#serde #cbor #serialization

no-std cbor4ii

CBOR: Concise Binary Object Representation

6 releases

0.3.2 Nov 25, 2023
0.3.1 Apr 9, 2023
0.3.0 Jan 31, 2023
0.2.13 Apr 26, 2022
0.2.5 Dec 29, 2021

#213 in Encoding

Download history 10378/week @ 2023-11-02 9164/week @ 2023-11-09 6777/week @ 2023-11-16 8932/week @ 2023-11-23 8253/week @ 2023-11-30 7468/week @ 2023-12-07 5990/week @ 2023-12-14 3237/week @ 2023-12-21 4367/week @ 2023-12-28 6262/week @ 2024-01-04 8502/week @ 2024-01-11 10534/week @ 2024-01-18 10456/week @ 2024-01-25 10490/week @ 2024-02-01 11080/week @ 2024-02-08 11781/week @ 2024-02-15

46,020 downloads per month
Used in 153 crates (7 directly)

MIT license


CBOR 0x(4+4)9 0x49

github actions crates license docs.rs

“The Concise Binary Object Representation (CBOR) is a data format whose design goals include the possibility of extremely small code size, fairly small message size, and extensibility without the need for version negotiation.”

see rfc8949


The core mod should be fully compatible with rfc8949, but some extensions will not be implemented in this crate, such as datetime, bignum, bigfloat.

The serde mod defines how Rust types should be expressed in CBOR, which is not any standard, so different crate may have inconsistent behavior.

This library is intended to be compatible with serde_cbor, but will not follow some unreasonable designs of serde_cbor.

  • cbor4ii will express the unit type as an empty array instead of null. This avoids the problem that serde_cbor cannot distinguish between None and Some(()). see https://github.com/pyfisch/cbor/issues/185
  • cbor4ii does not support packed mode, and it may be implemented in future, but it may not be compatible with serde_cbor. If you want packed mode, you should look at bincode.


It is not specifically optimized for performance in implementation, but benchmarks shows that its performance is slightly better than serde_cbor.

And it supports zero-copy deserialization and deserialize_ignored_any of serde, so in some scenarios it may perform better than crate that do not support such feature.


The decode part has been fuzz tested, and it should not crash or panic during the decoding process.

The decode of serde module has a depth limit to prevent stack overflow or OOM caused by specially constructed input. If you want to turn off deep inspection or adjust parameters, you can implement the dec::Read trait yourself.


This project is licensed under the MIT license.