
Security News
npm Adopts OIDC for Trusted Publishing in CI/CD Workflows
npm now supports Trusted Publishing with OIDC, enabling secure package publishing directly from CI/CD workflows without relying on long-lived tokens.
github.com/ota-meshi/yaml-eslint-parser
A YAML parser that produces output compatible with ESLint.
This parser is backed by excellent yaml package and it is heavily inspired by yaml-unist-parser package.
npm install --save-dev yaml-eslint-parser
Use .eslintrc.*
file to configure parser. See also: https://eslint.org/docs/user-guide/configuring.
Example .eslintrc.js:
module.exports = {
overrides: [
{
files: ["*.yaml", "*.yml"],
parser: "yaml-eslint-parser",
},
],
};
The following additional configuration options are available by specifying them in parserOptions in your ESLint configuration file.
Example .eslintrc.js:
module.exports = {
overrides: [
{
files: ["*.yaml", "*.yml"],
parser: "yaml-eslint-parser",
// Additional configuration options
parserOptions: {
defaultYAMLVersion: "1.2",
},
},
],
};
parserOptions.defaultYAMLVersion
Set to "1.2"
or "1.1"
. Select the YAML version used by documents without a %YAML
directive.
If not specified, the yaml's default version
option ("1.2"
) is used.
See https://eemeli.org/yaml/#document-options for details.
Example:
import type { AST } from "yaml-eslint-parser";
import { parseYAML, getStaticYAMLValue } from "yaml-eslint-parser";
const code = `
american:
- Boston Red Sox
- Detroit Tigers
- New York Yankees
national:
- New York Mets
- Chicago Cubs
- Atlanta Braves
`;
const ast: AST.YAMLProgram = parseYAML(code);
console.log(ast);
const value = getStaticYAMLValue(ast);
console.log(value);
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
npm now supports Trusted Publishing with OIDC, enabling secure package publishing directly from CI/CD workflows without relying on long-lived tokens.
Research
/Security News
A RubyGems malware campaign used 60 malicious packages posing as automation tools to steal credentials from social media and marketing tool users.
Security News
The CNA Scorecard ranks CVE issuers by data completeness, revealing major gaps in patch info and software identifiers across thousands of vulnerabilities.