jsonpickle

4.1.1 verified Tue May 12 auth: no python install: verified

jsonpickle is a Python library for serialization and deserialization of complex Python objects to and from JSON. It extends standard JSON encoders to handle more complex data structures than what Python's `json` module natively supports. As of version 4.1.1, the project is actively maintained with a regular release cadence.

pip install jsonpickle

Common errors

error ImportError: No module named 'jsonpickle' ↓

cause The jsonpickle library is not installed or not accessible in your current Python environment.

fix

Run pip install jsonpickle to install the library.

error jsonpickle.decode returns dict instead of object ↓

cause When deserializing, the original class definition for the object is not globally accessible in the current Python environment, or the object was encoded with `unpicklable=False`, which strips type metadata.

fix

Ensure the custom class definition is imported and available in the global scope when calling jsonpickle.decode(). If unpicklable=False was used during encoding, jsonpickle cannot reconstruct the original object type, and you will receive a dictionary representation.

error jsonpickle deserialization vulnerability Remote Code Execution ↓

cause Deserializing untrusted JSON data with `jsonpickle.decode()` can lead to arbitrary code execution, as `jsonpickle` is designed to reconstruct complex Python objects and methods, similar to the `pickle` module.

fix

Never use jsonpickle.decode() on data from untrusted or unvalidated sources. For untrusted data, use standard JSON parsing (json.loads) and validate against explicit schemas. If using jsonpickle is necessary, ensure safe=True is passed to decode() and understand its limitations.

error AttributeError: 'OrderedDict' object has no attribute '_OrderedDict__root' ↓

cause This specific `AttributeError` can occur during `jsonpickle.decode()` when an `OrderedDict` object, possibly originating from a specific library version (e.g., older `requests` versions), is being restored and lacks an expected internal attribute that `jsonpickle` attempts to access.

fix

Upgrade jsonpickle to the latest version. If the problem persists, try upgrading the conflicting library (e.g., requests). As a workaround, you might convert OrderedDict instances to standard dict objects before serialization if their order is not critical for deserialization outside of the original context.

Warnings

breaking Security Warning: Deserializing untrusted data with `jsonpickle.decode()` can lead to Remote Code Execution (RCE). Like Python's `pickle` module, `jsonpickle` can execute arbitrary code during unpickling if malicious data is provided. ↓

fix NEVER deserialize data from untrusted sources. If processing untrusted input, use safer serialization methods like the standard `json` module, define explicit schemas, or sign data with an HMAC to ensure integrity.

breaking Python 3.7 is no longer supported starting with `jsonpickle` v4.0.0. ↓

fix Upgrade to Python 3.8 or newer to use `jsonpickle` v4.x.

breaking The default value of the `safe` parameter in `jsonpickle.decode()` changed from `False` to `True` in v4.0.0. Setting `safe=False` enables backwards-compatible deserialization of `repr`-serialized objects but uses `eval()` and is not secure against malicious inputs. ↓

fix Ensure you are not explicitly setting `safe=False` when dealing with untrusted input. The default `safe=True` is recommended for security. If you need to decode old data, re-pickle it with a newer version.

deprecated The `jsonpickle.compat` module is no longer used internally and may be removed in a future version (e.g., v5.0.0). ↓

fix Avoid direct usage of `jsonpickle.compat` and its functions. Review `CHANGES.rst` for specific function deprecations that might affect your code.

deprecated Certain utility functions in `jsonpickle/util.py` were deprecated in v4.1.0 and are planned for removal in v5.0.0 to facilitate static typing. Additionally, `jsonpickle.ext.yaml` will no longer be registered by default in v5.0.0. ↓

fix Review your code for direct calls to functions within `jsonpickle.util` or reliance on `jsonpickle.ext.yaml` being automatically registered. Migrate away from these as v5.0.0 approaches.

Install compatibility verified last tested: 2026-05-12

python os / libc status wheel install import disk

3.10 alpine (musl) wheel - 0.15s 18.1M

3.10 alpine (musl) - - 0.15s 18.1M

3.10 slim (glibc) wheel 1.5s 0.10s 19M

3.10 slim (glibc) - - 0.10s 19M

3.11 alpine (musl) wheel - 0.23s 20.0M

3.11 alpine (musl) - - 0.21s 20.0M

3.11 slim (glibc) wheel 1.7s 0.16s 21M

3.11 slim (glibc) - - 0.16s 21M

3.12 alpine (musl) wheel - 0.15s 11.9M

3.12 alpine (musl) - - 0.16s 11.9M

3.12 slim (glibc) wheel 1.5s 0.16s 12M

3.12 slim (glibc) - - 0.18s 12M

3.13 alpine (musl) wheel - 0.13s 11.6M

3.13 alpine (musl) - - 0.14s 11.5M

3.13 slim (glibc) wheel 1.5s 0.13s 12M

3.13 slim (glibc) - - 0.20s 12M

3.9 alpine (musl) wheel - 0.16s 17.6M

3.9 alpine (musl) - - 0.13s 17.6M

3.9 slim (glibc) wheel 1.8s 0.10s 18M

3.9 slim (glibc) - - 0.10s 18M

Imports

jsonpickle
```
import jsonpickle
```

Quickstart last tested: 2026-04-24

This quickstart demonstrates encoding a custom Python object (a dataclass instance) into a JSON string and then decoding it back into a Python object using `jsonpickle.encode` and `jsonpickle.decode`.

import jsonpickle
from dataclasses import dataclass

@dataclass
class MyObject:
    name: str
    value: int

# Create an object
original_obj = MyObject(name="Example", value=123)

# Encode the object to a JSON string
encoded_json = jsonpickle.encode(original_obj)
print(f"Encoded JSON: {encoded_json}")

# Decode the JSON string back to a Python object
decoded_obj = jsonpickle.decode(encoded_json)

# Verify the decoded object
assert decoded_obj == original_obj
print(f"Decoded object: {decoded_obj}")