{"id":5743,"library":"xml-python","title":"xml-python","description":"xml-python is a library for making Python objects from XML, designed to parse XML nodes using decorated functions. Last updated in January 2021 (v0.4.3), the project appears to be unmaintained with no public documentation beyond its minimal PyPI description.","status":"maintenance","version":"0.4.3","language":"en","source_language":"en","source_url":"Not publicly available on PyPI or easily discoverable via web search.","tags":["xml","parsing","object-mapping"],"install":[{"cmd":"pip install xml-python","lang":"bash","label":"Install with pip"}],"dependencies":[],"imports":[{"symbol":"xml_objects","correct":"from xml_python import xml_objects"}],"quickstart":{"code":"from xml_python import xml_objects\n\nxml_data = \"\"\"\n<root>\n  <title>This is a title</title>\n  <text>This is some text</text>\n</root>\n\"\"\"\n\n# Define a Python class to represent your XML structure\nclass MyNodeObject(xml_objects.XMLObject):\n    pass\n\n# Use a decorator to associate the parser function with the 'root' tag\n@xml_objects.node_parser(MyNodeObject, 'root')\ndef parse_root(parser, node):\n    # Extract data from child nodes\n    parser.title = node.find('title').text\n    parser.text = node.find('text').text\n\n# Parse the XML string into the Python object\nroot_object = xml_objects.parse_string(xml_data)\n\nprint(f\"Parsed Title: {root_object.title}\")\nprint(f\"Parsed Text: {root_object.text}\")","lang":"python","description":"This quickstart demonstrates how to define a Python object that maps to an XML structure using `xml-python`'s decorator-based parsing. It defines a `MyNodeObject` class and a `parse_root` function decorated to handle the 'root' XML tag, extracting data from its 'title' and 'text' child nodes."},"warnings":[{"fix":"Evaluate alternatives like `xml.etree.ElementTree` (built-in standard library), `lxml` for performance and advanced features, or `xmltodict` for XML to dictionary conversion, which are actively maintained and well-documented.","message":"The `xml-python` library has not been updated since January 2021, and there is no active public repository or detailed documentation available. This may indicate a lack of ongoing maintenance and potential compatibility issues with newer Python versions or security patches.","severity":"gotcha","affected_versions":"<=0.4.3"},{"fix":"Sanitize XML input from untrusted sources. For critical applications, consider using libraries specifically designed with security in mind (e.g., `defusedxml` which hardens standard library parsers). If possible, validate XML against a schema (XSD) if one is available.","message":"When parsing XML from untrusted sources, all XML parsing libraries (including standard library modules like `xml.etree.ElementTree` and third-party ones) can be vulnerable to security risks like 'Billion Laughs' or 'XML External Entity (XXE)' attacks. Since `xml-python` lacks clear documentation on its parsing mechanisms and security hardening, it's crucial to exercise caution.","severity":"gotcha","affected_versions":"<=0.4.3"}],"env_vars":null,"last_verified":"2026-04-12T00:00:00.000Z","next_check":"2026-07-11T00:00:00.000Z"}