap(),
-      )
+      .download_text("http://localhost:4549/subdir/redirects/redirect1.js")
       .await
       .err()
       .unwrap();
diff --git a/cli/npm/common.rs b/cli/npm/common.rs
index 34835216c..c55f73cd5 100644
--- a/cli/npm/common.rs
+++ b/cli/npm/common.rs
@@ -1,7 +1,7 @@
 // Copyright 2018-2024 the Deno authors. All rights reserved. MIT license.
 
 use deno_npm::npm_rc::RegistryConfig;
-use http::header;
+use reqwest::header;
 
 // TODO(bartlomieju): support more auth methods besides token and basic auth
 pub fn maybe_auth_header_for_npm_registry(
diff --git a/cli/npm/managed/cache/tarball.rs b/cli/npm/managed/cache/tarball.rs
index eec890bed..46186b87c 100644
--- a/cli/npm/managed/cache/tarball.rs
+++ b/cli/npm/managed/cache/tarball.rs
@@ -11,12 +11,12 @@ use deno_core::error::AnyError;
 use deno_core::futures::future::LocalBoxFuture;
 use deno_core::futures::FutureExt;
 use deno_core::parking_lot::Mutex;
-use deno_core::url::Url;
 use deno_npm::npm_rc::ResolvedNpmRc;
 use deno_npm::registry::NpmPackageVersionDistInfo;
 use deno_runtime::deno_fs::FileSystem;
 use deno_semver::package::PackageNv;
-use http::StatusCode;
+use reqwest::StatusCode;
+use reqwest::Url;
 
 use crate::args::CacheSetting;
 use crate::http_util::DownloadError;
diff --git a/cli/standalone/binary.rs b/cli/standalone/binary.rs
index 342c637d5..10a762093 100644
--- a/cli/standalone/binary.rs
+++ b/cli/standalone/binary.rs
@@ -495,7 +495,7 @@ impl<'a> DenoCompileBinaryWriter<'a> {
       self
         .http_client_provider
         .get_or_create()?
-        .download_with_progress(download_url.parse()?, None, &progress)
+        .download_with_progress(download_url, None, &progress)
         .await?
     };
     let bytes = match maybe_bytes {
diff --git a/cli/tools/registry/api.rs b/cli/tools/registry/api.rs
index 519800660..ee9579a19 100644
--- a/cli/tools/registry/api.rs
+++ b/cli/tools/registry/api.rs
@@ -1,9 +1,8 @@
 // Copyright 2018-2024 the Deno authors. All rights reserved. MIT license.
 
-use crate::http_util;
 use deno_core::error::AnyError;
 use deno_core::serde_json;
-use deno_runtime::deno_fetch;
+use deno_runtime::deno_fetch::reqwest;
 use lsp_types::Url;
 use serde::de::DeserializeOwned;
 
@@ -83,7 +82,7 @@ impl std::fmt::Debug for ApiError {
 impl std::error::Error for ApiError {}
 
 pub async fn parse_response<T: DeserializeOwned>(
-  response: http::Response<deno_fetch::ResBody>,
+  response: reqwest::Response,
 ) -> Result<T, ApiError> {
   let status = response.status();
   let x_deno_ray = response
@@ -91,7 +90,7 @@ pub async fn parse_response<T: DeserializeOwned>(
     .get("x-deno-ray")
     .and_then(|value| value.to_str().ok())
     .map(|s| s.to_string());
-  let text = http_util::body_to_string(response).await.unwrap();
+  let text = response.text().await.unwrap();
 
   if !status.is_success() {
     match serde_json::from_str::<ApiError>(&text) {
@@ -123,9 +122,9 @@ pub async fn get_scope(
   client: &HttpClient,
   registry_api_url: &Url,
   scope: &str,
-) -> Result<http::Response<deno_fetch::ResBody>, AnyError> {
+) -> Result<reqwest::Response, AnyError> {
   let scope_url = format!("{}scopes/{}", registry_api_url, scope);
-  let response = client.get(scope_url.parse()?)?.send().await?;
+  let response = client.get(&scope_url).send().await?;
   Ok(response)
 }
 
