Category
marshmallow(Python シリアライズ/バリデーション)の実装ガイド
marshmallow は『Python オブジェクト ⇄ dict/JSON』の双方向変換を Schema として宣言し、信頼できない外部入力を load() で検証して堰き止め、内部の値を dump() で安全に整形する、ORM/フレームワーク非依存のシリアライズ/バリデーションライブラリです。本クラスタは、Schema/fields の基礎と境界設計(dump_only/load_only/unknown でマスアサインメントと機密漏洩を防ぐ)、業務ルールを持つ値を再利用可能な型にするカスタムフィールド、Flask×SQLAlchemy(marshmallow-sqlalchemy)での本番 REST API、スキーマ再利用・テスト・可観測性による本番品質化、marshmallow 3→4 の破壊的変更の安全な移行、そして Pydantic との使い分けまでを扱います。経済産業大臣賞を受賞した B2B SaaS のバックエンド(Flask/SQLAlchemy)で marshmallow を本番運用した知見を根拠に、型安全・セキュリティ・テスト容易性を担保した設計を、公式ドキュメントに忠実な実コードで体系化します。
6 articles in total
Foundational guide
Foundational guide (start here)
marshmallow Practical Guide: Robustly Designing Python Object Serialization / Validation at the Boundary (v4-Compatible)
Faithfully to the marshmallow official documentation (v4.3), explains from a practical standpoint: the bidirectional serialization of Schema/fields, boundary validation with load(), @validates/@validates_schema, Nested, the safe design of load_only/dump_only, marshmallow-sqlalchemy integration, the 3→4 migration, and how to choose between it and Pydantic.
Related practical articles
- Pythonmarshmallowマイグレーション型安全テスト
Complete Guide to marshmallow 3 → 4 Migration: Crossing the Breaking Changes Safely
Organizing marshmallow 4's breaking changes faithfully to the official upgrade guide. From missing/default→load_default/dump_default, pass_many→pass_collection, the ban on instantiating abstract base classes, validators must raise ValidationError, Schema.context→contextvars, to the abolition of implicit fields—shown before/after, with a procedure for migrating in stages.
22 min read - Pythonmarshmallowバリデーション型安全ドメインモデリング
marshmallow Custom Fields and Advanced Validation: Designing Reusable Domain Types
Explains marshmallow's custom fields faithfully to the official spec. Shown with real code: fields.Field[T] and _serialize/_deserialize, the i18n of make_error and error_messages, reusable domain types like amount (Decimal) / phone (E.164) / enum (fields.Enum), fields.Method/Function/Constant, and extending existing fields.
20 min read - PythonmarshmallowFlaskSQLAlchemyREST API
Designing a Production REST API with marshmallow × Flask × SQLAlchemy: Boundary Validation and Response Shaping
Using marshmallow-sqlalchemy's SQLAlchemyAutoSchema, load_instance, and auto_field, design a production REST API with Flask × SQLAlchemy. We explain — with real code — the input boundary via load(), response shaping via dump(), CRUD that returns 422 through an aggregated ValidationError handler, nesting/relationships, pagination, and testing.
21 min read - Pythonmarshmallowパフォーマンステスト可観測性
Making marshmallow Production-Quality: Performance Optimization, Testing, and Error Design
Raise marshmallow to a quality that withstands production operation. Explained with real code: reusing schema instances, reducing output with only/exclude, memory optimization with register=False, round-trip / happy-path / error-path testing with pytest, structured error logs excluding PII, and observability of validation failures.
21 min read - PythonmarshmallowPydanticシリアライズバリデーション
marshmallow vs Pydantic — A Thorough Comparison: Choosing by Design Philosophy, Performance, and Ecosystem (2026 Decision Guide)
A thorough comparison of marshmallow and Pydantic v2 based on official specs. Descriptor-based schemas vs type annotations, the performance gap of the Rust core, the Flask/SQLAlchemy and FastAPI ecosystems, bidirectional serialization, multiple views of the same data, coexistence and migration — all explained in real code, with selection criteria suited to your project.
18 min read