Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
JSON (de)serialization, GraphQL and JSON schema generation using Python typing.
apischema makes your life easier when dealing with API data.
https://wyfo.github.io/apischema/
pip install apischema
It requires only Python 3.8+. PyPy3 is also fully supported.
(If you wonder how this differs from the pydantic library, see the dedicated section of the documentation — there are many differences.)
This library fulfills the following goals:
Foo
, list[Bar]
, NewType(Id, int)
, etc.) the same way.No known alternative achieves all of this, and apischema is also (a lot) faster than all of them.
On top of that, because APIs are not only JSON, apischema is also a complete GraphQL library
Actually, apischema is even adaptable enough to enable support of competitor libraries in a few dozens of line of code (pydantic support example using conversions feature)
from collections.abc import Collection
from dataclasses import dataclass, field
from uuid import UUID, uuid4
import pytest
from graphql import print_schema
from apischema import ValidationError, deserialize, serialize
from apischema.graphql import graphql_schema
from apischema.json_schema import deserialization_schema
# Define a schema with standard dataclasses
@dataclass
class Resource:
id: UUID
name: str
tags: set[str] = field(default_factory=set)
# Get some data
uuid = uuid4()
data = {"id": str(uuid), "name": "wyfo", "tags": ["some_tag"]}
# Deserialize data
resource = deserialize(Resource, data)
assert resource == Resource(uuid, "wyfo", {"some_tag"})
# Serialize objects
assert serialize(Resource, resource) == data
# Validate during deserialization
with pytest.raises(ValidationError) as err: # pytest checks exception is raised
deserialize(Resource, {"id": "42", "name": "wyfo"})
assert err.value.errors == [
{"loc": ["id"], "err": "badly formed hexadecimal UUID string"}
]
# Generate JSON Schema
assert deserialization_schema(Resource) == {
"$schema": "http://json-schema.org/draft/2020-12/schema#",
"type": "object",
"properties": {
"id": {"type": "string", "format": "uuid"},
"name": {"type": "string"},
"tags": {
"type": "array",
"items": {"type": "string"},
"uniqueItems": True,
"default": [],
},
},
"required": ["id", "name"],
"additionalProperties": False,
}
# Define GraphQL operations
def resources(tags: Collection[str] | None = None) -> Collection[Resource] | None:
...
# Generate GraphQL schema
schema = graphql_schema(query=[resources], id_types={UUID})
schema_str = """\
type Query {
resources(tags: [String!]): [Resource!]
}
type Resource {
id: ID!
name: String!
tags: [String!]!
}"""
assert print_schema(schema) == schema_str
apischema works out of the box with your data model.
This example and further ones are using pytest API because they are in fact run as tests in the library CI
All documentation examples are written using the last Python minor version — currently 3.10 — in order to provide up-to-date documentation. Because Python 3.10 specificities (like PEP 585) are used, this version is "mandatory" to execute the examples as-is.
In addition to pytest, some examples use third-party libraries like SQLAlchemy or attrs. All of this dependencies can be downloaded using the examples
extra with
pip install apischema[examples]
Once dependencies are installed, you can simply copy-paste examples and execute them, using the proper Python version.
FAQs
JSON (de)serialization, GraphQL and JSON schema generation using Python typing.
We found that apischema demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.