Socket
Socket
Sign inDemoInstall

js-yaml

Package Overview
Dependencies
4
Maintainers
1
Versions
72
Alerts
File Explorer

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

js-yaml

YAML 1.2 parser and serializer


Version published
Maintainers
1
Weekly downloads
79,185,154
decreased by-7.36%

Weekly downloads

Package description

What is js-yaml?

The js-yaml npm package is a JavaScript library that allows you to parse and dump YAML, a human-friendly data serialization standard. It can be used to convert YAML to JSON and vice versa, making it a useful tool for configuration files, data exchange, and more.

What are js-yaml's main functionalities?

YAML Parsing

This feature allows you to parse a YAML file or string and convert it into a JavaScript object. The code sample demonstrates how to read a YAML file from the filesystem and parse its contents.

{"const yaml = require('js-yaml');\nconst fs = require('fs');\n\ntry {\n  const doc = yaml.load(fs.readFileSync('/path/to/file.yml', 'utf8'));\n  console.log(doc);\n} catch (e) {\n  console.error(e);\n}"}

YAML Dumping

This feature allows you to take a JavaScript object and convert it into a YAML-formatted string. The code sample shows how to create a YAML string from an object and then save it to a file.

{"const yaml = require('js-yaml');\nconst fs = require('fs');\n\nconst obj = { hello: 'world' };\nconst ymlText = yaml.dump(obj);\n\nfs.writeFileSync('/path/to/file.yml', ymlText, 'utf8');\nconsole.log('YAML file saved.');"}

Custom Types

js-yaml allows you to define custom types for specialized use cases. The code sample demonstrates how to create a custom YAML type and use it in parsing a YAML string.

{"const yaml = require('js-yaml');\n\nconst schema = yaml.Schema.create([ new yaml.Type('!myType', {\n  kind: 'scalar',\n  resolve: data => data === 'valid',\n  construct: data => data,\n  instanceOf: String\n}) ]);\n\nconst doc = yaml.load('!myType valid', { schema });\nconsole.log(doc); // 'valid'"}

Other packages similar to js-yaml

Readme

Source

JS-YAML - YAML 1.2 parser and serializer for JavaScript

Build Status

Online Demo

This is an implementation of YAML, a human friendly data serialization language. Started as PyYAML port, it was completely rewritten from scratch. Now it's very fast, and supports 1.2 spec.

Installation

YAML module for node.js

npm install js-yaml

CLI executable

If you want to inspect your YAML files from CLI, install js-yaml globally:

npm install -g js-yaml
Usage
usage: js-yaml [-h] [-v] [-c] [-t] file

Positional arguments:
  file           File with YAML document(s)

Optional arguments:
  -h, --help     Show this help message and exit.
  -v, --version  Show program's version number and exit.
  -c, --compact  Display errors in compact mode
  -t, --trace    Show stack trace on error

Bundled YAML library for browsers

<!-- esprima required only for !!js/function -->
<script src="esprima.js"></script>
<script src="js-yaml.min.js"></script>
<script type="text/javascript">
var doc = jsyaml.load('greeting: hello\nname: world');
</script>

Browser support was done mostly for online demo. If you find any errors - feel free to send pull requests with fixes. Also note, that IE and other old browsers needs es5-shims to operate.

Notes:

  1. We have no resourses to support browserified version. Don't expect it to be well tested. Don't expect fast fixes if something goes wrong there.
  2. !!js/function in browser bundle will not work by default. If you really need it - load esprima parser first (via amd or directly).
  3. !!bin in browser will return Array, because browsers do not support node.js Buffer and adding Buffer shims is completely useless on practice.

API

Here we cover the most 'useful' methods. If you need advanced details (creating your own tags), see wiki and examples for more info.

yaml = require('js-yaml');
fs   = require('fs');

// Get document, or throw exception on error
try {
  var doc = yaml.safeLoad(fs.readFileSync('/home/ixti/example.yml', 'utf8'));
  console.log(doc);
} catch (e) {
  console.log(e);
}

safeLoad (string [ , options ])

Recommended loading way. Parses string as single YAML document. Returns a JavaScript object or throws YAMLException on error. By default, does not support regexps, functions and undefined. This method is safe for untrusted data.

options:

NOTE: This function does not understand multi-document sources, it throws exception on those.

