The numbers seem small enough that it will rarely matter, but I suppose there might be a use case somewhere?

But lets be real here: this is basically just a new image format. With more code to maintain, fresh new exciting zero-days, and all of that. You need a strong use case to justify that, and "already fast encode is now faster" is probably not it.

I don’t think it’s quite as bad, though? It’s using a known compression library that (from reading other comments) has seen use and testing. The rest of PNG would remain unchanged, as the decompression format is a plugin.

I know it needs to be battle tested as a single entity but it’s not the same as writing a new image format from scratch.

Considering both zstandard and PNG are already web facing technologies, would the combination of both really increase the attack surface?

And compresses significantly faster than regular png too.

That’s the major advantage of zstd, fast compression. Not particularly relevant in web use cases, but would be great for saving screenshots.