{"id":37020485,"url":"https://github.com/smartbuf/smartbuf-dubbo","last_synced_at":"2026-01-14T02:22:52.444Z","repository":{"id":37145221,"uuid":"222226072","full_name":"smartbuf/smartbuf-dubbo","owner":"smartbuf","description":"The best serialization plugin for dubbo RPC framework, which is based on smartbuf.","archived":false,"fork":false,"pushed_at":"2023-03-08T17:27:51.000Z","size":3655,"stargazers_count":2,"open_issues_count":6,"forks_count":2,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-07-19T16:59:05.460Z","etag":null,"topics":["dubbo","plugin","serialization"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/smartbuf.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-11-17T09:41:26.000Z","updated_at":"2021-09-30T02:49:39.000Z","dependencies_parsed_at":"2022-08-25T11:01:49.925Z","dependency_job_id":null,"html_url":"https://github.com/smartbuf/smartbuf-dubbo","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/smartbuf/smartbuf-dubbo","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smartbuf%2Fsmartbuf-dubbo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smartbuf%2Fsmartbuf-dubbo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smartbuf%2Fsmartbuf-dubbo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smartbuf%2Fsmartbuf-dubbo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/smartbuf","download_url":"https://codeload.github.com/smartbuf/smartbuf-dubbo/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smartbuf%2Fsmartbuf-dubbo/sbom","scorecard":{"id":832680,"data":{"date":"2025-08-11","repo":{"name":"github.com/smartbuf/smartbuf-dubbo","commit":"2046dc6c1f88335733b920c82e5722887cf8670c"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":1.7,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Code-Review","score":0,"reason":"Found 0/15 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 12 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"41 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-5mc7-m686-p6jg","Warn: Project is vulnerable to: GHSA-gm48-83x4-84jg","Warn: Project is vulnerable to: GHSA-gw4j-4229-q4px","Warn: Project is vulnerable to: GHSA-qmfc-6www-fjqw","Warn: Project is vulnerable to: GHSA-v2rg-8cwr-75g8","Warn: Project is vulnerable to: GHSA-pv7h-hx5h-mgfj","Warn: Project is vulnerable to: GHSA-4jrv-ppp4-jm57","Warn: Project is vulnerable to: GHSA-5qwq-g2hx-r6f7","Warn: Project is vulnerable to: GHSA-933g-v89r-x8pf","Warn: Project is vulnerable to: GHSA-5mcr-gq6c-3hq2","Warn: Project is vulnerable to: GHSA-9vjp-v76f-g363","Warn: Project is vulnerable to: GHSA-cqqj-4p63-rrmm","Warn: Project is vulnerable to: GHSA-f256-j965-7f32","Warn: Project is vulnerable to: GHSA-grg4-wf29-r9vv","Warn: Project is vulnerable to: GHSA-p2v9-g2qv-p635","Warn: Project is vulnerable to: GHSA-p979-4mfw-53vg","Warn: Project is vulnerable to: GHSA-wm47-8v5p-wjpj","Warn: Project is vulnerable to: GHSA-wx5j-54mm-rqqq","Warn: Project is vulnerable to: GHSA-xfv3-rrfm-f2rv","Warn: Project is vulnerable to: GHSA-36p3-wjmg-h94x","Warn: Project is vulnerable to: GHSA-hh26-6xwr-ggv7","Warn: Project is vulnerable to: GHSA-4gc7-5j7h-4qph","Warn: Project is vulnerable to: GHSA-4wp7-92pw-q264","Warn: Project is vulnerable to: GHSA-g5mm-vmx4-3rg7","Warn: Project is vulnerable to: GHSA-f26x-pr96-vw86","Warn: Project is vulnerable