| single |
:alt: Github Actions
:alt: BSD
jsonpickle
==========
jsonpickle is a library for the two-way conversion of complex Python
objects
and [JSON]. jsonpickle builds upon existing JSON
encoders, such as simplejson, json, and ujson.
.. warning::
jsonpickle can execute arbitrary Python code.
Please see the Security section for more details.
For complete documentation, please visit the
[jsonpickle documentation].
Bug reports and merge requests are encouraged at the
[jsonpickle repository on github].
Usage
=====
The following is a very simple example of how one can use jsonpickle in
their scripts/projects. Note the usage of jsonpickle.encode and decode, and
how the data is written/encoded to a file and then read/decoded from the
file.
.. code-block:: python
import jsonpickle
from dataclasses import dataclass
@dataclass
class Example:
data: str
ex = Example("value1")
encoded_instance = jsonpickle.encode(ex)
assert encoded_instance == '{"py/object": "__main__.Example", "data":
"value1"}'
with open("example.json", "w+") as f:
f.write(encoded_instance)
with open("example.json", "r+") as f:
written_instance = f.read()
decoded_instance = jsonpickle.decode(written_instance)
assert decoded_instance == ex
For more examples, see the [examples directory on GitHub] for example
scripts. These can be run on your local machine to see how jsonpickle works
and behaves, and how to use it. Contributions from users regarding how they
use jsonpickle are welcome!
Why jsonpickle?
===============
Data serialized with python's pickle (or cPickle or dill) is not easily
readable outside of python. Using the json format, jsonpickle allows simple
data types to be stored in a human-readable format, and more complex data
types such as numpy arrays and pandas dataframes, to be machine-readable on
any platform that supports json. E.g., unlike pickled data, jsonpickled
data stored in an Amazon S3 bucket is indexible by Amazon's Athena.
Security
========
jsonpickle should be treated the same as the
[Python stdlib pickle module]
from a security perspective.
.. warning::
The jsonpickle module **is not secure**. Only unpickle data you trust.
It is possible to construct malicious pickle data which will **execute
arbitrary code during unpickling**. Never unpickle data that could have
come
from an untrusted source, or that could have been tampered with.
Consider signing data with an HMAC if you need to ensure that it has not
been tampered with.
Safer deserialization approaches, such as reading JSON directly,
may be more appropriate if you are processing untrusted data.
Install
=======
Install from pip for the latest stable release:
::
|