Function●Since v0.3

load

Load a LangChain object from a JSON string.

WARNING — insecure deserialization risk. This function instantiates classes and invokes constructors based on the contents of text. If text originates from an untrusted source, an attacker can craft a payload that instantiates arbitrary allowed classes with attacker-controlled arguments, potentially causing secret exfiltration, SSRF, or other side effects.

Only call load() on data you have produced yourself or received from a fully trusted origin (e.g., your own database). Never deserialize user-supplied or network-received JSON without independent validation.

load<T>(text: string, options: LoadOptions): Promise<T>

Parameters

Name	Type	Description
`text`*	`string`	The JSON string to parse and load.
`options`	`LoadOptions`	Options for loading. See LoadOptions for security guidance.

Example

import { load } from "@langchain/core/load";
import { AIMessage } from "@langchain/core/messages";

// Basic usage - secrets must be provided explicitly
const msg = await load<AIMessage>(jsonString);

// With secrets from a map (preferred over secretsFromEnv)
const msg = await load<AIMessage>(jsonString, {
  secretsMap: { OPENAI_API_KEY: "sk-..." }
});

// Allow loading secrets from environment — ONLY for fully trusted data
const msg = await load<AIMessage>(jsonString, {
  secretsFromEnv: true
});

View source on GitHub

load

Parameters

Example

LangChain Assistant

Menu

load

Parameters

Example