{"id":22368,"library":"sigstore-models","title":"sigstore-models","description":"Pydantic based models for Sigstore's protobuf specifications. Version 0.0.6 supports Python >=3.10. The library provides Pythonic data structures for Sigstore bundles, verifiable materials, and other sigstore artifacts. Currently in early active development with frequent releases.","status":"active","version":"0.0.6","language":"python","source_language":"en","source_url":"https://github.com/astral-sh/sigstore-models","tags":["sigstore","models","pydantic","protobuf","supply-chain","security"],"install":[{"cmd":"pip install sigstore-models","lang":"bash","label":"Install from PyPI"}],"dependencies":[{"reason":"Core dependency for model definitions","package":"pydantic","optional":false},{"reason":"Used for serialization/deserialization from protobuf","package":"protobuf","optional":false}],"imports":[{"note":"Package name uses underscore, not hyphen","wrong":"from sigstore.models import Bundle","symbol":"Bundle","correct":"from sigstore_models import Bundle"},{"note":"Commonly used type for verifying signatures","symbol":"VerificationMaterial","correct":"from sigstore_models import VerificationMaterial"}],"quickstart":{"code":"from sigstore_models import Bundle\n\n# Load a bundle from a file (e.g., sigstore bundle JSON)\nimport json\nwith open('bundle.sigstore.json') as f:\n    data = json.load(f)\nbundle = Bundle.model_validate(data)\nprint(bundle.media_type)","lang":"python","description":"Load and validate a Sigstore bundle from a JSON file using the Pydantic model. Requires Python >=3.10."},"warnings":[{"fix":"Use Python 3.10 or higher. If stuck on 3.9, pin to sigstore-models<0.0.6.","message":"Drop of Python 3.9 support in v0.0.6. Upgrade to Python 3.10+ after updating.","severity":"breaking","affected_versions":">=0.0.6"},{"fix":"Pin dependencies to exact version (e.g., sigstore-models==0.0.6) in production.","message":"The library currently has no stable release and APIs may change without notice in minor version bumps.","severity":"gotcha","affected_versions":"all"},{"fix":"Use model_dump() to inspect fields after loading if you encounter validation errors.","message":"Some model fields may be renamed as the protobuf spec evolves. Always validate with recent bundles.","severity":"deprecated","affected_versions":"all"}],"env_vars":null,"last_verified":"2026-04-27T00:00:00.000Z","next_check":"2026-07-26T00:00:00.000Z","problems":[{"fix":"Use 'from sigstore_models import Bundle'","cause":"Incorrect package name; using 'sigstore' instead of 'sigstore_models'.","error":"ImportError: cannot import name 'Bundle' from 'sigstore'"},{"fix":"Ensure the bundle conforms to the latest Sigstore bundle spec. Use bundle.model_dump() to see expected schema.","cause":"The input JSON does not match the expected structure (e.g., missing required field).","error":"pydantic_core._pydantic_core.ValidationError: 1 validation error for Bundle"},{"fix":"Upgrade to latest: pip install --upgrade sigstore-models, then import correctly.","cause":"Installed version is too old (pre-0.0.2) or import path wrong.","error":"AttributeError: module 'sigstore_models' has no attribute 'Bundle'"}],"ecosystem":"pypi","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}