Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@stoplight/yaml
Advanced tools
@stoplight/yaml is a versatile npm package that provides utilities for parsing, stringifying, and processing YAML data. It is particularly useful for developers working with YAML configurations, API specifications, and other structured data formats.
Parsing YAML to JavaScript Object
This feature allows you to convert a YAML string into a JavaScript object. The `parse` function takes a YAML string as input and returns the corresponding JavaScript object.
const { parse } = require('@stoplight/yaml');
const yamlString = 'key: value\nlist:\n - item1\n - item2';
const jsObject = parse(yamlString);
console.log(jsObject);
Stringifying JavaScript Object to YAML
This feature allows you to convert a JavaScript object into a YAML string. The `stringify` function takes a JavaScript object as input and returns the corresponding YAML string.
const { stringify } = require('@stoplight/yaml');
const jsObject = { key: 'value', list: ['item1', 'item2'] };
const yamlString = stringify(jsObject);
console.log(yamlString);
Handling YAML Errors
This feature demonstrates how to handle errors that may occur during YAML parsing. The `parse` function will throw an error if the input YAML string is invalid, which can be caught and handled appropriately.
const { parse } = require('@stoplight/yaml');
try {
const jsObject = parse('invalid: yaml: string');
} catch (error) {
console.error('YAML parsing error:', error.message);
}
js-yaml is a popular YAML parser and dumper for JavaScript. It provides similar functionalities to @stoplight/yaml, such as parsing YAML strings to JavaScript objects and stringifying JavaScript objects to YAML. It is widely used and well-documented, making it a strong alternative.
yaml is another robust YAML parser and stringifier for JavaScript. It offers a comprehensive set of features, including support for custom tags and schema definitions. It is known for its performance and flexibility, making it a good choice for complex YAML processing tasks.
yamljs is a lightweight YAML parser and stringifier for JavaScript. It provides basic functionalities for converting between YAML strings and JavaScript objects. While it may not have as many features as some other packages, it is easy to use and suitable for simple YAML processing needs.
Useful functions when working with YAML.
Supported in modern browsers and node.
# latest stable
yarn add @stoplight/yaml
// basic example of parseWithPointers
import { parseWithPointers } from "@stoplight/yaml";
const result = parseWithPointers("foo: bar");
console.log(result.data); // => the {foo: "bar"} JS object
// basic example of getJsonPathForPosition and getLocationForJsonPath
import { getJsonPathForPosition, getLocationForJsonPath, parseWithPointers } from "@stoplight/yaml";
const result = parseWithPointers(`hello: world
address:
street: 123`
);
const path = getJsonPathForPosition(result, { line: 2, character: 7 }); // line and character are 0-based
console.log(path); // -> ["address", "street"];
const position = getLocationForJsonPath(result, ['address']);
console.log(position.range.start); // { line: 1, character: 8 } line and character are 0-based
console.log(position.range.end); // { line: 2, character: 15 } line and character are 0-based
feature/{name}
, chore/{name}
, or fix/{name}
branch.yarn
.yarn test.prod
.yarn commit
. NOTE: Commits that don't follow the conventional format will be rejected. yarn commit
creates this format for you, or you can put it together manually and then do a regular git commit
.git push
.next
branch.FAQs
Useful functions when working with YAML.
The npm package @stoplight/yaml receives a total of 559,572 weekly downloads. As such, @stoplight/yaml popularity was classified as popular.
We found that @stoplight/yaml demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.