to: GHSA-ffvq-7w96-97p7","Warn: Project is vulnerable to: GHSA-rcpf-vj53-7h2m","Warn: Project is vulnerable to: GHSA-558x-2xjg-6232","Warn: Project is vulnerable to: GHSA-564r-hj7v-mcr5","Warn: Project is vulnerable to: GHSA-9cmq-m9j5-mvww","Warn: Project is vulnerable to: GHSA-wxqc-pxw9-g2p8","Warn: Project is vulnerable to: GHSA-3mc7-4q67-w48m","Warn: Project is vulnerable to: GHSA-98wm-3w3q-mw94","Warn: Project is vulnerable to: GHSA-9w3m-gqgf-c4p9","Warn: Project is vulnerable to: GHSA-c4r9-r8fh-9vj2","Warn: Project is vulnerable to: GHSA-hhhw-99gj-p3c3","Warn: Project is vulnerable to: GHSA-mjmj-j48q-9wg2","Warn: Project is vulnerable to: GHSA-rvwf-54qp-4r6v","Warn: Project is vulnerable to: GHSA-w37g-rhq8-7m4j","Warn: Project is vulnerable to: GHSA-6gf2-pvqw-37ph","Warn: Project is vulnerable to: GHSA-rfmp-97jj-h8m6"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-23T18:09:03.657Z","repository_id":37145221,"created_at":"2025-08-23T18:09:03.657Z","updated_at":"2025-08-23T18:09:03.657Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28408711,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T01:52:23.358Z","status":"online","status_checked_at":"2026-01-14T02:00:06.678Z","response_time":107,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dubbo","plugin","serialization"],"created_at":"2026-01-14T02:22:51.663Z","updated_at":"2026-01-14T02:22:52.438Z","avatar_url":"https://github.com/smartbuf.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# smartbuf-dubbo [![Travis CI](https://travis-ci.org/smartbuf/smartbuf-dubbo.svg?branch=master)](https://travis-ci.org/smartbuf/smartbuf-dubbo)\n\n*NOTICE: if you need EN version of this documentation, tell me please*\n\n`smartbuf-dubbo`是一个基于`smartbuf`的`dubbo`序列化插件。\n\n它内部封装了[`smartbuf`](https://github.com/smartbuf/smartbuf-java)序列化框架的`stream`模式，\n通过自定义的`SmartbufSerialization`向`dubbo`暴露了一个名为`smartbuf`的序列化器。\n\n# 关于`smartbuf`\n\n`smartbuf`是一种新颖、高效、智能、易用的跨语言序列化框架，它既拥有不亚于`protobuf`的高性能，\n也拥有与`json`相仿的通用性、可扩展性、可调试性等。\n\n它内部采用分区序列化将松散的对象序列化为若干个紧凑的分区，从而大幅提高编码效率，\n具体细节请参考[`smartbuf`项目](https://github.com/smartbuf/smartbuf-java/blob/master/doc/index_zh.md)。\n\n# 使用方式\n\n`smartbuf-dubbo`内部实现非常简单，它只是简单地按照[`dubbo`官方文档](https://dubbo.apache.org/zh-cn/docs/dev/impls/serialize.html)提供了序列化插件，包括三个`class`:\n\n + `SmartbufObjectInput`\n + `SmartbufObjectOutput`\n + `SmartbufSerialization`\n\n以及位于`core/src/main/resources/META-INF.dubbo/`的插件配置。\n\n此插件已打包`deploy`至中心仓库，所以你可以直接通过以下`maven`坐标引入它：\n\n```xml\n\u003cdependency\u003e\n    \u003cgroupId\u003ecom.github.smartbuf\u003c/groupId\u003e\n    \u003cartifactId\u003esmartbuf-dubbo\u003c/artifactId\u003e\n    \u003cversion\u003e1.0.1\u003c/version\u003e\n\u003c/dependency\u003e\n```\n\n当然也可以直接将以上提到的`class`和`resources`配置复制入自己的工程中，同时记得手动添加`smartbuf`依赖。\n\n之后就可以按照官方文档的配置，在`protocol`中选择启用序列化插件，具体效果可能类似于：\n\n```xml\n\u003cdubbo:protocol serialization=\"smartbuf\" /\u003e\n```\n\n此插件支持`com.alibaba`版本与`org.apache`版本的`dubbo`。\n\n# 对比其他序列化方案  \n\n根目录中的`demo-alibaba`和`demo-apache`分别针对`2.6.*`版本和`2.7.*`版本的`dubbo`进行序列化测试，\n测试对象包括`smartbuf`、`fastjson`、`hessian2`、`kryo`、`fst`。\n\n对比测试包括三部分：`tiny`、`user`、`posts`，分别对比测试各个序列化框架在**简单**、**普通**、**复杂**业务中的综合表现。\n\n*提示：对比测试侧重于单线程的序列化性能、数据压缩率，最终数据仅用于横向对比各个序列化框架，并不能体现`dubbo`本身的多并发性能。