@@ -142,9 +141,9 @@ pub async fn get_package(
   registry_api_url: &Url,
   scope: &str,
   package: &str,
-) -> Result<http::Response<deno_fetch::ResBody>, AnyError> {
+) -> Result<reqwest::Response, AnyError> {
   let package_url = get_package_api_url(registry_api_url, scope, package);
-  let response = client.get(package_url.parse()?)?.send().await?;
+  let response = client.get(&package_url).send().await?;
   Ok(response)
 }
 
diff --git a/cli/tools/registry/mod.rs b/cli/tools/registry/mod.rs
index a22384a52..8e4d97897 100644
--- a/cli/tools/registry/mod.rs
+++ b/cli/tools/registry/mod.rs
@@ -23,8 +23,8 @@ use deno_core::futures::StreamExt;
 use deno_core::serde_json;
 use deno_core::serde_json::json;
 use deno_core::serde_json::Value;
+use deno_runtime::deno_fetch::reqwest;
 use deno_terminal::colors;
-use http_body_util::BodyExt;
 use lsp_types::Url;
 use serde::Deserialize;
 use serde::Serialize;
@@ -539,13 +539,11 @@ async fn get_auth_headers(
       let challenge = BASE64_STANDARD.encode(sha2::Sha256::digest(&verifier));
 
       let response = client
-        .post_json(
-          format!("{}authorizations", registry_url).parse()?,
-          &serde_json::json!({
-            "challenge": challenge,
-            "permissions": permissions,
-          }),
-        )?
+        .post(format!("{}authorizations", registry_url))
+        .json(&serde_json::json!({
+          "challenge": challenge,
+          "permissions": permissions,
+        }))
         .send()
         .await
         .context("Failed to create interactive authorization")?;
@@ -575,13 +573,11 @@ async fn get_auth_headers(
       loop {
         tokio::time::sleep(interval).await;
         let response = client
-          .post_json(
-            format!("{}authorizations/exchange", registry_url).parse()?,
-            &serde_json::json!({
-              "exchangeToken": auth.exchange_token,
-              "verifier": verifier,
-            }),
-          )?
+          .post(format!("{}authorizations/exchange", registry_url))
+          .json(&serde_json::json!({
+            "exchangeToken": auth.exchange_token,
+            "verifier": verifier,
+          }))
           .send()
           .await
           .context("Failed to exchange authorization")?;
@@ -638,20 +634,15 @@ async fn get_auth_headers(
         );
 
         let response = client
-          .get(url.parse()?)?
-          .header(
-            http::header::AUTHORIZATION,
-            format!("Bearer {}", oidc_config.token).parse()?,
-          )
+          .get(url)
+          .bearer_auth(&oidc_config.token)
           .send()
           .await
           .context("Failed to get OIDC token")?;
         let status = response.status();
-        let text = crate::http_util::body_to_string(response)
-          .await
-          .with_context(|| {
-            format!("Failed to get OIDC token: status {}", status)
-          })?;
+        let text = response.text().await.with_context(|| {
+          format!("Failed to get OIDC token: status {}", status)
+        })?;
         if !status.is_success() {
           bail!(
             "Failed to get OIDC token: status {}, response: '{}'",
@@ -779,7 +770,7 @@ async fn ensure_scopes_and_packages_exist(
 
     loop {
       tokio::time::sleep(std::time::Duration::from_secs(3)).await;
-      let response = client.get(package_api_url.parse()?)?.send().await?;
+      let response = client.get(&package_api_url).send().await?;
       if response.status() == 200 {
         let name = format!("@{}/{}", package.scope, package.package);
         log::info!("Package {} created", colors::green(name));
@@ -903,19 +894,11 @@ async fn publish_package(
     package.config
   );
 
-  let body = http_body_util::Full::new(package.tarball.bytes.clone())
-    .map_err(|never| match never {})
-    .boxed();
   let response = http_client
-    .post(url.parse()?, body)?
-    .header(
-      http::header::AUTHORIZATION,
-      authorization.parse().map_err(http::Error::from)?,
-    )
-    .header(
-      http::header::CONTENT_ENCODING,
-      "gzip".parse().map_err(http::Error::from)?,
-    )
+    .post(url)
+    .header(reqwest::header::AUTHORIZATION, authorization)
+    .header(reqwest::header::CONTENT_ENCODING, "gzip")
+    .body(package.tarball.bytes.clone())
     .send()
     .await?;
 
@@ -960,7 +943,7 @@ async fn publish_package(
   while task.status != "success" && task.status != "failure" {
     tokio::time::sleep(interval).await;
     let resp = http_client
-      .get(format!("{}publish_status/{}", registry_api_url, task.id).parse()?)?
+      .get(format!("{}publish_status/{}", registry_api_url, task.id))
       .send()
       .await
       .with_context(|| {
@@ -1009,8 +992,7 @@ async fn publish_package(
       package.scope, package.package, package.version
     ))?;
 
-    let resp = http_client.get(meta_url)?.send().await?;
-    let meta_bytes = resp.collect().await?.to_bytes();
+    let meta_bytes = http_client.get(meta_url).send().await?.bytes().await?;
 
     if std::env::var("DISABLE_JSR_MANIFEST_VERIFICATION_FOR_TESTING").is_err() {
       verify_version_manifest(&meta_bytes, &package)?;
@@ -1041,8 +1023,9 @@ async fn publish_package(
       registry_api_url, package.scope, package.package, package.version
     );
     http_client
-      .post_json(provenance_url.parse()?, &json!({ "bundle": bundle }))?
-      .header(http::header::AUTHORIZATION, authorization.parse()?)
+      .post(provenance_url)
+      .header(reqwest::header::AUTHORIZATION, authorization)
+      .json(&json!({ "bundle": bundle }))
       .send()
       .await?;
   }
diff --git a/cli/tools/registry/provenance.rs b/cli/tools/registry/provenance.rs
index ce3d6ff8a..622e483d6 100644
--- a/cli/tools/registry/provenance.rs
+++ b/cli/tools/registry/provenance.rs
@@ -1,6 +1,5 @@
 // Copyright 2018-2024 the Deno authors. All rights reserved. MIT license.
 
