et-xmlfile

et-xmlfile is a straightforward implementation for incremental XML writing using the standard library's ElementTree. It works reliably for its core purpose—generating large XML files without loading everything into memory. The API mirrors lxml.xmlfile closely, which is helpful if you're familiar with that interface, but there's a learning curve if you're not.

The documentation is sparse at best. You'll find yourself reading the source code or relying on lxml's documentation to understand usage patterns. Type hints are absent, meaning no IDE autocomplete guidance and no mypy validation—surprising for a 2024 release. Error messages are basic standard library exceptions without helpful context about what went wrong in your XML structure.

In practice, it does what it promises: write XML incrementally with low memory overhead. But the DX feels like an afterthought. You're mostly on your own figuring out the correct element nesting, context manager usage, and method chaining patterns. It works well once you understand it, but getting there requires trial and error.

et-xmlfile provides incremental XML writing using the standard library's ElementTree, which is useful for generating large XML files without loading everything into memory. The API mirrors lxml.xmlfile closely, making it straightforward if you're already familiar with that interface. However, the learning curve is steep if you're coming in fresh.

The documentation is essentially non-existent beyond basic docstrings. There's no official guide explaining when to use xmlfile() vs element() context managers, how namespace handling works, or best practices for streaming large datasets. You'll spend time reading the source code or relying on openpyxl's usage (the main consumer of this library) as implicit documentation. Error messages are minimal - you get standard Python exceptions without helpful context about what went wrong in your XML structure.

For day-to-day use, it does what it claims but feels like an internal dependency that was extracted rather than a public API designed for broad consumption. Type hints are present but basic. IDE support works but you won't get helpful completion suggestions for the actual XML writing workflow.

et-xmlfile provides a lightweight streaming XML writer using Python's standard library ElementTree. It's primarily used by openpyxl for generating Excel files efficiently. The API is straightforward for basic incremental XML writing, but lacks the robustness you'd want for security-critical applications.

From a security perspective, the library is concerning. There's minimal input validation - it doesn't sanitize tag names or attribute values, making it trivial to generate malformed XML if you're not careful with user input. Error messages can expose internal state and file paths. The library doesn't implement any protections against XML billion laughs or entity expansion attacks (though it's write-only, so read-side attacks don't apply). There's no documentation on secure usage patterns or input sanitization recommendations.

The dependency footprint is minimal (standard library only), which is good for supply chain risk. However, the project has sparse documentation, limited maintenance activity, and no visible CVE response process. For generating trusted XML where you control all inputs, it works fine. For anything involving user data or requiring XML schema validation, you'll need additional defensive layers.