
Security News
/Research
Wallet-Draining npm Package Impersonates Nodemailer to Hijack Crypto Transactions
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
A high-performance, dependency-free YAML parser for Python that preserves all YAML features including comments, anchors, and formatting.
pip install yamlium
from yamlium import parse
# Parse a YAML string
yaml_str = """
name: John Doe
age: 30
address:
street: 123 Main St
city: Boston
"""
data = parse(yaml_str)
# Access values
print(data["name"]) # John Doe
print(data["address"]["city"]) # Boston
from yamlium import parse
yaml_str = """
# User configuration
user: &user_ref # Anchor definition
name: Alice
role: admin
# Reference to user
admin: *user_ref # Alias reference
""".lstrip()
yml = parse(yaml_str)
# The YAML structure is preserved when converting back including:
# - Anchor names
# - Comments
# - Newlines between objects
print(yml.to_yaml() == yaml_str)
from yamlium import parse
yaml_str = """
users: # List of users
- name: alice
age: 25
- name: Bob
age: 30
- name: charlie
"""
yml = parse(yaml_str)
# Modify values while preserving structure
for key, value, obj in yml.walk_keys():
if key == "age":
value += 1
elif key == "name":
# Using the string manipulation interface `.str`
obj[key] = value.str.capitalize()
print(yml.to_yaml())
from yamlium import from_json, from_dict
# Convert from JSON string
json_str = '{"name": "test", "values": [1, 2, 3]}'
yaml_data = from_json(json_str)
# Convert from Python dict
python_dict = {"name": "test", "values": [1, 2, 3]}
yaml_data = from_dict(python_dict)
parse(input: str | Path) -> Mapping
Parse a single YAML documentparse_full(input: str | Path) -> Document
Parse multiple YAML documentsfrom_json(input: str | Path) -> Mapping | Sequence
Convert JSON to YAML structurefrom_dict(input: dict | list) -> Mapping | Sequence
Convert Python dict/list to YAML structureGiven:
from yamlium import parse
yml = parse("my_yaml.yml")
yml.to_yaml()
Convert to yaml stringyml.to_dict()
Convert to python dictionaryyml.yaml_dump(destination="my_yaml.yml")
Write directly to yaml fileyml.pprint()
Pretty print the dictionaryyml.walk()
Iterate through all yaml objectsyml.walk_keys()
Iterate through all yaml keysWhile PyYaml solves the purpose of converting to dictionary perfectly fine, it completely ignores anything non-dictionary-conversion related in the yaml file.
# Anchor definition
dev: &default_config
schedule: false
my_config: [1, 2, 3]
staging:
# Alias reference
<<: *default_config
schedule: true
yamlium | PyYaml |
---|---|
โ Retaining structure | โ Changing structure |
|
|
Contributions are welcome! Please feel free to submit Issues, Feature requests or Pull requests!
This project is licensed under the MIT License - see the LICENSE file for details.
FAQs
Fast, modern yaml parser and manipulator
We found that yamlium demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago.ย It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socketโs AI scanner detected the supply chain attack and flagged the malware.