{"id":2363,"library":"yamale","title":"Yamale","description":"Yamale (ya·ma·lē) is a schema and validator for YAML. It allows for defining schemas in YAML files and validating other YAML data against them, supporting a wide range of data types and custom validators. The current version is 6.1.0, and it generally follows a regular release cadence with several minor and major releases each year.","status":"active","version":"6.1.0","language":"en","source_language":"en","source_url":"https://github.com/23andMe/Yamale","tags":["yaml","validation","schema","data-validation"],"install":[{"cmd":"pip install yamale","lang":"bash","label":"Standard Installation"},{"cmd":"pip install yamale[ruamel]","lang":"bash","label":"Installation with ruamel.yaml (for YAML 1.2 support)"}],"dependencies":[{"reason":"Core dependency for YAML parsing.","package":"PyYAML","optional":false},{"reason":"Optional dependency for YAML 1.2 support, recommended for modern YAML usage.","package":"ruamel.yaml","optional":true}],"imports":[{"note":"Main library import for schema and data handling.","symbol":"yamale","correct":"import yamale"},{"note":"Used to load and parse a schema file.","symbol":"make_schema","correct":"yamale.make_schema('./schema.yaml')"},{"note":"Used to load and parse a data file for validation.","symbol":"make_data","correct":"yamale.make_data('./data.yaml')"},{"note":"The primary function to validate data against a schema. Throws ValueError on invalid data.","symbol":"validate","correct":"yamale.validate(schema, data)"}],"quickstart":{"code":"import yamale\nimport os\n\n# Create dummy schema.yaml and data.yaml files for demonstration\n# In a real scenario, these would be pre-existing files.\nwith open('schema.yaml', 'w') as f:\n    f.write('name: str()\\nage: int(max=200)\\nawesome: bool()')\n\nwith open('data.yaml', 'w') as f:\n    f.write('name: Bill\\nage: 26\\nawesome: True')\n\ntry:\n    # Import Yamale and make a schema object:\n    schema = yamale.make_schema('./schema.yaml')\n\n    # Create a Data object\n    data = yamale.make_data('./data.yaml')\n\n    # Validate data against the schema. Throws a ValueError if data is invalid.\n    yamale.validate(schema, data)\n    print('Validation success! Data is valid against the schema.')\n\nexcept ValueError as e:\n    print(f'Validation failed!\\n{e}')\nexcept FileNotFoundError as e:\n    print(f'Error: {e}. Ensure schema.yaml and data.yaml exist.')\nfinally:\n    # Clean up dummy files\n    if os.path.exists('schema.yaml'):\n        os.remove('schema.yaml')\n    if os.path.exists('data.yaml'):\n        os.remove('data.yaml')","lang":"python","description":"This quickstart demonstrates how to define a simple YAML schema and then validate a YAML data file against it using Yamale's API. It creates temporary schema and data files, performs validation, and prints the result."},"warnings":[{"fix":"Ensure all file and directory paths passed to the `yamale` CLI command are valid and exist before execution.","message":"In version 6.0.0, the command-line interface (CLI) was updated to strictly enforce that all paths provided to CLI arguments must exist. Previously, non-existent paths might have been silently ignored or handled differently.","severity":"breaking","affected_versions":">=6.0.0"},{"fix":"Upgrade your Python environment to version 3.8 or newer to use Yamale v5.0.0 and above. The latest release supports Python 3.8+ up to 3.14.","message":"Version 5.0.0 dropped support for Python versions older than 3.8. Running Yamale on Python 3.7 or earlier will result in errors.","severity":"breaking","affected_versions":">=5.0.0"},{"fix":"Only use schema files from known, trusted sources. Never use schemas provided by untrusted users directly. If schemas must be user-provided, implement strict sanitization and validation on the schema content itself before passing it to Yamale.","message":"Yamale schemas should always originate from trusted sources. The library does not inherently protect against intentionally malicious schemas, which could potentially lead to arbitrary code execution if an attacker controls the schema file. (A specific code injection vulnerability, CVE-2021-38305, was addressed in v3.0.8).","severity":"gotcha","affected_versions":"<3.0.8 (for CVE), All versions (general principle)"},{"fix":"To allow extra, unspecified elements in your data without causing validation errors, you can disable strict mode. Use the `--no-strict` flag with the CLI or pass `strict=False` to the `yamale.validate()` function when using the API. You can also apply strict mode selectively to includes.","message":"By default, Yamale operates in 'strict' mode. This means that if the data being validated contains elements (keys in a map, or items in a list) that are not explicitly defined in the schema, validation will fail. This can be unexpected if you want to allow extra data.","severity":"gotcha","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-09T00:00:00.000Z","next_check":"2026-07-08T00:00:00.000Z"}