xmltodict
Lightweight XML-to-dict converter for Python — parses XML into OrderedDict and back. xmltodict features: xmltodict.parse() converts XML string to nested dict, xmltodict.unparse() converts dict back to XML, streaming mode for large XML files (item_depth parameter), namespace support, force_list to always return lists, cdata_key for CDATA sections, attr_prefix (default '@') for XML attributes, encoding control, postprocessor callback for type conversion, and expat-based parsing (fast). Ideal for consuming XML APIs as if they were JSON — convert SOAP/RSS/Atom/config XML to Python dicts for agent processing without XPath complexity.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Python's expat parser disables XXE by default (safer than lxml default). No network calls during parsing. Validate XML size before parsing to prevent memory exhaustion from large documents.
⚡ Reliability
Best When
Consuming simple XML APIs (RSS, Atom, config files, basic REST-XML) as Python dicts — xmltodict's zero-learning-curve API converts XML to JSON-like structure in one line, perfect for agents that just need data without XML query sophistication.
Avoid When
You need XPath queries, XSLT transforms, XML validation, or complex namespace handling — use lxml instead.
Use Cases
- • Agent XML API consumption — import xmltodict; response = requests.get(api_url); data = xmltodict.parse(response.text); items = data['feed']['entry'] — parse RSS/Atom feed XML to dict; agent processes XML as JSON-like structure without XPath; far simpler than lxml for straightforward XML-to-dict conversion
- • Agent SOAP response handling — data = xmltodict.parse(soap_response); result = data['soap:Envelope']['soap:Body']['GetItemResponse']['Item'] — traverse SOAP XML as dict; agent legacy enterprise SOAP API integration; combine with attr_prefix='@' for attribute access
- • Agent config XML parsing — with open('config.xml') as f: config = xmltodict.parse(f.read()); db_host = config['configuration']['database']['@host'] — parse XML config files to dict; agent reads legacy XML application configs without lxml overhead; @ prefix accesses XML attributes
- • Agent XML generation — xml_string = xmltodict.unparse({'root': {'item': [{'@id': '1', '#text': 'value'}]}}) — round-trip dict back to XML; agent builds XML request bodies for SOAP/XML APIs from dict structure; unparse preserves attribute and text node structure
- • Agent streaming large XML — def handle_item(path, item): process(item); return True; xmltodict.parse(large_xml_file, item_depth=2, item_callback=handle_item) — stream XML without loading full document into memory; agent processes 100MB+ XML event feeds one item at a time
Not For
- • XPath queries — xmltodict converts XML to dict; for XPath use lxml; dict traversal loses XML query power for complex selections
- • XSLT transforms or XML validation — xmltodict is parse/generate only; use lxml for XMLSchema validation or XSLT transforms
- • Complex namespaced XML — namespace handling in xmltodict produces ugly '{ns}key' dict keys; use lxml for namespace-heavy SOAP or SAML XML
Interface
Authentication
No auth — local parsing library.
Pricing
xmltodict is MIT licensed. Free for all use.
Agent Metadata
Known Gotchas
- ⚠ Single child elements are dict, multiple are list — data['root']['item'] is a dict when XML has one <item>, but a list when multiple <item> exist; agent code doing data['root']['item']['name'] fails when multiple items present; use force_list=('item',) to always return list: xmltodict.parse(xml, force_list=('item',))
- ⚠ Attributes use '@' prefix — XML attribute id in <item id='1'> becomes data['item']['@id']; agent code must use '@id' not 'id' to access XML attributes; configure attr_prefix='' to remove prefix but then conflicts with element names
- ⚠ Text content uses '#text' key — <item id='1'>value</item> becomes {'@id': '1', '#text': 'value'}; agent code doing data['item'] gets dict not string when element has both attributes and text; check for '#text' key or access via data['item']['#text']
- ⚠ Namespace prefixes appear in dict keys — <soap:Body> becomes 'soap:Body' dict key; agent SOAP parsing uses data['soap:Envelope']['soap:Body']; namespace URIs not resolved by default; use namespaces parameter for URI-to-prefix mapping
- ⚠ CDATA sections need cdata_key — <![CDATA[content]]> stored under '#text' key by default; agent code expecting CDATA in separate key must pass cdata_key='content' parameter; without it CDATA merges with element text
- ⚠ No XXE protection by default — xmltodict uses Python's expat parser which disables external entities by default; still validate/sanitize untrusted XML before parsing; extremely large XML can cause memory issues without streaming item_depth mode
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for xmltodict.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-07.