Tom Ritchford
1 min readJan 9, 2021

--

YAML is an extremely bad choice for any configuration file because it's wildly unpredictable.

You yourself already ran into one of the issues, as you are aware that the string "no" is dangerously mapped to boolean False, but are you aware that "013" and on most Yaml implementations, "O13" (a famous music club), both are mapped to 11? (This has been fixed in Yaml 1.2, which is unfortunately not backward compatible with Yaml 1.1, which is not backward compatible with 1.0.)

Can you predict without looking what YAML does with '04:30', and if you get that right, '4:30'? Heck, I've already made this rant before and I got one of those wrong.

Worse, by default YAML allows you to read executable code from its configuration files! I never got burnt on this, but I did have the embarrassment of opening a config file on a customer site and realizing that I'd accidentally stored all this executable code in it.

Finally, there's a hidden trap which has caused terrible issues before. If your YAML config file gets truncated, because of an error during write or transmission, it's very likely that the resulting broken file is perfectly readable by Yaml. This is never true of JSON, for example.

More here: https://noyaml.com/

--

--

No responses yet