Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
A high-performance JSON Schema validator for Python.
import jsonschema_rs
schema = {"maxLength": 5}
instance = "foo"
# One-off validation
try:
jsonschema_rs.validate(schema, "incorrect")
except jsonschema_rs.ValidationError as exc:
assert str(exc) == '''"incorrect" is longer than 5 characters
Failed validating "maxLength" in schema
On instance:
"incorrect"'''
# Build & reuse (faster)
validator = jsonschema_rs.validator_for(schema)
# Iterate over errors
for error in validator.iter_errors(instance):
print(f"Error: {error}")
print(f"Location: {error.instance_path}")
# Boolean result
assert validator.is_valid(instance)
⚠️ Upgrading from older versions? Check our Migration Guide for key changes.
The following drafts are supported:
You can check the current status on the Bowtie Report.
To install jsonschema-rs
via pip
run the following command:
pip install jsonschema-rs
If you have a schema as a JSON string, then you could pass it to validator_for
to avoid parsing on the Python side:
import jsonschema_rs
validator = jsonschema_rs.validator_for('{"minimum": 42}')
...
You can use draft-specific validators for different JSON Schema versions:
import jsonschema_rs
# Automatic draft detection
validator = jsonschema_rs.validator_for({"minimum": 42})
# Draft-specific validators
validator = jsonschema_rs.Draft7Validator({"minimum": 42})
validator = jsonschema_rs.Draft201909Validator({"minimum": 42})
validator = jsonschema_rs.Draft202012Validator({"minimum": 42})
JSON Schema allows for format validation through the format
keyword. While jsonschema-rs
provides built-in validators for standard formats, you can also define custom format validators
for domain-specific string formats.
To implement a custom format validator:
str
and returns a bool
.formats
argument.import jsonschema_rs
def is_currency(value):
# The input value is always a string
return len(value) == 3 and value.isascii()
validator = jsonschema_rs.validator_for(
{"type": "string", "format": "currency"},
formats={"currency": is_currency},
validate_formats=True # Important for Draft 2019-09 and 2020-12
)
validator.is_valid("USD") # True
validator.is_valid("invalid") # False
Additional configuration options are available for fine-tuning the validation process:
validate_formats
: Override the draft-specific default behavior for format validation.ignore_unknown_formats
: Control whether unrecognized formats should be reported as errors.Example usage of these options:
import jsonschema_rs
validator = jsonschema_rs.Draft202012Validator(
{"type": "string", "format": "date"},
validate_formats=True,
ignore_unknown_formats=False
)
# This will validate the "date" format
validator.is_valid("2023-05-17") # True
validator.is_valid("not a date") # False
# With ignore_unknown_formats=False, using an unknown format will raise an error
invalid_schema = {"type": "string", "format": "unknown"}
jsonschema_rs.Draft202012Validator(invalid_schema, ignore_unknown_formats=False) # Raises an error
jsonschema-rs
is designed for high performance, outperforming other Python JSON Schema validators in most scenarios:
jsonschema
for complex schemas and large instancesfastjsonschema
on CPythonFor detailed benchmarks, see our full performance comparison.
jsonschema-rs
supports CPython 3.8, 3.9, 3.10, 3.11, 3.12, and 3.13.
This library draws API design inspiration from the Python jsonschema
package. We're grateful to the Python jsonschema
maintainers and contributors for their pioneering work in JSON Schema validation.
If you have questions, need help, or want to suggest improvements, please use GitHub Discussions.
If you find jsonschema-rs
useful, please consider sponsoring its development.
We welcome contributions! Here's how you can help:
See CONTRIBUTING.md for more details.
Licensed under MIT License.
FAQs
A high-performance JSON Schema validator for Python
We found that jsonschema-rs demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.