cachetools
★
★
★
★
★
3
reviews
Extensible memoizing collections and decorators
95
Security
23
Quality
58
Maintenance
64
Overall
v7.0.1
PyPI
Python
Feb 10, 2026
No Known Issues
This package has a good security score with no known vulnerabilities.
2697
GitHub Stars
4.0/5
Avg Rating
Community Reviews
RECOMMENDED
Solid caching primitives with excellent decorator ergonomics
cachetools provides a clean, intuitive API for caching that feels natural for Python developers. The decorator pattern (@cached, @cachedmethod) works exactly as you'd expect, and the library ships with sensible defaults like LRU, TTL, and LFU cache implementations. Type hints are present throughout, making IDE autocomplete reliable and catching basic errors before runtime.
The cache eviction policies are configurable and predictable, which is critical for production systems. I've used it extensively for API response caching and expensive computation memoization without surprises. The TTLCache is particularly useful for time-sensitive data.
The main friction point is the lack of async support - you'll need workarounds or alternative libraries for async/await code. Documentation is functional but sparse on advanced patterns like custom eviction policies or thread-safety considerations. Error messages are standard Python fare, nothing exceptional but rarely cryptic.
The cache eviction policies are configurable and predictable, which is critical for production systems. I've used it extensively for API response caching and expensive computation memoization without surprises. The TTLCache is particularly useful for time-sensitive data.
The main friction point is the lack of async support - you'll need workarounds or alternative libraries for async/await code. Documentation is functional but sparse on advanced patterns like custom eviction policies or thread-safety considerations. Error messages are standard Python fare, nothing exceptional but rarely cryptic.
Decorator syntax (@cached) is intuitive and requires minimal boilerplate
Built-in cache types (LRU, TTL, LFU) cover most common use cases out of the box
Type hints throughout enable strong IDE support and mypy validation
Thread-safe implementations (with appropriate locks) for concurrent access
No native async/await support, limiting usefulness in modern async Python codebases
Documentation lacks comprehensive examples of advanced usage patterns and edge cases
Best for: Synchronous Python applications needing straightforward function memoization or in-memory caching with standard eviction policies.
Avoid if: You're building async-first applications or need distributed caching across multiple processes or machines.
RECOMMENDED
Solid caching primitive with minimal security surface area
From a security perspective, cachetools is refreshingly simple—it's pure Python with zero dependencies, which dramatically reduces supply chain risk. The library provides thread-safe caching decorators and data structures (LRU, LFU, TTL variants) without network calls, crypto, or authentication concerns. I've used it extensively for memoizing expensive computations and rate limiting, and the attack surface is minimal.
The main security consideration is cache poisoning via untrusted input keys. The library doesn't sanitize or validate keys—you must ensure cache keys from user input are properly bounded and can't exhaust memory. TTLCache with maxsize limits helps, but you need discipline around key generation. Error handling is straightforward with standard Python exceptions that don't leak sensitive data.
The API is well-designed with clear bounds checking and predictable eviction behavior. No TLS/network concerns since it's purely in-memory. Thread safety is opt-in via locks or RLock decorators, which I appreciate—explicit is better than implicit. The code is readable enough to audit yourself if needed.
The main security consideration is cache poisoning via untrusted input keys. The library doesn't sanitize or validate keys—you must ensure cache keys from user input are properly bounded and can't exhaust memory. TTLCache with maxsize limits helps, but you need discipline around key generation. Error handling is straightforward with standard Python exceptions that don't leak sensitive data.
The API is well-designed with clear bounds checking and predictable eviction behavior. No TLS/network concerns since it's purely in-memory. Thread safety is opt-in via locks or RLock decorators, which I appreciate—explicit is better than implicit. The code is readable enough to audit yourself if needed.
Zero runtime dependencies eliminates supply chain risk entirely
Thread-safe decorators with explicit locking patterns (@cached decorator accepts lock parameter)
Predictable memory bounds when maxsize is properly configured
Clear exception behavior without information leakage
No built-in protection against cache key exhaustion attacks from untrusted input
Documentation lacks security guidance on safe key generation patterns
Best for: In-memory caching of trusted computations where you control cache key generation and need minimal dependencies.
Avoid if: You need distributed caching, persistence, or built-in input sanitization for user-controlled cache keys.
RECOMMENDED
Solid caching primitives with minimal security surface area
Cachetools provides straightforward, pure-Python caching implementations (LRU, LFU, TTL) with minimal dependencies—literally zero external deps. From a security perspective, this is refreshing: no supply chain concerns, no hidden network calls, no crypto to audit. The library does exactly what it says: provides data structures and decorators for memoization.
The API is simple and predictable. Cache implementations behave like standard dicts with size/time constraints. Error handling is minimal but appropriate—you get standard KeyError and ValueError where expected. There's no logging or exception exposure that could leak sensitive data. Input validation is basic: the library trusts you not to cache sensitive objects inappropriately, which is the right design choice for a low-level primitive.
The main security consideration is on you: cachetools won't prevent you from accidentally caching authentication tokens or sensitive data across user contexts. The @cached decorator's key function must be carefully designed in multi-tenant scenarios. No built-in thread safety on standard caches (use locks explicitly), though this is well-documented.
The API is simple and predictable. Cache implementations behave like standard dicts with size/time constraints. Error handling is minimal but appropriate—you get standard KeyError and ValueError where expected. There's no logging or exception exposure that could leak sensitive data. Input validation is basic: the library trusts you not to cache sensitive objects inappropriately, which is the right design choice for a low-level primitive.
The main security consideration is on you: cachetools won't prevent you from accidentally caching authentication tokens or sensitive data across user contexts. The @cached decorator's key function must be carefully designed in multi-tenant scenarios. No built-in thread safety on standard caches (use locks explicitly), though this is well-documented.
Zero external dependencies eliminates supply chain attack surface
Minimal code footprint makes security auditing straightforward
No built-in serialization or network functionality reduces potential vulnerability vectors
Predictable exception behavior without information leakage
No thread-safe cache implementations by default requires manual locking patterns
Easy to accidentally cache sensitive data without lifecycle management
Best for: Projects needing simple, auditable in-memory caching with minimal dependency risk and full control over cache key generation.
Avoid if: You need distributed caching, built-in encryption, or automatic cache invalidation across services.
Write a Review
Sign in to write a review
Sign In
Used By