7 releases

0.3.3 Aug 17, 2024
0.3.2 Nov 25, 2023
0.3.1 Apr 9, 2023
0.3.0 Jan 31, 2023
0.2.5 Dec 29, 2021

#862 in Encoding

Download history 7361/week @ 2024-07-18 6626/week @ 2024-07-25 7930/week @ 2024-08-01 6016/week @ 2024-08-08 6350/week @ 2024-08-15 7683/week @ 2024-08-22 7591/week @ 2024-08-29 7955/week @ 2024-09-05 7175/week @ 2024-09-12 7520/week @ 2024-09-19 7611/week @ 2024-09-26 7304/week @ 2024-10-03 8413/week @ 2024-10-10 9001/week @ 2024-10-17 9058/week @ 2024-10-24 7238/week @ 2024-10-31

35,148 downloads per month
Used in 170 crates (10 directly)

MIT license

110KB
3K SLoC

CBOR 0x(4+4)9 0x49

github actions crates license docs.rs

“The Concise Binary Object Representation (CBOR) is a data format whose design goals include the possibility of extremely small code size, fairly small message size, and extensibility without the need for version negotiation.”

see rfc8949

Compatibility

The core mod should be fully compatible with rfc8949, but some extensions will not be implemented in this crate, such as datetime, bignum, bigfloat.

The serde mod defines how Rust types should be expressed in CBOR, which is not any standard, so different crate may have inconsistent behavior.

This library is intended to be compatible with serde_cbor, but will not follow some unreasonable designs of serde_cbor.

  • cbor4ii will express the unit type as an empty array instead of null. This avoids the problem that serde_cbor cannot distinguish between None and Some(()). see https://github.com/pyfisch/cbor/issues/185
  • cbor4ii does not support packed mode, and it may be implemented in future, but it may not be compatible with serde_cbor. If you want packed mode, you should look at bincode.

Performance

It is not specifically optimized for performance in implementation, but benchmarks shows that its performance is slightly better than serde_cbor.

And it supports zero-copy deserialization and deserialize_ignored_any of serde, so in some scenarios it may perform better than crate that do not support such feature.

Robustness

The decode part has been fuzz tested, and it should not crash or panic during the decoding process.

The decode of serde module has a depth limit to prevent stack overflow or OOM caused by specially constructed input. If you want to turn off deep inspection or adjust parameters, you can implement the dec::Read trait yourself.

License

This project is licensed under the MIT license.

Dependencies

~225KB