The main branch is the supported development line for safejson.

Please report dependency issues, malformed-input crashes, or other security concerns through GitHub's private vulnerability reporting when available, or by opening a minimal public issue without exploit payloads.

Useful reports include:

• Inputs that trigger RecursionError, MemoryError, process crashes, or non-linear runtime before a configured limit fires.
• Cases where allow_nan=False, duplicate-key rejection, or a Limits ceiling is bypassed.
• Packaging or CI changes that install a different source tree than the tested package.

For untrusted input, callers should still apply a transport-level byte limit before passing data into this project. safejson enforces JSON structure and decoded string/container limits after input has already arrived in memory; it is not a streaming network reader and it is not a schema validator.