diff --git a/Cargo.lock b/Cargo.lock
index 07f3b8b9a2..5b2a70a6be 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1064,12 +1064,12 @@ dependencies = [
  "env_logger",
  "eszip",
  "fancy-regex",
+ "faster-hex",
  "flate2",
  "fs3",
  "fwdansi",
  "glibc_version",
  "glob",
- "hex",
  "ignore",
  "import_map",
  "indexmap",
@@ -1534,7 +1534,7 @@ dependencies = [
  "denokv_proto",
  "denokv_remote",
  "denokv_sqlite",
- "hex",
+ "faster-hex",
  "log",
  "num-bigint",
  "prost",
@@ -1650,8 +1650,8 @@ dependencies = [
  "ecb",
  "elliptic-curve",
  "errno 0.2.8",
+ "faster-hex",
  "h2 0.3.22",
- "hex",
  "hkdf",
  "http 0.2.11",
  "idna 0.3.0",
@@ -2508,6 +2508,15 @@ dependencies = [
  "regex",
 ]
 
+[[package]]
+name = "faster-hex"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a2a2b11eda1d40935b26cf18f6833c526845ae8c41e58d09af6adeb6f0269183"
+dependencies = [
+ "serde",
+]
+
 [[package]]
 name = "fastrand"
 version = "2.0.1"
@@ -7276,7 +7285,7 @@ dependencies = [
  "codespan-reporting",
  "log",
  "naga",
- "parking_lot 0.11.2",
+ "parking_lot 0.12.1",
  "profiling",
  "raw-window-handle",
  "ron",
@@ -7317,7 +7326,7 @@ dependencies = [
  "naga",
  "objc",
  "once_cell",
- "parking_lot 0.11.2",
+ "parking_lot 0.12.1",
  "profiling",
  "range-alloc",
  "raw-window-handle",
diff --git a/Cargo.toml b/Cargo.toml
index e3eaf97a1c..b11710d0ad 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -103,6 +103,7 @@ dlopen2 = "0.6.1"
 ecb = "=0.1.2"
 elliptic-curve = { version = "0.13.4", features = ["alloc", "arithmetic", "ecdh", "std", "pem"] }
 encoding_rs = "=0.8.33"
+faster-hex = "0.9"
 fastwebsockets = { version = "0.6", features = ["upgrade", "unstable-split"] }
 filetime = "0.2.16"
 flate2 = { version = "1.0.26", default-features = false }
@@ -110,7 +111,6 @@ fs3 = "0.5.0"
 futures = "0.3.21"
 glob = "0.3.1"
 h2 = "0.4"
-hex = "0.4"
 http = "1.0"
 http-body-util = "0.1"
 http_v02 = { package = "http", version = "0.2.9" }
diff --git a/cli/Cargo.toml b/cli/Cargo.toml
index 5656c77f85..d11ef88495 100644
--- a/cli/Cargo.toml
+++ b/cli/Cargo.toml
@@ -101,11 +101,11 @@ dprint-plugin-markdown = "=0.16.4"
 dprint-plugin-typescript = "=0.89.3"
 env_logger = "=0.10.0"
 fancy-regex = "=0.10.0"
+faster-hex.workspace = true
 # If you disable the default __vendored_zlib_ng feature above, you _must_ be able to link against `-lz`.
 flate2.workspace = true
 fs3.workspace = true
 glob = "0.3.1"
-hex.workspace = true
 ignore = "0.4"
 import_map = { version = "=0.19.0", features = ["ext"] }
 indexmap.workspace = true
diff --git a/cli/npm/managed/tarball.rs b/cli/npm/managed/tarball.rs
index 90cae0cd2a..1267b13d8c 100644
--- a/cli/npm/managed/tarball.rs
+++ b/cli/npm/managed/tarball.rs
@@ -61,7 +61,7 @@ fn verify_tarball_integrity(
       let mut hash_ctx = Context::new(&ring::digest::SHA1_FOR_LEGACY_USE_ONLY);
       hash_ctx.update(data);
       let digest = hash_ctx.finish();
-      let tarball_checksum = hex::encode(digest.as_ref());
+      let tarball_checksum = faster_hex::hex_string(digest.as_ref());
       (tarball_checksum, hex)
     }
     NpmPackageVersionDistInfoIntegrity::UnknownIntegrity(integrity) => {
diff --git a/cli/tools/registry/mod.rs b/cli/tools/registry/mod.rs
index 7b940592f4..faea95a1ab 100644
--- a/cli/tools/registry/mod.rs
+++ b/cli/tools/registry/mod.rs
@@ -688,7 +688,7 @@ async fn publish_package(
         package.scope, package.package, package.version
       ),
       digest: provenance::SubjectDigest {
-        sha256: hex::encode(sha2::Sha256::digest(&meta_bytes)),
+        sha256: faster_hex::hex_string(&sha2::Sha256::digest(&meta_bytes)),
       },
     };
     let bundle = provenance::generate_provenance(subject).await?;
diff --git a/cli/tools/registry/provenance.rs b/cli/tools/registry/provenance.rs
index 117c10abca..69926372e7 100644
--- a/cli/tools/registry/provenance.rs
+++ b/cli/tools/registry/provenance.rs
@@ -622,12 +622,12 @@ async fn testify(
   // Rekor "intoto" entry for the given DSSE envelope and signature.
   //
   // Calculate the value for the payloadHash field into the Rekor entry
-  let payload_hash = hex::encode(sha2::Sha256::digest(
+  let payload_hash = faster_hex::hex_string(&sha2::Sha256::digest(
     content.dsse_envelope.payload.as_bytes(),
   ));
 
