safepickle - another small but powerful pickling library

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

safepickle - another small but powerful pickling library

Daniel Armak


In a complete coincidence, I’d like to announce another new serialization library, safepickle.

It provides a combination of features that are not available in other pickling libraries:

  1. Pluggable backends for JSON, BSON and other similar formats.
  2. Pickled classes correspond directly to the pickled form (at least for JSON and BSON), making it easy to write classes to represent data whose main schema definition is written in terms of the pickled format. As a matter of policy, safepickle does not automatically serialize types that don’t look ‘natural’ in JSON.
  3. Certain changes to the definitions of pickled types are guaranteed to be backward and forward compatible, so different versions of the program can communicate, and pickled data can be used for long term storage.
  4. Backward incompatible changes can be managed explicitly, with version numbers and conversion code, allowing new code to read data written by old code, and old code to fail on encountering data written by new code.

As a matter of design, it focuses on security and performance at the expense of some features other libraries have:

  • Security: pickled input can be generated by untrusted sources. Unpickling must not instantiate unexpected classes, take unpredictable amounts of space or time, or produce values not of the expected type. The set of pickleable types, and the code that serializes them, is determined at compile time, and runtime reflection is never used.

  • Performance: the picklers are thin layers on top of the backend implementations and should not contribute to pickling overhead in any scenario.

It’s available on maven-central; the latest version is currently 0.7.1.

P.S. I was obviously unaware of picopickle when I started writing this. The feature set is not identical, but close enough that it’s not impossible that one of us might one day decide to join efforts and migrate the missing features to the other project.

Daniel Armak

You received this message because you are subscribed to the Google Groups "scala-announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
For more options, visit