Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
By Socket Research Team - Dec 02, 2024
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
msgspec
A fast serialization and validation library, with builtin support for JSON, MessagePack, YAML, and TOML.
- Maintainers
- 1
msgspec is a fast serialization and validation library, with builtin
support for JSON, MessagePack,
YAML, and TOML. It features:
-
🚀 High performance encoders/decoders for common protocols. The JSON and MessagePack implementations regularly benchmark as the fastest options for Python.
-
🎉 Support for a wide variety of Python types. Additional types may be supported through extensions.
-
🔍 Zero-cost schema validation using familiar Python type annotations. In benchmarks
msgspecdecodes and validates JSON faster than orjson can decode it alone. -
✨ A speedy Struct type for representing structured data. If you already use dataclasses or attrs, structs should feel familiar. However, they're 5-60x faster for common operations.
All of this is included in a lightweight library with no required dependencies.
msgspec may be used for serialization alone, as a faster JSON or
MessagePack library. For the greatest benefit though, we recommend using
msgspec to handle the full serialization & validation workflow:
Define your message schemas using standard Python type annotations.
>>> import msgspec
>>> class User(msgspec.Struct):
... """A new type describing a User"""
... name: str
... groups: set[str] = set()
... email: str | None = None
Encode messages as JSON, or one of the many other supported protocols.
>>> alice = User("alice", groups={"admin", "engineering"})
>>> alice
User(name='alice', groups={"admin", "engineering"}, email=None)
>>> msg = msgspec.json.encode(alice)
>>> msg
b'{"name":"alice","groups":["admin","engineering"],"email":null}'
Decode messages back into Python objects, with optional schema validation.
>>> msgspec.json.decode(msg, type=User)
User(name='alice', groups={"admin", "engineering"}, email=None)
>>> msgspec.json.decode(b'{"name":"bob","groups":[123]}', type=User)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
msgspec.ValidationError: Expected `str`, got `int` - at `$.groups[0]`
msgspec is designed to be as performant as possible, while retaining some of
the nicities of validation libraries like
pydantic. For supported types,
encoding/decoding a message with msgspec can be
~10-80x faster than alternative libraries.
See the documentation for more information.
LICENSE
New BSD. See the License File.
FAQs
A fast serialization and validation library, with builtin support for JSON, MessagePack, YAML, and TOML.
We found that msgspec demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Research
Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
By Kirill Boychenko - Nov 27, 2024
Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
By Sarah Gooding - Nov 26, 2024