Description
This is a strongly typed YAML serialization and deserialization library, designed to provide (mostly) panic-free operation. Specifically, it should not panic when encountering malformed YAML syntax. This makes the library suitable for safely parsing user-supplied YAML content. JSON can be parsed as well. The library is hardened against the Billion Laughs attack, infinite recursion from merge keys and anchors (the limits are configurable), and duplicate keys. As the library only deserializes into explicitly defined types (no dynamic object instantiation), the usual YAML-based code execution exploits don’t apply. We use maintained unsafe-libyaml-norway rather than unsafe_libyaml.
Our fork supports YAML features that were initially not present in the serde-yaml package we forked from: merge keys, nested enums for Rust-aligned parsing into variable enums, using Rust structure as schema ("no" can be parsed into a boolean and "1.2" into a String field of enum, no problem), binary scalars, emitting anchors, configuring the style of YAML output and more.
serde-yaml-bw alternatives and similar packages
Based on the "YAML" category.
Alternatively, view serde-yaml-bw alternatives based on common mentions on social networks and blogs.
-
-
serde-saphyr
A strongly typed YAML deserializer that deserializes YAML directly into your Rust types without constructing an intermediate tree of “abstract values.” -
-
SaaSHub - Software Alternatives and Reviews
Do you think we are missing an alternative of serde-yaml-bw or a related project?