-use crate::http_util;
 use crate::http_util::HttpClient;
 
 use super::api::OidcTokenResponse;
@@ -13,8 +12,6 @@ use deno_core::anyhow;
 use deno_core::anyhow::bail;
 use deno_core::error::AnyError;
 use deno_core::serde_json;
-use deno_core::url::Url;
-use http_body_util::BodyExt;
 use once_cell::sync::Lazy;
 use p256::elliptic_curve;
 use p256::pkcs8::AssociatedOid;
@@ -507,12 +504,12 @@ impl<'a> FulcioSigner<'a> {
 
     let response = self
       .http_client
-      .post_json(url.parse()?, &request_body)?
+      .post(url)
+      .json(&request_body)
       .send()
       .await?;
 
-    let body: SigningCertificateResponse =
-      http_util::body_to_json(response).await?;
+    let body: SigningCertificateResponse = response.json().await?;
 
     let key = body
       .signed_certificate_embedded_sct
@@ -530,23 +527,15 @@ impl<'a> FulcioSigner<'a> {
       bail!("No OIDC token available");
     };
 
-    let mut url = req_url.parse::<Url>()?;
-    url.query_pairs_mut().append_pair("audience", aud);
-    let res_bytes = self
+    let res = self
       .http_client
-      .get(url)?
-      .header(
-        http::header::AUTHORIZATION,
-        format!("Bearer {}", token)
-          .parse()
-          .map_err(http::Error::from)?,
-      )
+      .get(&req_url)
+      .bearer_auth(token)
+      .query(&[("audience", aud)])
       .send()
       .await?
-      .collect()
-      .await?
-      .to_bytes();
-    let res: OidcTokenResponse = serde_json::from_slice(&res_bytes)?;
+      .json::<OidcTokenResponse>()
+      .await?;
     Ok(res.value)
   }
 }
@@ -696,10 +685,11 @@ async fn testify(
 
   let url = format!("{}/api/v1/log/entries", *DEFAULT_REKOR_URL);
   let res = http_client
-    .post_json(url.parse()?, &proposed_intoto_entry)?
+    .post(&url)
+    .json(&proposed_intoto_entry)
     .send()
     .await?;
-  let body: RekorEntry = http_util::body_to_json(res).await?;
+  let body: RekorEntry = res.json().await?;
 
   Ok(body)
 }
diff --git a/cli/tools/test/mod.rs b/cli/tools/test/mod.rs
index 587b737d6..81dc36a89 100644
--- a/cli/tools/test/mod.rs
+++ b/cli/tools/test/mod.rs
@@ -881,11 +881,12 @@ async fn run_tests_for_worker_inner(
     // failing. If we don't do this, a connection to a test server we just tore down might be re-used in
     // the next test.
     // TODO(mmastrac): this should be some sort of callback that we can implement for any subsystem
+    #[allow(clippy::disallowed_types)] // allow using reqwest::Client here
     worker
       .js_runtime
       .op_state()
       .borrow_mut()
-      .try_take::<deno_runtime::deno_fetch::Client>();
+      .try_take::<deno_runtime::deno_fetch::reqwest::Client>();
 
     if desc.ignore {
       send_test_event(
diff --git a/cli/tools/upgrade.rs b/cli/tools/upgrade.rs
index fd8394efa..2afeffc92 100644
--- a/cli/tools/upgrade.rs
+++ b/cli/tools/upgrade.rs
@@ -571,7 +571,7 @@ async fn get_latest_version(
   check_kind: UpgradeCheckKind,
 ) -> Result<String, AnyError> {
   let url = get_url(release_kind, env!("TARGET"), check_kind);
-  let text = client.download_text(url.parse()?).await?;
+  let text = client.download_text(url).await?;
   Ok(normalize_version_from_server(release_kind, &text))
 }
 
@@ -624,7 +624,7 @@ async fn download_package(
     // text above which will stay alive after the progress bars are complete
     let progress = progress_bar.update("");
     client
-      .download_with_progress(download_url.parse()?, None, &progress)
+      .download_with_progress(download_url, None, &progress)
       .await?
   };
   match maybe_bytes {