
Research
/Security News
Critical Vulnerability in NestJS Devtools: Localhost RCE via Sandbox Escape
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
A high-performance, dependency-free YAML parser for Python that preserves all YAML features including comments, anchors, and formatting.
pip install yamlium
from yamlium import parse
# Parse a YAML string
yaml_str = """
name: John Doe
age: 30
address:
street: 123 Main St
city: Boston
"""
data = parse(yaml_str)
# Access values
print(data["name"]) # John Doe
print(data["address"]["city"]) # Boston
from yamlium import parse
yaml_str = """
# User configuration
user: &user_ref # Anchor definition
name: Alice
role: admin
# Reference to user
admin: *user_ref # Alias reference
""".lstrip()
yml = parse(yaml_str)
# The YAML structure is preserved when converting back including:
# - Anchor names
# - Comments
# - Newlines between objects
print(yml.to_yaml() == yaml_str)
from yamlium import parse
yaml_str = """
users: # List of users
- name: alice
age: 25
- name: Bob
age: 30
- name: charlie
"""
yml = parse(yaml_str)
# Modify values while preserving structure
for key, value, obj in yml.walk_keys():
if key == "age":
value += 1
elif key == "name":
# Using the string manipulation interface `.str`
obj[key] = value.str.capitalize()
print(yml.to_yaml())
from yamlium import from_json, from_dict
# Convert from JSON string
json_str = '{"name": "test", "values": [1, 2, 3]}'
yaml_data = from_json(json_str)
# Convert from Python dict
python_dict = {"name": "test", "values": [1, 2, 3]}
yaml_data = from_dict(python_dict)
parse(input: str | Path) -> Mapping
Parse a single YAML documentparse_full(input: str | Path) -> Document
Parse multiple YAML documentsfrom_json(input: str | Path) -> Mapping | Sequence
Convert JSON to YAML structurefrom_dict(input: dict | list) -> Mapping | Sequence
Convert Python dict/list to YAML structureGiven:
from yamlium import parse
yml = parse("my_yaml.yml")
yml.to_yaml()
Convert to yaml stringyml.to_dict()
Convert to python dictionaryyml.yaml_dump(destination="my_yaml.yml")
Write directly to yaml fileyml.pprint()
Pretty print the dictionaryyml.walk()
Iterate through all yaml objectsyml.walk_keys()
Iterate through all yaml keysWhile PyYaml solves the purpose of converting to dictionary perfectly fine, it completely ignores anything non-dictionary-conversion related in the yaml file.
# Anchor definition
dev: &default_config
schedule: false
my_config: [1, 2, 3]
staging:
# Alias reference
<<: *default_config
schedule: true
yamlium | PyYaml |
---|---|
✅ Retaining structure | ❌ Changing structure |
|
|
Contributions are welcome! Please feel free to submit Issues, Feature requests or Pull requests!
This project is licensed under the MIT License - see the LICENSE file for details.
FAQs
Fast, modern yaml parser and manipulator
We found that yamlium demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
Product
Customize license detection with Socket’s new license overlays: gain control, reduce noise, and handle edge cases with precision.
Product
Socket now supports Rust and Cargo, offering package search for all users and experimental SBOM generation for enterprise projects.