PyYML (Python in YAML)

Warnings

• breaking The `pyyml` library is extremely old (last release 2019) and appears to be unmaintained. It is not compatible with modern Python practices or security standards. Use of this library may lead to unexpected behavior or system instability on newer Python versions.
  Fix: It is strongly recommended to avoid using `pyyml`. For safe YAML parsing and emitting, use the actively maintained `PyYAML` library and specifically its `yaml.safe_load()` and `yaml.safe_dump()` functions, or `yaml.load(..., Loader=yaml.FullLoader)` for more features with reasonable security. If embedding Python logic is absolutely necessary, consider safer alternatives like configuration files that are parsed by custom Python scripts rather than executed directly by a YAML loader.
• breaking Using `pyyml` for 'Python in YAML' introduces severe security vulnerabilities. The `PythonLoader` explicitly enables the execution of arbitrary Python code (via `!!python/eval` and `!!python/name`) during YAML loading. This means that processing untrusted YAML input with `pyyml` can lead to remote code execution (RCE) or other malicious activities.
  Fix: NEVER use `pyyml` with YAML files from untrusted sources. If you must use it in a highly controlled environment, ensure all YAML input is meticulously validated and comes from a fully trusted, internal source. Even then, consider if this functionality is truly necessary or if a more secure design pattern (e.g., dedicated configuration parsing logic) could be used.
• gotcha The `pyyml` library is distinct from `PyYAML`, the widely adopted YAML parser. Installing `pyyml` will not give you the `PyYAML` package, and vice-versa. Attempting to use `import yaml` after only installing `pyyml` will likely result in an `ImportError` if `PyYAML` is not also installed.
  Fix: If you intend to use the standard Python YAML library, install `PyYAML` (`pip install PyYAML`). If you are experimenting with `pyyml`, understand it's a separate, likely abandoned, project and may require `PyYAML` as an underlying dependency (though not explicitly listed in `pyyml`'s `setup.py`, its code directly uses `import yaml`).

Install

• pip install pyyml Install pyyml

Imports

• PythonLoader

  from pyyml.pyyml import PythonLoader

  Used for loading YAML documents that may contain Python code or references.
• PythonDumper

  from pyyml.pyyml import PythonDumper

  Used for dumping Python objects into YAML, potentially serializing Python-specific tags.
• yaml

  import yaml

  The core YAML library (likely PyYAML) used by pyyml for underlying parsing/emitting.

Quickstart

This quickstart demonstrates how to load a YAML string containing Python evaluation tags (`!!python/eval`) and name references (`!!python/name`) using `pyyml`'s `PythonLoader`. It also shows a basic example of dumping Python data using `PythonDumper`.

import yaml
from pyyml.pyyml import PythonLoader, PythonDumper

# Example YAML with Python code (!!python/eval and !!python/name)
yaml_string = """
message: !!python/eval "'Hello, ' + 'World!'"
version_info: !!python/name 'sys.version_info'
calculate: !!python/eval "lambda x, y: x + y"
"""

# Load the YAML using PythonLoader
data = yaml.load(yaml_string, Loader=PythonLoader)

print(f"Message: {data['message']}")
print(f"Python Version Info: {data['version_info']}")
print(f"Calculation (5 + 3): {data['calculate'](5, 3)}")

# Example of dumping (if PythonDumper is used for custom types)
python_data = {
    'my_list': [1, 2, 3],
    'my_tuple': (4, 5),
    'my_set': {6, 7}
}
# Note: PythonDumper may not handle all arbitrary Python objects without custom constructors/representers.
# For simple types, it behaves like SafeDumper.
dumped_yaml = yaml.dump(python_data, Dumper=PythonDumper, default_flow_style=False)
print("\nDumped YAML:")
print(dumped_yaml)