*\n\n## 大数据集`posts`测试\n\n此测试中`dubbo`接口返回的数据为`100`个固定的`PostModel`实例，其具体模型如下：\n\n```java\npublic class PostModel implements Serializable {\n    private int         postId;\n    private int         authorId;\n    private Integer     prePostId;\n    private String      title;\n    private String      description;\n    private ContentType contentType;\n    private Visibility  visibility;\n    private long        createTime;\n\n    private List\u003cInteger\u003e    mentions = new ArrayList\u003c\u003e();\n    private List\u003cTopicModel\u003e topics   = new ArrayList\u003c\u003e();\n}\n```\n\n测试中随机创建`100`个`PostModel`对象、`10`个`TopicModel`对象，\n然后随机为每个`PostModel`分配若干个`TopicModel`，最终模拟类似实际产品应用中的`queryPost`结果集。\n\n这个数据集采用`json`编码时，大概`20KB`，各个序列化框架调用`10w`次的综合表现为：\n + **`fastjson`**: 耗时约`192s`, 网络输入输出总计约`17.88GB`\n + **`fst`**: 耗时约`52s`, 网络输入输出总计约`4.01GB`\n + **`hessian2`**: 耗时约`115s`, 网络输入输出总计约`11.08GB`\n + **`kryo`**: 耗时约`135s`, 网络输入输出总计约`4.05GB`\n + **`smartbuf`**: 耗时约`75s`, 网络输入输出总计约`2.15GB`\n\n具体表现如下图所示，横轴表示时间，纵轴表示网络流量：\n\n![dubbo-comparison-posts](./doc/smartbuf-posts.png)\n\n**说明**：模型中存在枚举值`ContentType`与`Visibility`，而测试中使用的`kryo`并不支持枚举，因此在测试`kryo`时直接忽略了枚举，最终导致它的测试数据并不完整。\n\n## 普通数据集`user`测试\n\n此测试中`dubbo`接口返回的数据为`1`个固定的`UserModel`实例，其具体模型如下：\n\n```java\npublic class UserModel implements Serializable {\n    private int    id;\n    private String token;\n    private String nickname;\n    private String loginIp;\n    private long   loginTime;\n    private long   createTime;\n    private long   updateTime;\n\n    private List\u003cUserModel\u003e friends = new ArrayList\u003c\u003e();\n}\n```\n\n为了照顾`kryo`，此测试中不再使用`enum`类型。\n\n测试中为`friends`随机创建`20`个`UserModel`对象，顺便测试一下各个序列化框架对循环引用的处理。\n这个数据集采用`json`编码时，大概`4KB`，各个序列化框架调用`30w`次的综合表现为：\n + **`fastjson`**: 耗时约`41s`, 网络输入输出总计约`1.11GB`\n + **`fst`**: 耗时约`31s`, 网络输入输出总计约`0.55GB`\n + **`hessian2`**: 耗时约`32s`, 网络输入输出总计约`0.57GB`\n + **`kryo`**: 耗时约`39s`, 网络输入输出总计约`0.62GB`\n + **`smartbuf`**: 耗时约`41s`, 网络输入输出总计约`0.43GB`\n\n具体表现如下图所示，横轴表示时间，纵轴表示网络流量：\n\n![dubbo-comparison-user](./doc/smartbuf-user.png)\n\n## 小数据集`tiny`测试\n\n此测试中`dubbo`接口返回的数据为一个普通的`uuid`字符串，没有太大的意义。各个序列化框架调用`40w`次的综合表现为：\n + **`fastjson`**: 耗时约`46s`, 网络输入输出总计约`130MB`\n + **`fst`**: 耗时约`38s`, 网络输入输出总计约`122MB`\n + **`hessian2`**: 耗时约`38s`, 网络输入输出总计约`120MB`\n + **`kryo`**: 耗时约`38s`, 网络输入输出总计约`120MB`\n + **`smartbuf`**: 耗时约`42s`, 网络输入输出总计约`120MB`\n\n具体表现如下图所示，横轴表示时间，纵轴表示网络流量：\n\n![dubbo-comparison-tiny](./doc/smartbuf-tiny.png)\n\n## 测试说明\n\n以上测试全部为本地网络，使用的`dubbo`版本号为`2.6.7`。\n\n你可以直接`checkout`源代码在本地执行测试代码。\n测试中用于采集网络`IO`数据的`NetMonitor`类内部使用了`nettop`指令，\n据我了解它应该只支持`osx`操作系统，如果你在其他系统中执行测试，可能无法获得正确的`bytes_in`及`bytes_out`。\n\n# 总结\n\n由于`smartbuf`在架构设计上采用了数据可复用的分区序列化，\n因此面对大数据集、数组、列表等结构时，可以通过**属性复用**的技术优势，显著地提高其编码效率。\n相比于`kryo`、`fst`、`hession2`等时，甚至可以提高**一倍**的**空间利用率**，相比于`json`更是提高**一个数量级**。\n\n由于`smartbuf`底层设计上以类似于json的方式解析数据，因此它的兼容性与`json`相仿，天然地解决了不同对象模型之间的字段兼容。\n且支持大多数常用的数据类型，也包括枚举、泛型等等。相比之下其他序列化框架仅支持`java`语言，\n且存在或多或少的兼容性问题，以及支持数据类型过少的问题。比如测试中发现`kryo`不支持`enum`和`AbstractList$SubList`。\n\n在序列化性能上`smartbuf`相比于`fst`存在一些劣势，可能是分区序列化中内存复制所致，也可能是代码中某些地方存在性能问题。\n不过这种劣势往往只是纳秒级的，相比于数据报文在服务器、机房、区域的网络传输而言，都是微不足道的。","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsmartbuf%2Fsmartbuf-dubbo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsmartbuf%2Fsmartbuf-dubbo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsmartbuf%2Fsmartbuf-dubbo/lists"}