js-yaml is a JavaScript YAML 1.2 parser and writer for converting between YAML documents and JavaScript values (load/loadAll for parsing, dump for serializing). It’s useful when you need to read or generate YAML in Node.js or use the included CLI to inspect YAML files from the command line.
Project status
- Maintenance status: The repository shows very recent activity (last upstream push on 2026-06-02), and the most recent tagged update (4.1.1 on 2025-11-12) indicates it is still being actively maintained.
- Update cadence: Updates appear infrequent, with the last two tagged updates spaced far apart (4.1.1 in 2025, previous ones in 2021), though ongoing commits suggest continued work between tags.
AI summary generated Today
Recent updates
4.1.1
6 months agoVersion 4.1.1 primarily patches a prototype pollution vulnerability related to YAML merge (<<). The code changes harden how the loader assigns properties for mapping keys, specifically protecting the special key '__proto__'.
Security4.1.0
4/14/2021No release notes were provided by the publisher for version 4.1.0. The code changes in this diff primarily add a public `yaml.types` export, store the original `options` on each `Type`, and modify schema type compilation to preserve original type order when overriding conflicting types via `Schema.extend()`.
Features4.0.0
1/3/2021Release 4.0.0 was published on 2021-01-03, but no release notes were provided by the publisher. Because the release notes are missing, this analysis cannot reliably identify new features, breaking changes, bug fixes, or security updates from documentation.