Member-only story
The YAML Document From Hell — JavaScript Edition
Is YAML writing fun?
I recently came across this blog post from Ruud van Asseldonk titled “The yaml document from hell”.
I’ve always heard that YAML has its pitfalls, but hadn’t looked into the details — and thankfully hadn’t been affected — mainly due to my very infrequent and simple use of YAML. If you are in the same boat as me, I recommend reading that article now as I almost can’t believe I’ve avoided any issues with it.
The article digs into the issues in the YAML spec itself, and then describes what happens in Python’s PyYAML and Golang’s yaml library with an example file, the titular YAML document from hell. I wanted to see how things were in the JavaScript ecosystem.
Yaml in JavaScript
A search for JavaScript YAML parsers on npm brings up yaml (which I have used in my own project) and js-yaml. js-yaml has the most weekly downloads according to npm and the most stars on GitHub however YAML seems to be under more active development, having been most recently published (a month ago at the time of writing) compared to js-yaml’s last publish date almost 2 years ago. There is also yamljs, but the project hasn’t received a commitment since November 2019 and hasn’t been released for 6 years, so I am going to disregard it for now.
Let’s see what YAML and js-yaml do with the YAML document from hell.
The Document Itself
To save yourself from going back and forth between van Asseldonk’s article and this one, here is the YAML document.
server_config:
port_mapping:
# Expose only ssh and http to the public internet.
- 22:22
- 80:80
- 443:443
serve:
- /robots.txt
- /favicon.ico
- *.html
- *.png
- !.git # Do not expose our Git repository to the entire world.
geoblock_regions:
# The legal team has not approved distribution in the Nordics yet.
- dk
- fi
- is
- no
- se
flush_cache:
on: [push, memory_pressure]
priority: background
allow_postgres_versions:
- 9.5.25
- 9.6.24
- 10.23
- 12.13So how do our JavaScript libraries handle this file?