NOTE: JS-YAML does not support schema-specific tag resolution restrictions. So, JSON schema is not as strict as defined in the YAML specification. It allows numbers in any notaion, use Null and NULL as null, etc. Core schema also has no such restrictions. It allows binary notation for integers.

load (string [ , options ])

Use with care with untrusted sources. The same as safeLoad() but uses DEFAULT_FULL_SCHEMA by default - adds some JavaScript-specific types: !!js/function, !!js/regexp and !!js/undefined. For untrusted sources you must additionally validate object structure, to avoid injections:

var untrusted_code = '"toString": !<tag:yaml.org,2002:js/function> "function (){very_evil_thing();}"';

// I'm just converting that string, what could possibly go wrong?
require('js-yaml').load(untrusted_code) + ''

safeLoadAll (string, iterator [ , options ])

Same as safeLoad(), but understands multi-document sources and apply iterator to each document.

var yaml = require('js-yaml');

yaml.safeLoadAll(data, function (doc) {
  console.log(doc);
});

loadAll (string, iterator [ , options ])

Same as safeLoadAll() but uses DEFAULT_FULL_SCHEMA by default.

safeDump (object [ , options ])

Serializes object as YAML document. Uses DEFAULT_SAFE_SCHEMA, so it will throw exception if you try to dump regexps or functions. However, you can disable exceptions by skipInvalid option.

options:

  • indent (default: 2) - indentation width to use (in spaces).
  • skipInvalid (default: false) - do not throw on invalid types (like function in the safe schema) and skip pairs and single values with such types.
  • flowLevel (default: -1) - specifies level of nesting, when to switch from block to flow style for collections. -1 means block style everwhere
  • styles - "tag" => "style" map. Each tag may have own set of styles.
  • schema (default: DEFAULT_SAFE_SCHEMA) specifies a schema to use.

styles:

!!null
  "canonical"   => "~"

!!int
  "binary"      => "0b1", "0b101010", "0b1110001111010"
  "octal"       => "01", "052", "016172"
  "decimal"     => "1", "42", "7290"
  "hexadecimal" => "0x1", "0x2A", "0x1C7A"

!!null, !!bool, !!float
  "lowercase"   => "null", "true", "false", ".nan", '.inf'
  "uppercase"   => "NULL", "TRUE", "FALSE", ".NAN", '.INF'
  "camelcase"   => "Null", "True", "False", ".NaN", '.Inf'

By default, !!int uses decimal, and !!null, !!bool, !!float use lowercase.

dump (object [ , options ])

Same as safeDump() but without limits (uses DEFAULT_FULL_SCHEMA by default).

Supported YAML types

The list of standard YAML tags and corresponding JavaScipt types. See also YAML tag discussion and YAML types repository.

!!null ''                   # null
!!bool 'yes'                # bool
!!int '3...'                # number
!!float '3.14...'           # number
!!binary '...base64...'     # buffer
!!timestamp 'YYYY-...'      # date
!!omap [ ... ]              # array of key-value pairs
!!pairs [ ... ]             # array or array pairs
!!set { ... }               # array of objects with given keys and null values
!!str '...'                 # string
!!seq [ ... ]               # array
!!map { ... }               # object

JavaScript-specific tags

!!js/regexp /pattern/gim            # RegExp
!!js/undefined ''                   # Undefined
!!js/function 'function () {...}'   # Function

Caveats

Note, that you use arrays or objects as key in JS-YAML. JS do not allows objects or array as keys, and stringifies (by calling .toString method) them at the moment of adding them.

---
? [ foo, bar ]
: - baz
? { foo: bar }
: - baz
  - baz
{ "foo,bar": ["baz"], "[object Object]": ["baz", "baz"] }

Also, reading of properties on implicit block mapping keys is not supported yet. So, the following YAML document cannot be loaded.

&anchor foo:
  foo: bar
  *anchor: duplicate key
  baz: bat
  *anchor: duplicate key

Breaking changes in 2.x.x -> 3.0.x

If your have not used custom tags or loader classes and not loaded yaml files via require() - no changes needed. Just upgrade library.

In other case, you should:

  1. Replace all occurences of require('xxxx.yml') by fs.readFileSync() + yaml.safeLoad().
  2. rewrite your custom tags constructors and custom loader classes, to conform new API. See examples and wiki for details.

License

View the LICENSE file (MIT).

Keywords

FAQs

Last updated on 27 Feb 2014

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc