Gathering detailed insights and metrics for @zkochan/js-yaml
Gathering detailed insights and metrics for @zkochan/js-yaml
JavaScript YAML parser and dumper. Very fast.
Installations
npm install @zkochan/js-yamlDeveloper Guide
BETA
Typescript
No
Module System
ESM
Node Version
20.11.1
NPM Version
10.5.0
Releases
Unable to fetch releases
Languages
4
JavaScript
HTML
CSS
Shell
JavaScript (96.28%)
HTML (2.88%)
CSS (0.67%)
Shell (0.17%)
Developer
Download Statistics
Total Downloads
356,356,619
Last Day
749,694
Last Week
3,911,440
Last Month
16,692,049
Last Year
188,073,242
GitHub Statistics
MIT License
6,406 Stars
1,289 Commits
774 Forks
74 Watchers
3 Branches
74 Contributors
Updated on May 07, 2025
Bundle Size
39.06 kB
Minified
12.98 kB
Minified + Gzipped
Maintainers
1
Package Meta Information
Latest Version
0.0.7
Package Id
@zkochan/js-yaml@0.0.7
Unpacked Size
376.37 kB
Size
92.63 kB
File Count
32
NPM Version
10.5.0
Node Version
20.11.1
Published on
Mar 08, 2024
Total Downloads
Cumulative downloads
Total Downloads
356,356,619
Last Day
62.2%
749,694
Compared to previous day
Last Week
6.2%
3,911,440
Compared to previous week
Last Month
-7.7%
16,692,049
Compared to previous month
Last Year
48%
188,073,242
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
JS-YAML - YAML 1.2 parser / writer for JavaScript
This is an implementation of YAML, a human-friendly data serialization language. Started as PyYAML port, it was completely rewritten from scratch. Now it's very fast, and supports 1.2 spec.
Installation
YAML module for node.js
npm install js-yaml
CLI executable
If you want to inspect your YAML files from CLI, install js-yaml globally:
npm install -g js-yaml
Usage
usage: js-yaml [-h] [-v] [-c] [-t] file
Positional arguments:
file File with YAML document(s)
Optional arguments:
-h, --help Show this help message and exit.
-v, --version Show program's version number and exit.
-c, --compact Display errors in compact mode
-t, --trace Show stack trace on error
API
Here we cover the most 'useful' methods. If you need advanced details (creating your own tags), see examples for more info.
1const yaml = require('js-yaml'); 2const fs = require('fs'); 3 4// Get document, or throw exception on error 5try { 6 const doc = yaml.load(fs.readFileSync('/home/ixti/example.yml', 'utf8')); 7 console.log(doc); 8} catch (e) { 9 console.log(e); 10}
load (string [ , options ])
Parses string as single YAML document. Returns either a
plain object, a string, a number, null or undefined, or throws YAMLException on error. By default, does
not support regexps, functions and undefined.
options:
filename(default: null) - string to be used as a file path in error/warning messages.onWarning(default: null) - function to call on warning messages. Loader will call this function with an instance ofYAMLExceptionfor each warning.schema(default:DEFAULT_SCHEMA) - specifies a schema to use.FAILSAFE_SCHEMA- only strings, arrays and plain objects: http://www.yaml.org/spec/1.2/spec.html#id2802346JSON_SCHEMA- all JSON-supported types: http://www.yaml.org/spec/1.2/spec.html#id2803231CORE_SCHEMA- same asJSON_SCHEMA: http://www.yaml.org/spec/1.2/spec.html#id2804923DEFAULT_SCHEMA- all supported YAML types.
json(default: false) - compatibility with JSON.parse behaviour. If true, then duplicate keys in a mapping will override values rather than throwing an error.
NOTE: This function does not understand multi-document sources, it throws exception on those.
NOTE: JS-YAML does not support schema-specific tag resolution restrictions.
So, the JSON schema is not as strictly defined in the YAML specification.
It allows numbers in any notation, use Null and NULL as null, etc.
The core schema also has no such restrictions. It allows binary notation for integers.
loadAll (string [, iterator] [, options ])
Same as load(), but understands multi-document sources. Applies
iterator to each document if specified, or returns array of documents.
