Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
A fast serialization and validation library, with builtin support for JSON, MessagePack, YAML, and TOML.
msgspec
is a fast serialization and validation library, with builtin
support for JSON, MessagePack,
YAML, and TOML. It features:
🚀 High performance encoders/decoders for common protocols. The JSON and MessagePack implementations regularly benchmark as the fastest options for Python.
🎉 Support for a wide variety of Python types. Additional types may be supported through extensions.
🔍 Zero-cost schema validation using familiar Python type annotations. In
benchmarks msgspec
decodes and validates JSON faster than
orjson can decode it alone.
✨ A speedy Struct type for representing structured data. If you already use dataclasses or attrs, structs should feel familiar. However, they're 5-60x faster for common operations.
All of this is included in a lightweight library with no required dependencies.
msgspec
may be used for serialization alone, as a faster JSON or
MessagePack library. For the greatest benefit though, we recommend using
msgspec
to handle the full serialization & validation workflow:
Define your message schemas using standard Python type annotations.
>>> import msgspec
>>> class User(msgspec.Struct):
... """A new type describing a User"""
... name: str
... groups: set[str] = set()
... email: str | None = None
Encode messages as JSON, or one of the many other supported protocols.
>>> alice = User("alice", groups={"admin", "engineering"})
>>> alice
User(name='alice', groups={"admin", "engineering"}, email=None)
>>> msg = msgspec.json.encode(alice)
>>> msg
b'{"name":"alice","groups":["admin","engineering"],"email":null}'
Decode messages back into Python objects, with optional schema validation.
>>> msgspec.json.decode(msg, type=User)
User(name='alice', groups={"admin", "engineering"}, email=None)
>>> msgspec.json.decode(b'{"name":"bob","groups":[123]}', type=User)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
msgspec.ValidationError: Expected `str`, got `int` - at `$.groups[0]`
msgspec
is designed to be as performant as possible, while retaining some of
the nicities of validation libraries like
pydantic. For supported types,
encoding/decoding a message with msgspec
can be
~10-80x faster than alternative libraries.
See the documentation for more information.
New BSD. See the License File.
FAQs
A fast serialization and validation library, with builtin support for JSON, MessagePack, YAML, and TOML.
We found that msgspec demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.