This is a fork of JS-YAML which supports parsing of YAML into AST
Installations
npm install @stoplight/yaml-ast-parserScore
99.8
Supply Chain
83.8
Quality
76.5
Maintenance
100
Vulnerability
100
License
Developer
stoplightio
Developer Guide
Module System
CommonJS
Min. Node Version
Typescript Support
No
Node Version
10.24.1
NPM Version
6.14.12
Statistics
3 Stars
128 Commits
3 Forks
2 Watching
10 Branches
55 Contributors
Updated on 09 Sept 2024
Bundle Size
44.09 kB
Minified
14.19 kB
Minified + Gzipped
Languages
TypeScript (100%)
Total Downloads
Cumulative downloads
Total Downloads
65,755,191
Last day
-8.1%
179,054
Compared to previous day
Last week
1.8%
1,010,360
Compared to previous week
Last month
11.4%
4,160,220
Compared to previous month
Last year
101.6%
34,978,854
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
yaml-ast-parser
This is a fork of JS-YAML which supports parsing of YAML into AST.
In additional to parsing YAML to AST, it has following features:
- restoration after the errors and reporting errors as a part of AST nodes.
- built-in support for
!includetag used in RAML
Usage
The type information below is relevant when using TypeScript, if using from JavaScript only the field/method information is relevant.
load method can be used to load the tree and returns a YAMLNode.
YAMLNode
YAMLNode class is an ancestor for all node kinds.
It's kind field determine node kind, one of Kind enum:
SCALAR,MAPPING,MAP,SEQ,ANCHOR_REForINCLUDE_REF.
After node kind is determined, it can be cast to one of the YAMLNode descendants types:
YAMLScalar,YAMLMapping,YamlMap,YAMLSequenceorYAMLAnchorReference.
| class | important members |
|---|---|
YAMLNode | startPosition and endPosition provide node range. |
YAMLScalar | string value field |
YAMLMapping | YAMLScalar key and YAMLNode value fields |
YAMLSequence | YAMLNode[] items field |
YamlMap | YAMLMapping[] mappings field |
YAMLAnchorReference | string referencesAnchor and YAMLNode value |
YAMLScalar
Scalars are one of the three main node types defined by YAML and are effectively leaf nodes.
There are many factors that can influence the type of datum represent in scalar node (context, schema, tag, etc.).
To help inspection of a YAMLScalar to determine its datatype when a document uses the Core Schema, you can pass the YAMLScalar to the determineScalarType function. It will return an enum value indicating null, bool, int, float, or string.
Once you know the type, there are also some helper functions to help read the value by passing them the string, value: parseYamlBoolean, parseYamlFloat, and parseYamlInteger.
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
all dependencies are pinned
Details
- Info: GitHub-owned GitHubActions are pinned
- Info: Third-party GitHubActions are pinned
- Info: Dockerfile dependencies are pinned
- Info: no insecure (not pinned by hash) dependency downloads found in Dockerfiles
- Info: no insecure (not pinned by hash) dependency downloads found in shell scripts
- Info: Pip installs are pinned
- Info: npm installs are pinned
Reason
license file detected
Details
- Info: License file found in expected location: license.txt:1
- Warn: Any licence detected not an FSF or OSI recognized license: license.txt:1
Reason
9 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-9vvw-cc9w-f27h
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-h6ch-v84p-w6p9
- Warn: Project is vulnerable to: GHSA-qh2h-chj9-jffq
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-w9mr-4mfr-499f
- Warn: Project is vulnerable to: GHSA-cf4h-3jhx-xvhq
Reason
0 commit(s) out of 30 and 0 issue activity out of 0 found in the last 90 days -- score normalized to 0
Reason
found 30 unreviewed changesets out of 30 -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
no SAST tool detected
Details
- Warn: no pull requests merged into dev branch
- Warn: CodeQL tool not detected
Reason
project is not fuzzed
Reason
security policy file not detected
Score
2.8
/10
Last Scanned on 2023-07-24
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More