Security News
Cloudflare Adds Security.txt Setup Wizard
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
@rollup/plugin-yaml
Advanced tools
@rollup/plugin-yaml is a Rollup plugin that allows you to import YAML files as JavaScript modules. This can be particularly useful for configuration files, data files, or any other structured data that you want to include in your JavaScript project.
Import YAML files
This feature allows you to import YAML files directly into your JavaScript code. The YAML content is parsed and converted into a JavaScript object.
import data from './data.yaml';
console.log(data);
Custom YAML parsing
This feature allows you to customize the YAML parsing process using the `js-yaml` library. You can include or exclude specific files and transform the YAML content as needed.
import { createFilter } from '@rollup/pluginutils';
import yaml from 'js-yaml';
export default function yamlPlugin(options = {}) {
const filter = createFilter(options.include, options.exclude);
return {
name: 'yaml',
transform(code, id) {
if (!filter(id)) return null;
const parsed = yaml.load(code);
return {
code: `export default ${JSON.stringify(parsed)};`,
map: { mappings: '' }
};
}
};
}
yaml-loader is a Webpack loader that allows you to import YAML files as JavaScript modules. It is similar to @rollup/plugin-yaml but is designed specifically for use with Webpack.
js-yaml is a standalone JavaScript library for parsing and dumping YAML. While it does not integrate directly with build tools like Rollup or Webpack, it can be used in conjunction with custom plugins or loaders to achieve similar functionality.
rollup-plugin-json is a Rollup plugin that allows you to import JSON files as JavaScript modules. While it is not specifically for YAML, it provides similar functionality for JSON files and can be used alongside @rollup/plugin-yaml for projects that use both JSON and YAML.
🍣 A Rollup plugin which Converts YAML files to ES6 modules.
This plugin requires an LTS Node version (v14.0.0+) and Rollup v1.20.0+.
Using npm:
npm install @rollup/plugin-yaml --save-dev
Create a rollup.config.js
configuration file and import the plugin:
import yaml from '@rollup/plugin-yaml';
export default {
input: 'src/index.js',
output: {
dir: 'output',
format: 'cjs'
},
plugins: [yaml()]
};
Then call rollup
either via the CLI or the API.
With an accompanying file src/index.js
, the local heroes.yaml
file would now be importable as seen below:
// src/index.js
import { batman } from './heroes.yaml';
console.log(`na na na na ${batman}`);
documentMode
Type: String
Default: single
If single
, specifies that the target YAML documents contain only one document in the target file(s). If more than one document stream exists in the target YAML file(s), set documentMode: 'multi'
.
exclude
Type: String
| Array[...String]
Default: null
A picomatch pattern, or array of patterns, which specifies the files in the build the plugin should ignore. By default no files are ignored.
include
Type: String
| Array[...String]
Default: null
A picomatch pattern, or array of patterns, which specifies the files in the build the plugin should operate on. By default all files are targeted.
safe
Type: Boolean
Default: true
If true
, specifies that the data in the target YAML file(s) contain trusted data and should be loaded normally. If false
, data is assumed to be untrusted and will be loaded using safety methods.
transform
Type: Function
Default: undefined
A function which can optionally mutate parsed YAML. The function should return the mutated object
, or undefined
which will make no changes to the parsed YAML.
yaml({
transform(data, filePath) {
if (Array.isArray(data) && filePath === './my-file.yml') {
return data.filter((character) => !character.batman);
}
}
});
FAQs
Convert YAML files to ES6 modules
We found that @rollup/plugin-yaml demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.
Security News
ENISA’s 2024 report highlights the EU’s top cybersecurity threats, including rising DDoS attacks, ransomware, supply chain vulnerabilities, and weaponized AI.