Yamlfmt: An extensible command line tool or library to format YAML files

vinkelhake · 2025-07-10T23:15:20 1752189320

I used yaml for some things back in the stone age (shout out to why the lucky stiff and syck). The more I used it, and the more I came in contact with it I started to dislike that it has so many features, and tries to be overly clever. I'm kind of surprised to see that it's making a comeback (or maybe it never went away).

https://noyaml.com/

xelxebar · 2025-07-11T00:51:02 1752195062

That site's listed complaints are all either about a really old YAML spec or about self-inflicted, unrelated technical debt.

Granted, Python and other popular languages are also on an ancient YAML version for some inexplicable reason...

rurban · 2025-07-11T09:44:45 1752227085

The safety concerns are all about the later YAML specs, tags and code. That's why most stayed on the early version, with some white list API.

xelxebar · 2025-07-11T21:32:41 1752269561

You mean the executable YAML claims? Some are explicitly listed as for the older spec, but indeed a few are for 1.2. However...

If you configure your YAML loader to run arbitrary, input-controlled deserialization code, then of course you're opening a can of worms. Just, uh, don't do that for untrusted input maybe?

Is $programming_language terrible because some people run user input through eval?

The latest YAML (1.2 currently) gives you the option of doing all that stuff if you want. It's a bad implementation that decides to run random code by default, or heaven forbid, bakes such behavior in.

jdwithit · 2025-07-11T01:58:47 1752199127

YAML is so ubiquitous I have to wonder what corner of tech you work in that you aren't encountering it in the wild. Kubernetes really brought it to center stage going on 10 years ago, but it's the config file format for many many applications these days.

That's not meant as an endorsement, just saying it's not "making a comeback" any more than Taylor Swift is in music. It's The Thing right now and has been for a while.

alwillis · 2025-07-11T14:11:50 1752243110

YAML is so ubiquitous I have to wonder what corner of tech you work in that you aren't encountering it in the wild.

Ansible is another tool for devops that uses YAML extensively; it shipped in 2012.

rurban · 2025-07-11T09:42:43 1752226963

To _why the little stiff favor his libsyck never had the problems of later YAML extensions by Ingy, which should make them represent everything, but also made it totally insecure. That's why perl5 never really followed on to use the newer YAML specs and libraries for its cpan state files. syck was also much faster. I never bought the argument that it wasn't maintained anymore, I was not aware of any bugs.

alwillis · 2025-07-10T23:20:18 1752189618

It really never went away.

sixdimensional · 2025-07-11T04:28:25 1752208105

Is 2001 the stone age now (the year YAML was conceived)?

NeckBeardPrince · 2025-07-11T01:58:44 1752199124

> This tool is not yet officially supported by Google. It is currently maintained solely by @braydonk, and unless something changes primarily in spare time.

No thanks. I'm done after Kaniko. https://github.com/GoogleContainerTools/kaniko

the_dude_ · 2025-07-11T05:33:06 1752211986

fyi, the good chainguard folks (and former googlers who started kaniko) have forked kaniko

Blog post: https://www.chainguard.dev/unchained/fork-yeah-were-bringing...

The fork: https://github.com/chainguard-dev/kaniko

EspadaV9 · 2025-07-11T07:28:52 1752218932

Just and FYI, whilst they are supporting it, they only provide source. If you want the images you need to be a paying customer, or build them yourself.

imglorp · 2025-07-11T02:16:52 1752200212

Of course Google is going to shelve it, but you're free to fork and carry on if needed...

alwillis · 2025-07-10T22:50:17 1752187817

Also available via Homebrew:

    brew install yamlfmt

edoceo · 2025-07-11T00:32:57 1752193977

Why not use Prettier? Supports YAML since like 2020 - and does other languages too.

homebrewer · 2025-07-11T00:39:56 1752194396

It's ungodly slow on large projects. I've been using `deno fmt` lately (despite not having any other use for deno), it reformat/checks thousands of files per second, and supports YAML too.

This says YAML support is behind an unstable flag, but I haven't been passing any flags. Works fine anyway.

https://docs.deno.com/runtime/reference/cli/fmt/

hackerbrother · 2025-07-11T01:43:49 1752198229

Ha, I use Deno just as a formatter also! It’s great for Markdown formatting.

no_wizard · 2025-07-11T02:07:45 1752199665

The package pretty-quick speeds up prettier significantly

vivzkestrel · 2025-07-11T05:04:08 1752210248

doesnt yq already do this? https://github.com/mikefarah/yq

zaphirplane · 2025-07-12T10:01:16 1752314476

Same question but I can understand yq is very large

kryptn · 2025-07-11T00:54:09 1752195249

we throw things through yq for formatting