   // Calculate the value for the hash field into the Rekor entry
-  let envelope_hash = hex::encode({
+  let envelope_hash = faster_hex::hex_string(&{
     let dsse = DsseEnvelope {
       payload: content.dsse_envelope.payload.clone(),
       payload_type: content.dsse_envelope.payload_type.clone(),
diff --git a/cli/util/checksum.rs b/cli/util/checksum.rs
index d9480eb6e4..c9c55ec2b4 100644
--- a/cli/util/checksum.rs
+++ b/cli/util/checksum.rs
@@ -3,18 +3,13 @@
 use ring::digest::Context;
 use ring::digest::SHA256;
 
+/// Generate a SHA256 checksum of a slice of byte-slice-like things.
 pub fn gen(v: &[impl AsRef<[u8]>]) -> String {
   let mut ctx = Context::new(&SHA256);
   for src in v {
     ctx.update(src.as_ref());
   }
-  let digest = ctx.finish();
-  let out: Vec<String> = digest
-    .as_ref()
-    .iter()
-    .map(|byte| format!("{byte:02x}"))
-    .collect();
-  out.join("")
+  faster_hex::hex_string(ctx.finish().as_ref())
 }
 
 #[cfg(test)]
diff --git a/ext/kv/Cargo.toml b/ext/kv/Cargo.toml
index 3cf265213a..1ff5564332 100644
--- a/ext/kv/Cargo.toml
+++ b/ext/kv/Cargo.toml
@@ -26,7 +26,7 @@ deno_unsync = "0.1.1"
 denokv_proto.workspace = true
 denokv_remote.workspace = true
 denokv_sqlite.workspace = true
-hex.workspace = true
+faster-hex.workspace = true
 log.workspace = true
 num-bigint.workspace = true
 prost.workspace = true
diff --git a/ext/kv/lib.rs b/ext/kv/lib.rs
index 3a868d4638..72e1cab304 100644
--- a/ext/kv/lib.rs
+++ b/ext/kv/lib.rs
@@ -12,6 +12,7 @@ use std::num::NonZeroU32;
 use std::rc::Rc;
 use std::time::Duration;
 
+use anyhow::bail;
 use base64::prelude::BASE64_URL_SAFE;
 use base64::Engine;
 use chrono::DateTime;
@@ -234,7 +235,7 @@ impl TryFrom<KvEntry> for ToV8KvEntry {
         .map(key_part_to_v8)
         .collect(),
       value: entry.value.into(),
-      versionstamp: hex::encode(entry.versionstamp).into(),
+      versionstamp: faster_hex::hex_string(&entry.versionstamp).into(),
     })
   }
 }
@@ -511,7 +512,10 @@ fn check_from_v8(value: V8KvCheck) -> Result<Check, AnyError> {
   let versionstamp = match value.1 {
     Some(data) => {
       let mut out = [0u8; 10];
-      hex::decode_to_slice(data, &mut out)
+      if data.len() != out.len() * 2 {
+        bail!(type_error("invalid versionstamp"));
+      }
+      faster_hex::hex_decode(&data, &mut out)
         .map_err(|_| type_error("invalid versionstamp"))?;
       Some(out)
     }
@@ -856,7 +860,7 @@ where
 
   let result = db.atomic_write(atomic_write).await?;
 
-  Ok(result.map(|res| hex::encode(res.versionstamp)))
+  Ok(result.map(|res| faster_hex::hex_string(&res.versionstamp)))
 }
 
 // (prefix, start, end)
diff --git a/ext/node/Cargo.toml b/ext/node/Cargo.toml
index cd03c53fe0..3f417bb019 100644
--- a/ext/node/Cargo.toml
+++ b/ext/node/Cargo.toml
@@ -32,8 +32,8 @@ dsa = "0.6.1"
 ecb.workspace = true
 elliptic-curve.workspace = true
 errno = "0.2.8"
+faster-hex.workspace = true
 h2 = { version = "0.3.17", features = ["unstable"] }
-hex.workspace = true
 hkdf.workspace = true
 http_v02.workspace = true
 idna = "0.3.0"
diff --git a/ext/node/ops/crypto/mod.rs b/ext/node/ops/crypto/mod.rs
index f73d96580a..39d6b8bd54 100644
--- a/ext/node/ops/crypto/mod.rs
+++ b/ext/node/ops/crypto/mod.rs
@@ -163,7 +163,7 @@ pub fn op_node_hash_digest_hex(
   let context = Rc::try_unwrap(context)
     .map_err(|_| type_error("Hash context is already in use"))?;
   let digest = context.digest()?;
-  Ok(hex::encode(digest))
+  Ok(faster_hex::hex_string(&digest))
 }
 
 #[op2(fast)]