npmpackage.info

yaml

YAML parser and stringifier for JavaScript

2.6.1

1,313

ISC

TypeScript

30.75 kB

6,009,588,017 6.3

Installations

npm install yaml

Score

98.7

Supply Chain

100

Quality

87.7

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

2

Total

144

Closed

22

Merged

120

Issues

Open

14

Total

343

Closed

329

Releases

v2.6.1

Published on 19 Nov 2024

v2.6.0

Published on 13 Oct 2024

v2.5.1

Published on 03 Sept 2024

v2.5.0

Published on 24 Jul 2024

v2.4.5

Published on 08 Jun 2024

v2.4.4

Published on 08 Jun 2024

View all 79 releases

Developer

eemeli

Developer Guide

BETA

Module System

CommonJS, ESM, UMD

Min. Node Version

>= 14

Typescript Support

Yes

Node Version

22.8.0

NPM Version

10.9.0 Statistics

1,313 Stars

1,492 Commits

115 Forks

14 Watching

4 Branches

27 Contributors

Updated on 28 Nov 2024

Bundle Size

103.62 kB

Minified

30.75 kB

Minified + Gzipped

Bundlephobia

Languages

TypeScript (99.07%)

JavaScript (0.93%)

Total Downloads

Cumulative downloads

Total Downloads

6,009,588,017

Last day

-6.8%

10,074,592

Compared to previous day

Last week

2.5%

57,794,728

Compared to previous week

Last month

10.2%

238,369,043

Compared to previous month

Last year

39.2%

2,339,498,131

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Versions

YAML

yaml is a definitive library for YAML, the human friendly data serialization standard. This library:

Supports both YAML 1.1 and YAML 1.2 and all common data schemas,
Passes all of the yaml-test-suite tests,
Can accept any string as input without throwing, parsing as much YAML out of it as it can, and
Supports parsing, modifying, and writing YAML comments and blank lines.

The library is released under the ISC open source license, and the code is available on GitHub. It has no external dependencies and runs on Node.js as well as modern browsers.

For the purposes of versioning, any changes that break any of the documented endpoints or APIs will be considered semver-major breaking changes. Undocumented library internals may change between minor versions, and previous APIs may be deprecated (but not removed).

The minimum supported TypeScript version of the included typings is 3.9; for use in earlier versions you may need to set skipLibCheck: true in your config. This requirement may be updated between minor versions of the library.

For more information, see the project's documentation site: eemeli.org/yaml

To install:

1npm install yaml

Note: These docs are for yaml@2. For v1, see the v1.10.0 tag for the source and eemeli.org/yaml/v1 for the documentation.

The development and maintenance of this library is sponsored by:

API Overview

The API provided by yaml has three layers, depending on how deep you need to go: Parse & Stringify, Documents, and the underlying Lexer/Parser/Composer. The first has the simplest API and "just works", the second gets you all the bells and whistles supported by the library along with a decent AST, and the third lets you get progressively closer to YAML source, if that's your thing.

A command-line tool is also included.

1import { parse, stringify } from 'yaml'
2// or
3import YAML from 'yaml'
4// or
5const YAML = require('yaml')

Parse & Stringify

Documents

Content Nodes

Parsing YAML

YAML.parse

1# file.yml
2YAML:
3  - A human-readable data serialization language
4  - https://en.wikipedia.org/wiki/YAML
5yaml:
6  - A complete JavaScript implementation
7  - https://www.npmjs.com/package/yaml

1import fs from 'fs'
2import YAML from 'yaml'
3
4YAML.parse('3.14159')
5// 3.14159
6
7YAML.parse('[ true, false, maybe, null ]\n')
8// [ true, false, 'maybe', null ]
9
10const file = fs.readFileSync('./file.yml', 'utf8')
11YAML.parse(file)
12// { YAML:
13//   [ 'A human-readable data serialization language',
14//     'https://en.wikipedia.org/wiki/YAML' ],
15//   yaml:
16//   [ 'A complete JavaScript implementation',
17//     'https://www.npmjs.com/package/yaml' ] }

YAML.stringify

1import YAML from 'yaml'
2
3YAML.stringify(3.14159)
4// '3.14159\n'
5
6YAML.stringify([true, false, 'maybe', null])
7// `- true
8// - false
9// - maybe
10// - null
11// `
12
13YAML.stringify({ number: 3, plain: 'string', block: 'two\nlines\n' })
14// `number: 3
15// plain: string
16// block: |
17//   two
18//   lines
19// `

Browser testing provided by:

Stable Version

The latest stable version of the package.

Stable Version

2.6.1

HIGH

7.5/10

Summary

Uncaught Exception in yaml

Affected Versions

>= 2.0.0-5, < 2.2.2

Patched Versions

2.2.2

10

Maintained

Determines if the project is "actively maintained".

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Security-Policy

Determines if the project has published a security policy.

10

License

Determines if the project has defined a license.

10

Fuzzing

Determines if the project uses fuzzing.

10

SAST

Determines if the project uses static code analysis.

8

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

3

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 3

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/browsers.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/eemeli/yaml/browsers.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/browsers.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/eemeli/yaml/browsers.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/browsers.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/eemeli/yaml/browsers.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/browsers.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/eemeli/yaml/browsers.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/browsers.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/eemeli/yaml/browsers.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/eemeli/yaml/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/eemeli/yaml/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/eemeli/yaml/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/eemeli/yaml/nodejs.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/eemeli/yaml/nodejs.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/eemeli/yaml/nodejs.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/eemeli/yaml/nodejs.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/typescript.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/eemeli/yaml/typescript.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/typescript.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/eemeli/yaml/typescript.yml/main?enable=pin
Warn: npmCommand not pinned by hash: .github/workflows/typescript.yml:25
Warn: npmCommand not pinned by hash: .github/workflows/typescript.yml:29
Warn: npmCommand not pinned by hash: .github/workflows/typescript.yml:33
Info: 0 out of 11 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 3 third-party GitHubAction dependencies pinned
Info: 5 out of 8 npmCommand dependencies pinned

1

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

Score

6.3

/10

Last Scanned on 2024-11-25

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

yaml

Installations

Score

Pull Requests

2

144

22

120

Issues

14

343

329

Releases

Developer

Developer Guide

CommonJS, ESM, UMD

>= 14

Yes

22.8.0

10.9.0

Statistics

Bundle Size

103.62 kB

30.75 kB

Languages

Total Downloads

6,009,588,017

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dev Dependencies

YAML

API Overview

Parse & Stringify

Documents

Content Nodes

Parsing YAML

YAML.parse

YAML.stringify

Stable Version

2.6.1

HIGH

10

10

10

10

10

10

10

8

3

1

0

0

0

6.3

/10