Welcome to ransack

ransack is a modern, extensible language for manipulation with structured data.

Structured data — like JSON, YAML, TOML and domain-specific formats such as IDEA — form the backbone of many modern applications. These formats appear in configuration files, security logs, telemetry systems, and beyond.

ransack was designed to meet the increasing need for a robust and expressive language to query, filter, and inspect structured data. Whether used in Python code, as part of a log analysis tool, or as a compiler frontend for other systems, ransack provides a flexible foundation.

Why ransack?

ransack is a new implementation and improvement over existing libraries like Pynspect, which was widely used in security monitoring systems like NEMEA and Mentat. Compared to older tools, ransack:

• supports user-defined variables

• enables multi-argument functions

• is extensible and modular

• supports multiple backends (e.g., Python evaluation, SQL translation)

• offers a clean internal architecture for future enhancements

Key features

• a simple and expressive syntax for filters and conditions

• support for context-aware variables and data scoping

• predefined functions

• support for IPv4/IPv6, datetimes, string and list manipulation

• safe and maintainable implementation using Lark for parsing

Get started

New to ransack? See the Quickstart guide.

Contents:

• Quickstart
• Language reference
• API reference

Project links

• Source code

• Issue tracker

• PyPI page