{"id":1520,"library":"jsonpath-python","title":"JSONPath for Python","description":"jsonpath-python is a lightweight and powerful implementation of the JSONPath specification for Python, enabling users to extract data from JSON objects using XPath-like expressions. It is actively maintained, with version 1.1.5 being the current release, and follows a moderate release cadence addressing fixes, performance, and security.","status":"active","version":"1.1.5","language":"en","source_language":"en","source_url":"https://github.com/sean2077/jsonpath-python","tags":["json","jsonpath","query","data-extraction","parser"],"install":[{"cmd":"pip install jsonpath-python","lang":"bash","label":"Install stable version"}],"dependencies":[],"imports":[{"symbol":"JSONPath","correct":"from jsonpath import JSONPath"}],"quickstart":{"code":"from jsonpath import JSONPath\n\ndata = {\n    \"store\": {\n        \"book\": [\n            {\"category\": \"reference\", \"author\": \"Nigel Rees\", \"title\": \"Sayings of the Century\", \"price\": 8.95},\n            {\"category\": \"fiction\", \"author\": \"Evelyn Waugh\", \"title\": \"Sword of Honour\", \"price\": 12.99}\n        ],\n        \"bicycle\": {\"color\": \"red\", \"price\": 19.95}\n    }\n}\n\n# Find all authors of books\npath_expression = '$..book[*].author'\npath = JSONPath(path_expression)\nauthors = path.parse(data)\nprint(f\"Authors: {authors}\")\n\n# Find all prices\nall_prices = JSONPath('$..price').parse(data)\nprint(f\"All prices: {all_prices}\")","lang":"python","description":"Initializes a JSONPath object with an expression and uses its `parse` method to extract matching values from a dictionary. The `parse` method returns a list of all matched items. Other methods like `match` (returns first match) and `findall` (returns generator) are also available."},"warnings":[{"fix":"Upgrade to version 1.1.5 or newer: `pip install --upgrade jsonpath-python`.","message":"A critical security fix in version 1.1.5 (released 2026-03-17) prevents Remote Code Execution (RCE) via `eval()` in filter expressions. Prior versions (<=1.1.4) were vulnerable if untrusted JSONPath expressions containing filter clauses were processed. Update immediately to prevent potential security breaches.","severity":"breaking","affected_versions":"<=1.1.4"},{"fix":"Ensure that arrays intended for sorting in filter expressions contain elements of a consistent, comparable type. Handle `JSONPathTypeError` if mixed-type data is expected, or pre-process data to normalize types before applying JSONPath expressions.","message":"As of version 1.1.0, sorting arrays with mixed data types (e.g., numbers and strings) in filter expressions will now raise a `JSONPathTypeError`. Previously, this behavior was undefined and could lead to inconsistent or erroneous results without explicit error notification.","severity":"breaking","affected_versions":"<1.1.0"}],"env_vars":null,"last_verified":"2026-04-09T00:00:00.000Z","next_check":"2026-07-08T00:00:00.000Z"}