:httpc works just fine for the very simple usecases, but when using it you’ll have to handle eventualities like if a server sends you gzipped content when you didn’t ask for it, etc. and you’ll find yourself writing wrappers for those cases.
Like all dependencies, when you forego them you’re hopefully doing so because you want to avoid bloat but you’ll have to accept that most cornercases won’t be covered and you’ll have to manage those yourself.
On top of that you can use this overloading so that you can easily describe how to deserialize JSON in API calls.
I think it’s all fairly convenient and I don’t think HTTPoison seems very bloated at all. I’d be worried if it pulled in way too much, but it hits the right mark in terms of size of what it offers.
I just published a blog post the other day looking at the various Elixir/Erlang HTTP clients from a security perspective.
TL;DR for HTTPS URLs only HTTPoison/hackney provide MitM protection out of the box, while all other clients I tested silently ignore the server certificate. You can use :httpc securely, but you’ll likely want to pull in some of the same dependencies used by hackney to avoid having to write your own RFC 6125 implementation…