Gathering detailed insights and metrics for js-yaml
Gathering detailed insights and metrics for js-yaml
Gathering detailed insights and metrics for js-yaml
Gathering detailed insights and metrics for js-yaml
npm install js-yaml
Module System
Min. Node Version
Typescript Support
Node Version
NPM Version
6,315 Stars
1,289 Commits
775 Forks
75 Watching
3 Branches
74 Contributors
Updated on 28 Nov 2024
JavaScript (96.28%)
HTML (2.88%)
CSS (0.67%)
Shell (0.17%)
Cumulative downloads
Total Downloads
Last day
-7.8%
17,469,612
Compared to previous day
Last week
0.3%
101,064,230
Compared to previous week
Last month
10.1%
424,567,565
Compared to previous month
Last year
24.7%
4,315,589,561
Compared to previous year
This is an implementation of YAML, a human-friendly data serialization language. Started as PyYAML port, it was completely rewritten from scratch. Now it's very fast, and supports 1.2 spec.
npm install js-yaml
If you want to inspect your YAML files from CLI, install js-yaml globally:
npm install -g js-yaml
usage: js-yaml [-h] [-v] [-c] [-t] file
Positional arguments:
file File with YAML document(s)
Optional arguments:
-h, --help Show this help message and exit.
-v, --version Show program's version number and exit.
-c, --compact Display errors in compact mode
-t, --trace Show stack trace on error
Here we cover the most 'useful' methods. If you need advanced details (creating your own tags), see examples for more info.
1const yaml = require('js-yaml'); 2const fs = require('fs'); 3 4// Get document, or throw exception on error 5try { 6 const doc = yaml.load(fs.readFileSync('/home/ixti/example.yml', 'utf8')); 7 console.log(doc); 8} catch (e) { 9 console.log(e); 10}
Parses string
as single YAML document. Returns either a
plain object, a string, a number, null
or undefined
, or throws YAMLException
on error. By default, does
not support regexps, functions and undefined.
options:
filename
(default: null) - string to be used as a file path in
error/warning messages.onWarning
(default: null) - function to call on warning messages.
Loader will call this function with an instance of YAMLException
for each warning.schema
(default: DEFAULT_SCHEMA
) - specifies a schema to use.
FAILSAFE_SCHEMA
- only strings, arrays and plain objects:
https://www.yaml.org/spec/1.2/spec.html#id2802346JSON_SCHEMA
- all JSON-supported types:
https://www.yaml.org/spec/1.2/spec.html#id2803231CORE_SCHEMA
- same as JSON_SCHEMA
:
https://www.yaml.org/spec/1.2/spec.html#id2804923DEFAULT_SCHEMA
- all supported YAML types.json
(default: false) - compatibility with JSON.parse behaviour. If true, then duplicate keys in a mapping will override values rather than throwing an error.NOTE: This function does not understand multi-document sources, it throws exception on those.
NOTE: JS-YAML does not support schema-specific tag resolution restrictions.
So, the JSON schema is not as strictly defined in the YAML specification.
It allows numbers in any notation, use Null
and NULL
as null
, etc.
The core schema also has no such restrictions. It allows binary notation for integers.
Same as load()
, but understands multi-document sources. Applies
iterator
to each document if specified, or returns array of documents.
1const yaml = require('js-yaml'); 2 3yaml.loadAll(data, function (doc) { 4 console.log(doc); 5});
Serializes object
as a YAML document. Uses DEFAULT_SCHEMA
, so it will
throw an exception if you try to dump regexps or functions. However, you can
disable exceptions by setting the skipInvalid
option to true
.
