yaml-parser
Advanced tools
yaml-parser is a fork of js-yaml whose goal is to remove command-line functionalities in order to provide a leaner module.
This is an implementation of YAML, a human friendly data serialization language. Started as PyYAML port, it was completely rewritten from scratch. Now it's very fast, and supports 1.2 spec.
npm install --save js-yaml
Here we cover the most 'useful' methods. If you need advanced details (creating your own tags), see wiki and examples for more info.
yaml = require('js-yaml');
fs = require('fs');
// Get document, or throw exception on error
try {
var doc = yaml.safeLoad(fs.readFileSync('/home/ixti/example.yml', 'utf8'));
console.log(doc);
} catch (e) {
console.log(e);
}
Recommended loading way. Parses string as single YAML document. Returns a JavaScript
object or throws YAMLException on error. By default, does not support regexps,
functions and undefined. This method is safe for untrusted data.
options:
filename (default: null) - string to be used as a file path in
error/warning messages.onWarning (default: null) - function to call on warning messages.
Loader will throw on warnings if this function is not provided.schema (default: DEFAULT_SAFE_SCHEMA) - specifies a schema to use.
FAILSAFE_SCHEMA - only strings, arrays and plain objects:
http://www.yaml.org/spec/1.2/spec.html#id2802346JSON_SCHEMA - all JSON-supported types:
http://www.yaml.org/spec/1.2/spec.html#id2803231CORE_SCHEMA - same as JSON_SCHEMA:
http://www.yaml.org/spec/1.2/spec.html#id2804923DEFAULT_SAFE_SCHEMA - all supported YAML types, without unsafe ones
(!!js/undefined, !!js/regexp and !!js/function):
http://yaml.org/type/DEFAULT_FULL_SCHEMA - all supported YAML types.json (default: false) - compatibility with JSON.parse behaviour. If true, then duplicate keys in a mapping will override values rather than throwing an error.NOTE: This function does not understand multi-document sources, it throws exception on those.
NOTE: JS-YAML does not support schema-specific tag resolution restrictions.
So, JSON schema is not as strict as defined in the YAML specification.
It allows numbers in any notation, use Null and NULL as null, etc.
Core schema also has no such restrictions. It allows binary notation for integers.
Use with care with untrusted sources. The same as safeLoad() but uses
DEFAULT_FULL_SCHEMA by default - adds some JavaScript-specific types:
!!js/function, !!js/regexp and !!js/undefined. For untrusted sources you
must additionally validate object structure, to avoid injections:
var untrusted_code = '"toString": !<tag:yaml.org,2002:js/function> "function (){very_evil_thing();}"';
// I'm just converting that string, what could possibly go wrong?
require('js-yaml').load(untrusted_code) + ''
Same as safeLoad(), but understands multi-document sources and apply
iterator to each document.
var yaml = require('js-yaml');
yaml.safeLoadAll(data, function (doc) {
console.log(doc);
});
Same as safeLoadAll() but uses DEFAULT_FULL_SCHEMA by default.
Serializes object as YAML document. Uses DEFAULT_SAFE_SCHEMA, so it will
throw exception if you try to dump regexps or functions. However, you can
disable exceptions by skipInvalid option.
options:
indent (default: 2) - indentation width to use (in spaces).skipInvalid (default: false) - do not throw on invalid types (like function
in the safe schema) and skip pairs and single values with such types.flowLevel (default: -1) - specifies level of nesting, when to switch from
block to flow style for collections. -1 means block style everwherestyles - "tag" => "style" map. Each tag may have own set of styles.schema (default: DEFAULT_SAFE_SCHEMA) specifies a schema to use.sortKeys (default: false) - if true, sort keys when dumping YAML. If a
function, use the function to sort the keys.lineWidth (default: 80) - set max line width.noRefs (default: false) - if true, don't convert duplicate objects into referencesstyles:
!!null
"canonical" => "~"
!!int
"binary" => "0b1", "0b101010", "0b1110001111010"
"octal" => "01", "052", "016172"
"decimal" => "1", "42", "7290"
"hexadecimal" => "0x1", "0x2A", "0x1C7A"
!!null, !!bool, !!float
"lowercase" => "null", "true", "false", ".nan", '.inf'
"uppercase" => "NULL", "TRUE", "FALSE", ".NAN", '.INF'
"camelcase" => "Null", "True", "False", ".NaN", '.Inf'
By default, !!int uses decimal, and !!null, !!bool, !!float use lowercase.
Same as safeDump() but without limits (uses DEFAULT_FULL_SCHEMA by default).
The list of standard YAML tags and corresponding JavaScipt types. See also YAML tag discussion and YAML types repository.
!!null '' # null
!!bool 'yes' # bool
!!int '3...' # number
!!float '3.14...' # number
!!binary '...base64...' # buffer
!!timestamp 'YYYY-...' # date
!!omap [ ... ] # array of key-value pairs
!!pairs [ ... ] # array or array pairs
!!set { ... } # array of objects with given keys and null values
!!str '...' # string
!!seq [ ... ] # array
!!map { ... } # object
JavaScript-specific tags
!!js/regexp /pattern/gim # RegExp
!!js/undefined '' # Undefined
!!js/function 'function () {...}' # Function
Note, that you use arrays or objects as key in JS-YAML. JS does not allow objects or array as keys, and stringifies (by calling .toString method) them at the moment of adding them.
---
? [ foo, bar ]
: - baz
? { foo: bar }
: - baz
- baz
{ "foo,bar": ["baz"], "[object Object]": ["baz", "baz"] }
Also, reading of properties on implicit block mapping keys is not supported yet. So, the following YAML document cannot be loaded.
&anchor foo:
foo: bar
*anchor: duplicate key
baz: bat
*anchor: duplicate key
If you have not used custom tags or loader classes and not loaded yaml
files via require() - no changes needed. Just upgrade library.
Otherwise, you should:
require('xxxx.yml') by fs.readFileSync() +
yaml.safeLoad().View the LICENSE file (MIT).
FAQs
YAML 1.2 parser and serializer
The npm package yaml-parser receives a total of 359 weekly downloads. As such, yaml-parser popularity was classified as not popular.
We found that yaml-parser demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.