{"id":13460271,"url":"https://github.com/jsonpickle/jsonpickle","last_synced_at":"2026-05-28T06:01:38.305Z","repository":{"id":755322,"uuid":"412420","full_name":"jsonpickle/jsonpickle","owner":"jsonpickle","description":"Python library for serializing any arbitrary object graph into JSON. It can take almost any Python object and turn the object into JSON. Additionally, it can reconstitute the object back into Python.","archived":false,"fork":false,"pushed_at":"2026-02-01T23:14:29.000Z","size":2530,"stargazers_count":1318,"open_issues_count":30,"forks_count":178,"subscribers_count":30,"default_branch":"main","last_synced_at":"2026-05-21T16:48:46.885Z","etag":null,"topics":["bsd-3-clause","deserialization","json","objectstorage","pickle","python","serialization"],"latest_commit_sha":null,"homepage":"https://jsonpickle.readthedocs.io/en/latest/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jsonpickle.png","metadata":{"files":{"readme":"README.rst","changelog":"CHANGES.rst","contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":["davvid"],"patreon":"daveinthesky"}},"created_at":"2009-12-10T03:59:23.000Z","updated_at":"2026-05-18T21:41:06.000Z","dependencies_parsed_at":"2023-07-05T19:02:44.159Z","dependency_job_id":"83f677c7-ed2d-4d3f-a7d9-4c6cb21b83e6","html_url":"https://github.com/jsonpickle/jsonpickle","commit_stats":{"total_commits":1415,"total_committers":81,"mean_commits":"17.469135802469136","dds":0.5590106007067137,"last_synced_commit":"01d4e12895a4114a8b189f0ff4ae9fce68256892"},"previous_names":[],"tags_count":56,"template":false,"template_full_name":null,"purl":"pkg:github/jsonpickle/jsonpickle","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jsonpickle%2Fjsonpickle","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jsonpickle%2Fjsonpickle/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jsonpickle%2Fjsonpickle/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jsonpickle%2Fjsonpickle/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jsonpickle","download_url":"https://codeload.github.com/jsonpickle/jsonpickle/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jsonpickle%2Fjsonpickle/sbom","scorecard":{"id":538879,"data":{"date":"2025-08-11","repo":{"name":"github.com/jsonpickle/jsonpickle","commit":"9d4543e0489a1c6ae36149b1144141822b8e13eb"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.8,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":2,"reason":"Found 8/29 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/lint.yml:1","Warn: topLevel 'contents' permission set to 'write': .github/workflows/release.yml:15","Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":10,"reason":"13 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/jsonpickle/jsonpickle/lint.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/jsonpickle/jsonpickle/lint.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/jsonpickle/jsonpickle/lint.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/jsonpickle/jsonpickle/lint.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/jsonpickle/jsonpickle/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/jsonpickle/jsonpickle/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/jsonpickle/jsonpickle/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/jsonpickle/jsonpickle/test.yml/main?enable=pin","Warn: pipCommand not pinned by hash: fuzzing/oss-fuzz-scripts/build.sh:6","Warn: pipCommand not pinned by hash: fuzzing/oss-fuzz-scripts/container-environment-bootstrap.sh:76","Warn: pipCommand not pinned by hash: fuzzing/oss-fuzz-scripts/container-environment-bootstrap.sh:78","Warn: pipCommand not pinned by hash: .github/workflows/test.yml:42","Warn: pipCommand not pinned by hash: .github/workflows/test.yml:43","Warn: pipCommand not pinned by hash: .github/workflows/test.yml:57","Info:   0 out of   6 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: BSD 3-Clause \"New\" or \"Revised\" License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found","Info: PythonAtherisFuzzer integration found: fuzzing/fuzz-targets/fuzz_unpickle.py:4","Info: PythonAtherisFuzzer integration found: fuzzing/fuzz-targets/utils.py:4"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 9 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-20T07:42:17.889Z","repository_id":755322,"created_at":"2025-08-20T07:42:17.889Z","updated_at":"2025-08-20T07:42:17.889Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33596317,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-28T02:00:06.440Z","response_time":99,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bsd-3-clause","deserialization","json","objectstorage","pickle","python","serialization"],"created_at":"2024-07-31T10:00:38.444Z","updated_at":"2026-05-28T06:01:38.299Z","avatar_url":"https://github.com/jsonpickle.png","language":"Python","funding_links":["https://github.com/sponsors/davvid","https://patreon.com/daveinthesky"],"categories":["Python","Data Format \u0026 I/O","Model, Schema","语言资源库","Data Serialization"],"sub_categories":["For Python","python"],"readme":".. image:: https://img.shields.io/pypi/v/jsonpickle.svg\n   :target: `PyPI link`_\n\n.. image:: https://img.shields.io/pypi/pyversions/jsonpickle.svg\n   :target: `PyPI link`_\n\n.. _PyPI link: https://pypi.org/project/jsonpickle\n\n.. image:: https://readthedocs.org/projects/jsonpickle/badge/?version=latest\n   :target: https://jsonpickle.readthedocs.io/en/latest/?badge=latest\n\n.. image:: https://github.com/jsonpickle/jsonpickle/actions/workflows/test.yml/badge.svg\n   :target: https://github.com/jsonpickle/jsonpickle/actions\n   :alt: Github Actions\n\n.. image:: https://img.shields.io/badge/License-BSD%203--Clause-blue.svg\n   :target: https://github.com/jsonpickle/jsonpickle/blob/main/LICENSE\n   :alt: BSD\n\n\njsonpickle\n==========\n\njsonpickle is a library for the two-way conversion of complex Python objects\nand `JSON \u003chttp://json.org/\u003e`_.  