# loads

> **Function** in `langchain_core`

📖 [View in docs](https://reference.langchain.com/python/langchain-core/load/load/loads)

Revive a LangChain class from a JSON string.

Equivalent to `load(json.loads(text))`.

Only classes in the allowlist can be instantiated. The default allowlist includes
core LangChain types (messages, prompts, documents, etc.). See
`langchain_core.load.mapping` for the full list.

!!! warning "Do not use with untrusted input"

    This function instantiates Python objects and can trigger side effects
    during deserialization. **Never call `loads()` on data from an untrusted
    or unauthenticated source.** See the module-level security model
    documentation for details and best practices.

## Signature

```python
loads(
    text: str,
    *,
    allowed_objects: Iterable[AllowedObject] | Literal['all', 'core'] = 'core',
    secrets_map: dict[str, str] | None = None,
    valid_namespaces: list[str] | None = None,
    secrets_from_env: bool = False,
    additional_import_mappings: dict[tuple[str, ...], tuple[str, ...]] | None = None,
    ignore_unserializable_fields: bool = False,
    init_validator: InitValidator | None = default_init_validator,
) -> Any
```

## Parameters

| Name | Type | Required | Description |
|------|------|----------|-------------|
| `text` | `str` | Yes | The string to load. |
| `allowed_objects` | `Iterable[AllowedObject] \| Literal['all', 'core']` | No | Allowlist of classes that can be deserialized.  - `'core'` (default): Allow classes defined in the serialization mappings     for `langchain_core`. - `'all'`: Allow classes defined in the serialization mappings.      This includes core LangChain types (messages, prompts, documents, etc.)     and trusted partner integrations. See `langchain_core.load.mapping` for     the full list.  - Explicit list of classes: Only those specific classes are allowed. - `[]`: Disallow all deserialization (will raise on any object). (default: `'core'`) |
| `secrets_map` | `dict[str, str] \| None` | No | A map of secrets to load.  Only include the specific secrets the serialized object requires. If a secret is not found in the map, it will be loaded from the environment if `secrets_from_env` is `True`. (default: `None`) |
| `valid_namespaces` | `list[str] \| None` | No | Additional namespaces (modules) to allow during deserialization, beyond the default trusted namespaces. (default: `None`) |
| `secrets_from_env` | `bool` | No | Whether to load secrets from the environment.  A crafted payload can name arbitrary environment variables in its `secret` fields, so enabling this on untrusted data can leak sensitive values. Keep this `False` (the default) unless the serialized data is fully trusted. (default: `False`) |
| `additional_import_mappings` | `dict[tuple[str, ...], tuple[str, ...]] \| None` | No | A dictionary of additional namespace mappings.  You can use this to override default mappings or add new mappings.  When `allowed_objects` is `None` (using defaults), paths from these mappings are also added to the allowed class paths. (default: `None`) |
| `ignore_unserializable_fields` | `bool` | No | Whether to ignore unserializable fields. (default: `False`) |
| `init_validator` | `InitValidator \| None` | No | Optional callable to validate kwargs before instantiation.  If provided, this function is called with `(class_path, kwargs)` where `class_path` is the class path tuple and `kwargs` is the kwargs dict. The validator should raise an exception if the object should not be deserialized, otherwise return `None`.  Defaults to `default_init_validator` which blocks jinja2 templates. (default: `default_init_validator`) |

## Returns

`Any`

Revived LangChain objects.

---

[View source on GitHub](https://github.com/langchain-ai/langchain/blob/f0c5a28fa05adcda89aebcb449d897245ab21fa4/libs/core/langchain_core/load/load.py#L511)