1const yaml = require('js-yaml'); 2 3yaml.loadAll(data, function (doc) { 4 console.log(doc); 5});
dump (object [ , options ])
Serializes object as a YAML document. Uses DEFAULT_SCHEMA, so it will
throw an exception if you try to dump regexps or functions. However, you can
disable exceptions by setting the skipInvalid option to true.
options:
indent(default: 2) - indentation width to use (in spaces).noArrayIndent(default: false) - when true, will not add an indentation level to array elementsskipInvalid(default: false) - do not throw on invalid types (like function in the safe schema) and skip pairs and single values with such types.flowLevel(default: -1) - specifies level of nesting, when to switch from block to flow style for collections. -1 means block style everwherestyles- "tag" => "style" map. Each tag may have own set of styles.schema(default:DEFAULT_SCHEMA) specifies a schema to use.sortKeys(default:false) - iftrue, sort keys when dumping YAML. If a function, use the function to sort the keys.lineWidth(default:80) - set max line width.noRefs(default:false) - iftrue, don't convert duplicate objects into referencesnoCompatMode(default:false) - iftruedon't try to be compatible with older yaml versions. Currently: don't quote "yes", "no" and so on, as required for YAML 1.1condenseFlow(default:false) - iftrueflow sequences will be condensed, omitting the space betweena, b. Eg.'[a,b]', and omitting the space betweenkey: valueand quoting the key. Eg.'{"a":b}'Can be useful when using yaml for pretty URL query params as spaces are %-encoded.quotingType('or", default:') - strings will be quoted using this quoting style. If you specify single quotes, double quotes will still be used for non-printable characters.forceQuotes(default:false) - iftrue, all non-key strings will be quoted even if they normally don't need to.replacer- callbackfunction (key, value)called recursively on each key/value in source object (seereplacerdocs forJSON.stringify).
The following table show availlable styles (e.g. "canonical",
"binary"...) available for each tag (.e.g. !!null, !!int ...). Yaml
output is shown on the right side after => (default setting) or ->:
1!!null 2 "canonical" -> "~" 3 "lowercase" => "null" 4 "uppercase" -> "NULL" 5 "camelcase" -> "Null" 6 7!!int 8 "binary" -> "0b1", "0b101010", "0b1110001111010" 9 "octal" -> "0o1", "0o52", "0o16172" 10 "decimal" => "1", "42", "7290" 11 "hexadecimal" -> "0x1", "0x2A", "0x1C7A" 12 13!!bool 14 "lowercase" => "true", "false" 15 "uppercase" -> "TRUE", "FALSE" 16 "camelcase" -> "True", "False" 17 18!!float 19 "lowercase" => ".nan", '.inf' 20 "uppercase" -> ".NAN", '.INF' 21 "camelcase" -> ".NaN", '.Inf'
Example:
1dump(object, { 2 'styles': { 3 '!!null': 'canonical' // dump null as ~ 4 }, 5 'sortKeys': true // sort object keys 6});
Supported YAML types
The list of standard YAML tags and corresponding JavaScript types. See also YAML tag discussion and YAML types repository.
!!null '' # null
!!bool 'yes' # bool
!!int '3...' # number
!!float '3.14...' # number
!!binary '...base64...' # buffer
!!timestamp 'YYYY-...' # date
!!omap [ ... ] # array of key-value pairs
!!pairs [ ... ] # array or array pairs
!!set { ... } # array of objects with given keys and null values
!!str '...' # string
!!seq [ ... ] # array
!!map { ... } # object
JavaScript-specific tags
See js-yaml-js-types for extra types.
Caveats
Note, that you use arrays or objects as key in JS-YAML. JS does not allow objects
or arrays as keys, and stringifies (by calling toString() method) them at the
moment of adding them.
1--- 2? [ foo, bar ] 3: - baz 4? { foo: bar } 5: - baz 6 - baz
1{ "foo,bar": ["baz"], "[object Object]": ["baz", "baz"] }
Also, reading of properties on implicit block mapping keys is not supported yet. So, the following YAML document cannot be loaded.
1&anchor foo: 2 foo: bar 3 *anchor: duplicate key 4 baz: bat 5 *anchor: duplicate key
js-yaml for enterprise
Available as part of the Tidelift Subscription
The maintainers of js-yaml and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. Learn more.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
project is fuzzed
Details
- Info: OSSFuzz integration found
- Info: JavaScriptPropertyBasedTesting integration found: test/25-dumper-fuzzy.js:4
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/nodeca/.github/SECURITY.md:1
- Info: Found linked content: github.com/nodeca/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/nodeca/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/nodeca/.github/SECURITY.md:1
Reason
Found 4/30 approved changesets -- score normalized to 1
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/nodeca/js-yaml/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/nodeca/js-yaml/ci.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:27
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 4 are checked with a SAST tool
Score
4.8
/10
Last Scanned on 2025-04-28
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More