Skip to content

Latest commit

 

History

History
42 lines (35 loc) · 1.79 KB

File metadata and controls

42 lines (35 loc) · 1.79 KB

safejson quality bar

This repository is part of a public portfolio, so the bar is practical correctness, clear documentation, and reproducible checks. For safejson, "quality" means the parser contract is precise enough for untrusted input, the public docs do not overclaim, and every policy is covered by executable tests.

Required checks

  • ruff check . must pass with the full configured rule set.
  • pytest --cov=safejson --cov-branch --cov-fail-under=100 must keep line and branch coverage at 100%.
  • mypy --strict src/safejson must pass with no ignores added to hide public API uncertainty.
  • The Python 3.9, 3.10, 3.11, and 3.12 GitHub Actions matrix must stay green.
  • python -m build must produce installable wheel and sdist artifacts.
  • Public behavior changes must include happy-path, edge-case, and error tests, plus docs updates when the API contract changes.

Parser contract

  • The streaming scanner must remain iterative; deeply nested hostile input should raise LimitExceededError, not RecursionError.
  • Syntax, allow_nan, and every Limits ceiling must be enforced before json.loads constructs containers.
  • Duplicate-key and type-whitelist behavior may rely on stdlib decode hooks, but README wording must continue to make that phase boundary explicit.
  • RFC 8259 conformance tests must compare ordinary valid values with Python's stdlib and pin the deliberate differences: NaN/Infinity rejection and duplicate-key rejection by default.

Release checklist

  • Run the required checks locally.
  • Confirm GitHub Actions is green on the default branch.
  • Confirm Dependabot and secret scanning have no open alerts.
  • Confirm the README still describes the actual API and scope.
  • Smoke-test the installed wheel with safejson.loads(...) before a release tag.