jsonpickle builds upon existing JSON\nencoders, such as simplejson, json, and ujson.\n\n.. warning::\n\n   jsonpickle can execute arbitrary Python code.\n\n   Please see the Security section for more details.\n\n\nFor complete documentation, please visit the\n`jsonpickle documentation \u003chttp://jsonpickle.readthedocs.io/\u003e`_.\n\nBug reports and merge requests are encouraged at the\n`jsonpickle repository on github \u003chttps://github.com/jsonpickle/jsonpickle\u003e`_.\n\nUsage\n=====\nThe following is a very simple example of how one can use jsonpickle in their scripts/projects. Note the usage of jsonpickle.encode and decode, and how the data is written/encoded to a file and then read/decoded from the file.\n\n.. code-block:: python\n\n   import jsonpickle\n   from dataclasses import dataclass\n\n\n   @dataclass\n   class Example:\n       data: str\n\n\n   ex = Example(\"value1\")\n   encoded_instance = jsonpickle.encode(ex)\n   assert encoded_instance == '{\"py/object\": \"__main__.Example\", \"data\": \"value1\"}'\n\n   with open(\"example.json\", \"w+\") as f:\n       f.write(encoded_instance)\n\n   with open(\"example.json\", \"r+\") as f:\n       written_instance = f.read()\n       decoded_instance = jsonpickle.decode(written_instance)\n   assert decoded_instance == ex\n\nFor more examples, see the `examples directory on GitHub \u003chttps://github.com/jsonpickle/jsonpickle/tree/main/examples\u003e`_ for example scripts. These can be run on your local machine to see how jsonpickle works and behaves, and how to use it. Contributions from users regarding how they use jsonpickle are welcome!\n\n\nWhy jsonpickle?\n===============\n\nData serialized with python's pickle (or cPickle or dill) is not easily readable outside of python. Using the json format, jsonpickle allows simple data types to be stored in a human-readable format, and more complex data types such as numpy arrays and pandas dataframes, to be machine-readable on any platform that supports json. E.g., unlike pickled data, jsonpickled data stored in an Amazon S3 bucket is indexible by Amazon's Athena.\n\nSecurity\n========\n\njsonpickle should be treated the same as the\n`Python stdlib pickle module \u003chttps://docs.python.org/3/library/pickle.html\u003e`_\nfrom a security perspective.\n\n.. warning::\n\n   The jsonpickle module **is not secure**.  Only unpickle data you trust.\n\n   It is possible to construct malicious pickle data which will **execute\n   arbitrary code during unpickling**.  Never unpickle data that could have come\n   from an untrusted source, or that could have been tampered with.\n\n   Consider signing data with an HMAC if you need to ensure that it has not\n   been tampered with.\n\n   Safer deserialization approaches, such as reading JSON directly,\n   may be more appropriate if you are processing untrusted data.\n\n\nInstall\n=======\n\nInstall from pip for the latest stable release:\n\n::\n\n    pip install jsonpickle\n\nInstall from github for the latest changes:\n\n::\n\n    pip install git+https://github.com/jsonpickle/jsonpickle.git\n\n\nNumpy/Pandas Support\n====================\n\njsonpickle includes built-in numpy and pandas extensions.  If you would\nlike to encode sklearn models, numpy arrays, pandas DataFrames, and other\nnumpy/pandas-based data, then you must enable the numpy and/or pandas\nextensions by registering their handlers::\n\n    \u003e\u003e\u003e import jsonpickle.ext.numpy as jsonpickle_numpy\n    \u003e\u003e\u003e import jsonpickle.ext.pandas as jsonpickle_pandas\n    \u003e\u003e\u003e jsonpickle_numpy.register_handlers()\n    \u003e\u003e\u003e jsonpickle_pandas.register_handlers()\n\n\nDevelopment\n===========\n\nUse `make` to run the unit tests::\n\n        make test\n\n`pytest` is used to run unit tests internally.\n\nA `tox` target is provided to run tests using all installed and supported Python versions::\n\n        make tox\n\n`jsonpickle` itself has no dependencies beyond the Python stdlib.\n`tox` is required for testing when using the `tox` test runner only.\n\nThe testing requirements are specified in `setup.cfg`.\nIt is recommended to create a virtualenv and run tests from within the\nvirtualenv.::\n\n        python3 -mvenv env3\n        source env3/bin/activate\n        pip install --editable '.[dev]'\n        make test\n\nYou can also use a tool such as `vx \u003chttps://github.com/davvid/vx/\u003e`_\nto activate the virtualenv without polluting your shell environment::\n\n        python3 -mvenv env3\n        vx env3 pip install --editable '.[dev]'\n        vx env3 make test\n\nIf you can't use a venv, you can install the testing packages as follows::\n\n        pip install .[testing]\n\n`jsonpickle` supports multiple Python versions, so using a combination of\nmultiple virtualenvs and `tox` is useful in order to catch compatibility\nissues when developing.\n\n\nRelated Links and Projects\n==========================\n\n* `jsonpickleJS \u003chttps://github.com/cuthbertLab/jsonpickleJS/\u003e`_ was a sister\n  project of jsonpickle for implementing similar functionality but in Javascript.\n  The last release was in August 2025.\n\n\nGPG Signing\n===========\n\nUnfortunately, while versions of jsonpickle before 3.0.1 should still be signed,\nGPG signing support was removed from PyPi\n(https://blog.pypi.org/posts/2023-05-23-removing-pgp/) back in May 2023.\n\nLicense\n=======\n\nLicensed under the BSD License. See the LICENSE file for more details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjsonpickle%2Fjsonpickle","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjsonpickle%2Fjsonpickle","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjsonpickle%2Fjsonpickle/lists"}