options:
indent
(default: 2) - indentation width to use (in spaces).noArrayIndent
(default: false) - when true, will not add an indentation level to array elementsskipInvalid
(default: false) - do not throw on invalid types (like function
in the safe schema) and skip pairs and single values with such types.flowLevel
(default: -1) - specifies level of nesting, when to switch from
block to flow style for collections. -1 means block style everwherestyles
- "tag" => "style" map. Each tag may have own set of styles.schema
(default: DEFAULT_SCHEMA
) specifies a schema to use.sortKeys
(default: false
) - if true
, sort keys when dumping YAML. If a
function, use the function to sort the keys.lineWidth
(default: 80
) - set max line width. Set -1
for unlimited width.noRefs
(default: false
) - if true
, don't convert duplicate objects into referencesnoCompatMode
(default: false
) - if true
don't try to be compatible with older
yaml versions. Currently: don't quote "yes", "no" and so on, as required for YAML 1.1condenseFlow
(default: false
) - if true
flow sequences will be condensed, omitting the space between a, b
. Eg. '[a,b]'
, and omitting the space between key: value
and quoting the key. Eg. '{"a":b}'
Can be useful when using yaml for pretty URL query params as spaces are %-encoded.quotingType
('
or "
, default: '
) - strings will be quoted using this quoting style. If you specify single quotes, double quotes will still be used for non-printable characters.forceQuotes
(default: false
) - if true
, all non-key strings will be quoted even if they normally don't need to.replacer
- callback function (key, value)
called recursively on each key/value in source object (see replacer
docs for JSON.stringify
).The following table show availlable styles (e.g. "canonical",
"binary"...) available for each tag (.e.g. !!null, !!int ...). Yaml
output is shown on the right side after =>
(default setting) or ->
:
1!!null 2 "canonical" -> "~" 3 "lowercase" => "null" 4 "uppercase" -> "NULL" 5 "camelcase" -> "Null" 6 "empty" -> "" 7 8!!int 9 "binary" -> "0b1", "0b101010", "0b1110001111010" 10 "octal" -> "0o1", "0o52", "0o16172" 11 "decimal" => "1", "42", "7290" 12 "hexadecimal" -> "0x1", "0x2A", "0x1C7A" 13 14!!bool 15 "lowercase" => "true", "false" 16 "uppercase" -> "TRUE", "FALSE" 17 "camelcase" -> "True", "False" 18 19!!float 20 "lowercase" => ".nan", '.inf' 21 "uppercase" -> ".NAN", '.INF' 22 "camelcase" -> ".NaN", '.Inf'
Example:
1dump(object, { 2 'styles': { 3 '!!null': 'canonical' // dump null as ~ 4 }, 5 'sortKeys': true // sort object keys 6});
The list of standard YAML tags and corresponding JavaScript types. See also YAML tag discussion and YAML types repository.
!!null '' # null
!!bool 'yes' # bool
!!int '3...' # number
!!float '3.14...' # number
!!binary '...base64...' # buffer
!!timestamp 'YYYY-...' # date
!!omap [ ... ] # array of key-value pairs
!!pairs [ ... ] # array or array pairs
!!set { ... } # array of objects with given keys and null values
!!str '...' # string
!!seq [ ... ] # array
!!map { ... } # object
JavaScript-specific tags
See js-yaml-js-types for extra types.
Note, that you use arrays or objects as key in JS-YAML. JS does not allow objects
or arrays as keys, and stringifies (by calling toString()
method) them at the
moment of adding them.
1--- 2? [ foo, bar ] 3: - baz 4? { foo: bar } 5: - baz 6 - baz
1{ "foo,bar": ["baz"], "[object Object]": ["baz", "baz"] }
Also, reading of properties on implicit block mapping keys is not supported yet. So, the following YAML document cannot be loaded.
1&anchor foo: 2 foo: bar 3 *anchor: duplicate key 4 baz: bat 5 *anchor: duplicate key
Available as part of the Tidelift Subscription
The maintainers of js-yaml and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. Learn more.
The latest stable version of the package.
Stable Version
1
0/10
Summary
Deserialization Code Execution in js-yaml
Affected Versions
< 2.0.5
Patched Versions
2.0.5
1
0/10
Summary
Code Injection in js-yaml
Affected Versions
< 3.13.1
Patched Versions
3.13.1
1
5.9/10
Summary
Denial of Service in js-yaml
Affected Versions
< 3.13.0
Patched Versions
3.13.0
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
Reason
project is fuzzed
Details
Reason
security policy file detected
Details
Reason
Found 4/30 approved changesets -- score normalized to 1
Reason
detected GitHub workflow tokens with excessive permissions
Details
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
Reason
branch protection not enabled on development/release branches
Details
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
Score
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More