{"id":884,"library":"jsonpickle","title":"jsonpickle","description":"jsonpickle is a Python library for serialization and deserialization of complex Python objects to and from JSON. It extends standard JSON encoders to handle more complex data structures than what Python's `json` module natively supports. As of version 4.1.1, the project is actively maintained with a regular release cadence.","status":"active","version":"4.1.1","language":"python","source_language":"en","source_url":"https://github.com/jsonpickle/jsonpickle","tags":["json","serialization","deserialization","pickle","dataclass","object-graph"],"install":[{"cmd":"pip install jsonpickle","lang":"bash","label":"Install stable version"}],"dependencies":[{"reason":"Optional: For serializing NumPy arrays and models via jsonpickle.ext.numpy.","package":"numpy","optional":true},{"reason":"Optional: For serializing Pandas DataFrames and other data types via jsonpickle.ext.pandas.","package":"pandas","optional":true},{"reason":"Optional: For serializing ecdsa module's keys.","package":"gmpy2","optional":true},{"reason":"Optional: Can be used as an alternative JSON backend.","package":"simplejson","optional":true},{"reason":"Optional: Can be used as an alternative JSON backend.","package":"ujson","optional":true},{"reason":"Optional: For YAML backend support via jsonpickle.ext.yaml.","package":"PyYAML","optional":true}],"imports":[{"symbol":"jsonpickle","correct":"import jsonpickle"}],"quickstart":{"code":"import jsonpickle\nfrom dataclasses import dataclass\n\n@dataclass\nclass MyObject:\n    name: str\n    value: int\n\n# Create an object\noriginal_obj = MyObject(name=\"Example\", value=123)\n\n# Encode the object to a JSON string\nencoded_json = jsonpickle.encode(original_obj)\nprint(f\"Encoded JSON: {encoded_json}\")\n\n# Decode the JSON string back to a Python object\ndecoded_obj = jsonpickle.decode(encoded_json)\n\n# Verify the decoded object\nassert decoded_obj == original_obj\nprint(f\"Decoded object: {decoded_obj}\")","lang":"python","description":"This quickstart demonstrates encoding a custom Python object (a dataclass instance) into a JSON string and then decoding it back into a Python object using `jsonpickle.encode` and `jsonpickle.decode`."},"warnings":[{"fix":"NEVER deserialize data from untrusted sources. If processing untrusted input, use safer serialization methods like the standard `json` module, define explicit schemas, or sign data with an HMAC to ensure integrity.","message":"Security Warning: Deserializing untrusted data with `jsonpickle.decode()` can lead to Remote Code Execution (RCE). Like Python's `pickle` module, `jsonpickle` can execute arbitrary code during unpickling if malicious data is provided.","severity":"breaking","affected_versions":"All versions"},{"fix":"Upgrade to Python 3.8 or newer to use `jsonpickle` v4.x.","message":"Python 3.7 is no longer supported starting with `jsonpickle` v4.0.0.","severity":"breaking","affected_versions":">=4.0.0"},{"fix":"Ensure you are not explicitly setting `safe=False` when dealing with untrusted input. The default `safe=True` is recommended for security. If you need to decode old data, re-pickle it with a newer version.","message":"The default value of the `safe` parameter in `jsonpickle.decode()` changed from `False` to `True` in v4.0.0. Setting `safe=False` enables backwards-compatible deserialization of `repr`-serialized objects but uses `eval()` and is not secure against malicious inputs.","severity":"breaking","affected_versions":">=4.0.0"},{"fix":"Avoid direct usage of `jsonpickle.compat` and its functions. Review `CHANGES.rst` for specific function deprecations that might affect your code.","message":"The `jsonpickle.compat` module is no longer used internally and may be removed in a future version (e.g., v5.0.0).","severity":"deprecated","affected_versions":">=4.0.1"},{"fix":"Review your code for direct calls to functions within `jsonpickle.util` or reliance on `jsonpickle.ext.yaml` being automatically