{"id":4331,"library":"yaml-config","title":"YAML Config","description":"Python client for reading YAML based config files. It provides a `Config` class for retrieving configuration variables from YAML files. It allows configuration of root and directory paths via environment variables. The library is currently at version 0.1.5 and has a low-cadence release cycle, with the last PyPI release in June 2020.","status":"active","version":"0.1.5","language":"en","source_language":"en","source_url":"https://github.com/GreenBuildingRegistry/yaml-config","tags":["yaml","config","configuration","settings"],"install":[{"cmd":"pip install yaml-config","lang":"bash","label":"Install with pip"}],"dependencies":[{"reason":"Core dependency for YAML parsing and serialization.","package":"pyyaml","optional":false}],"imports":[{"note":"The primary class for loading and managing YAML configurations. It is recommended to subclass this class.","symbol":"Config","correct":"from yaml_config import Config"}],"quickstart":{"code":"import os\nfrom yaml_config import Config\n\n# Create a dummy config file for the example\nconfig_content = \"\"\"\ndatabase:\n  host: localhost\n  port: 5432\nlogging:\n  level: INFO\n\"\"\"\nwith open(\"my_app_config.yaml\", \"w\") as f:\n    f.write(config_content)\n\n# You can optionally set environment variables to define config root/dir\n# For example, in your shell: export MYAPP_CONFIG_ROOT=/tmp\n# This example assumes the file is in the current working directory.\n\nclass MyAppConfig(Config):\n    # Define the default config file name to be loaded\n    default_file = 'my_app_config.yaml'\n    # If using environment variables for root/dir, define a prefix:\n    # default_env_prefix = 'MYAPP' # Would look for MYAPP_CONFIG_ROOT / MYAPP_CONFIG_DIR\n\n# Load the configuration\nconfig = MyAppConfig()\n\n# Access configuration values\nprint(f\"Database Host: {config.database.host}\")\nprint(f\"Database Port: {config.database.port}\")\nprint(f\"Logging Level: {config.logging.level}\")\n\n# Clean up dummy config file\nos.remove(\"my_app_config.yaml\")\n","lang":"python","description":"This quickstart demonstrates how to create a `Config` subclass to load a YAML file and access its properties. It shows how to define a `default_file` and access nested configurations."},"warnings":[{"fix":"Upgrade to `yaml-config` version 0.1.3 or higher, which internally defaults to `yaml.SafeLoader` to mitigate this issue. If direct `PyYAML` interaction in your application is necessary and upgrade is not possible, explicitly pass `Loader=yaml.SafeLoader` to `yaml.load()` to prevent errors and enhance security.","message":"Older versions of `yaml-config` (prior to 0.1.3) might have used `PyYAML`'s `yaml.load()` function without explicitly specifying a `Loader` parameter. This usage is considered unsafe and was deprecated in `PyYAML` 5.1+, leading to a `TypeError` in `PyYAML` 6.0+.","severity":"breaking","affected_versions":"<0.1.3"},{"fix":"If you require environment variable interpolation for values inside your YAML content, consider pre-processing your YAML files (e.g., using Python's `os.path.expandvars` on the file content before passing it to `yaml-config`) or explore alternative YAML libraries that explicitly support this feature.","message":"The `yaml-config` library supports configuring root and directory paths for config files using environment variables (e.g., `<prefix>_CONFIG_ROOT`, `<prefix>_CONFIG_DIR`). However, it does not natively provide functionality for interpolating environment variables *within* the YAML file content itself (e.g., `api_key: ${API_KEY}`).","severity":"gotcha","affected_versions":"All versions"},{"fix":"Always use `yaml.safe_load()` or explicitly pass `Loader=yaml.SafeLoader` when loading YAML from untrusted sources, even if `yaml-config` handles its internal loading safely.","message":"Using `yaml.load()` directly from `PyYAML` without specifying a safe loader (like `yaml.SafeLoader` or `yaml.FullLoader`) is a known security vulnerability, as it can execute arbitrary Python code. Although `yaml-config` versions 0.1.3+ default to `yaml.SafeLoader` for its internal loading, direct interactions with `PyYAML` in your own code should always prioritize safety.","severity":"gotcha","affected_versions":"All versions (general PyYAML usage)"}],"env_vars":null,"last_verified":"2026-04-11T00:00:00.000Z","next_check":"2026-07-10T00:00:00.000Z"}