registered. Migrate away from these as v5.0.0 approaches.","message":"Certain utility functions in `jsonpickle/util.py` were deprecated in v4.1.0 and are planned for removal in v5.0.0 to facilitate static typing. Additionally, `jsonpickle.ext.yaml` will no longer be registered by default in v5.0.0.","severity":"deprecated","affected_versions":">=4.1.0"}],"env_vars":null,"last_verified":"2026-05-12T20:45:22.630Z","next_check":"2026-06-27T00:00:00.000Z","problems":[{"fix":"Run `pip install jsonpickle` to install the library.","cause":"The jsonpickle library is not installed or not accessible in your current Python environment.","error":"ImportError: No module named 'jsonpickle'"},{"fix":"Ensure the custom class definition is imported and available in the global scope when calling `jsonpickle.decode()`. If `unpicklable=False` was used during encoding, `jsonpickle` cannot reconstruct the original object type, and you will receive a dictionary representation.","cause":"When deserializing, the original class definition for the object is not globally accessible in the current Python environment, or the object was encoded with `unpicklable=False`, which strips type metadata.","error":"jsonpickle.decode returns dict instead of object"},{"fix":"Never use `jsonpickle.decode()` on data from untrusted or unvalidated sources. For untrusted data, use standard JSON parsing (`json.loads`) and validate against explicit schemas. If using `jsonpickle` is necessary, ensure `safe=True` is passed to `decode()` and understand its limitations.","cause":"Deserializing untrusted JSON data with `jsonpickle.decode()` can lead to arbitrary code execution, as `jsonpickle` is designed to reconstruct complex Python objects and methods, similar to the `pickle` module.","error":"jsonpickle deserialization vulnerability Remote Code Execution"},{"fix":"Upgrade `jsonpickle` to the latest version. If the problem persists, try upgrading the conflicting library (e.g., `requests`). As a workaround, you might convert `OrderedDict` instances to standard `dict` objects before serialization if their order is not critical for deserialization outside of the original context.","cause":"This specific `AttributeError` can occur during `jsonpickle.decode()` when an `OrderedDict` object, possibly originating from a specific library version (e.g., older `requests` versions), is being restored and lacks an expected internal attribute that `jsonpickle` attempts to access.","error":"AttributeError: 'OrderedDict' object has no attribute '_OrderedDict__root'"}],"ecosystem":"pypi","meta_description":null,"install_score":100,"install_tag":"verified","quickstart_score":null,"quickstart_tag":null,"pypi_latest":"4.1.1","cli_name":null,"install_checks":{"last_tested":"2026-05-12","tag":"verified","tag_description":"installs cleanly on critical runtimes, fast import, recently tested","results":[{"runtime":"python:3.10-alpine","python_version":"3.10","os_libc":"alpine (musl)","variant":"default","exit_code":0,"wheel_type":"wheel","failure_reason":null,"install_time_s":null,"import_time_s":0.15,"mem_mb":5.4,"disk_size":"18.1M"},{"runtime":"python:3.10-alpine","python_version":"3.10","os_libc":"alpine (musl)","variant":"default","exit_code":0,"wheel_type":null,"failure_reason":null,"install_time_s":null,"import_time_s":0.15,"mem_mb":5.4,"disk_size":"18.1M"},{"runtime":"python:3.10-slim","python_version":"3.10","os_libc":"slim (glibc)","variant":"default","exit_code":0,"wheel_type":"wheel","failure_reason":null,"install_time_s":1.5,"import_time_s":0.1,"mem_mb":5.4,"disk_size":"19M"},{"runtime":"python:3.10-slim","python_version":"3.10","os_libc":"slim (glibc)","variant":"default","exit_code":0,"wheel_type":null,"failure_reason":null,"install_time_s":null,"import_time_s":0.1,"mem_mb":5.4,"disk_size":"19M"},{"runtime":"python:3.11-alpine","python_version":"3.11","os_libc":"alpine (musl)","variant":"default","exit_code":0,"wheel_type":"wheel","failure_reason":null,"install_time_s":null,"import_time_s":0.23,"mem_mb":6,"disk_size":"20.0M"},{"runtime":"python:3.11-alpine","python_version":"3.11","os_libc":"alpine (musl)","variant":"default","exit_code":0,"wheel_type":null,"failure_reason":null,"install_time_s":null,"import_time_s":0.21,"mem_mb":6,"disk_size":"20.0M"},{"runtime":"python:3.11-slim","python_version":"3.11","os_libc":"slim (glibc)","variant":"default","exit_code":0,"wheel_type":"wheel","failure_reason":null,"install_time_s":1.7,"import_time_s":0.16,"mem_mb":6,"disk_size":"21M"},{"runtime":"python:3.11-slim","python_version":"3.11","os_libc":"slim (glibc)","variant":"default","exit_code":0,"wheel_type":null,"failure_reason":null,"install_time_s":null,"import_time_s":0.16,"mem_mb":6,"disk_size":"21M"},{"runtime":"python:3.12-alpine","python_version":"3.12","os_libc":"alpine (musl)","variant":"default","exit_code":0,"wheel_type":"wheel","failure_reason":null,"install_time_s":null,"import_time_s":0.15,"mem_mb":5.7,"disk_size":"11.9M"},{"runtime":"python:3.12-alpine","python_version":"3.12","os_libc":"alpine (musl)","variant":"default","exit_code":0,"wheel_type":null,"failure_reason":null,"install_time_s":null,"import_time_s":0.16,"mem_mb":5.7,"disk_size":"11.9M"},{"runtime":"python:3.12-slim","python_version":"3.12","os_libc":"slim (glibc)","variant":"default","exit_code":0,"wheel_type":"wheel","failure_reason":null,"install_time_s":1.5,"import_time_s":0.16,"mem_mb":5.7,"disk_size":"12M"},{"runtime":"python:3.12-slim","python_version":"3.12","os_libc":"slim (glibc)","variant":"default","exit_code":0,"wheel_type":null,"failure_reason":null,"install_time_s":null,"import_time_s":0.18,"mem_mb":5.7,"disk_size":"12M"},{"runtime":"python:3.13-alpine","python_version":"3.13","os_libc":"alpine (musl)","variant":"default","exit_code":0,"wheel_type":"wheel","failure_reason":null,"install_time_s":null,"import_time_s":0.13,"mem_mb":5.5,"disk_size":"11.6M"},{"runtime":"python:3.13-alpine","python_version":"3.13","os_libc":"alpine (musl)","variant":"default","exit_code":0,"wheel_type":null,"failure_reason":null,"install_time_s":null,"import_time_s":0.14,"mem_mb":5.5,"disk_size":"11.5M"},{"runtime":"python:3.13-slim","python_version":"3.13","os_libc":"slim (glibc)","variant":"default","exit_code":0,"wheel_type":"wheel","failure_reason":null,"install_time_s":1.5,"import_time_s":0.13,"mem_mb":5.5,"disk_size":"12M"},{"runtime":"python:3.13-slim","python_version":"3.13","os_libc":"slim (glibc)","variant":"default","exit_code":0,"wheel_type":null,"failure_reason":null,"install_time_s":null,"import_time_s":0.2,"mem_mb":5.5,"disk_size":"12M"},{"runtime":"python:3.9-alpine","python_version":"3.9","os_libc":"alpine (musl)","variant":"default","exit_code":0,"wheel_type":"wheel","failure_reason":null,"install_time_s":null,"import_time_s":0.16,"mem_mb":5.4,"disk_size":"17.6M"},{"runtime":"python:3.9-alpine","python_version":"3.9","os_libc":"alpine (musl)","variant":"default","exit_code":0,"wheel_type":null,"failure_reason":null,"install_time_s":null,"import_time_s":0.13,"mem_mb":5.4,"disk_size":"17.6M"},{"runtime":"python:3.9-slim","python_version":"3.9","os_libc":"slim (glibc)","variant":"default","exit_code":0,"wheel_type":"wheel","failure_reason":null,"install_time_s":1.8,"import_time_s":0.1,"mem_mb":5.3,"disk_size":"18M"},{"runtime":"python:3.9-slim","python_version":"3.9","os_libc":"slim (glibc)","variant":"default","exit_code":0,"wheel_type":null,"failure_reason":null,"install_time_s":null,"import_time_s":0.1,"mem_mb":5.3,"disk_size":"18M"}]},"quickstart_checks":{"last_tested":"2026-04-24","tag":null,"tag_description":null,"results":[{"runtime":"python:3.10-alpine","exit_code":0},{"runtime":"python:3.10-slim","exit_code":0},{"runtime":"python:3.11-alpine","exit_code":0},{"runtime":"python:3.11-slim","exit_code":0},{"runtime":"python:3.12-alpine","exit_code":0},{"runtime":"python:3.12-slim","exit_code":0},{"runtime":"python:3.13-alpine","exit_code":0},{"runtime":"python:3.13-slim","exit_code":0},{"runtime":"python:3.9-alpine","exit_code":0},{"runtime":"python:3.9-slim","exit_code":0}]}}