{"library":"pyyml","type":"library","category":null,"description":"This library, `pyyml` (version 0.0.2), aims to integrate Python code execution directly within YAML documents. Released in 2019, it appears to be an unmaintained project with its last release several years ago, focusing on enabling Python names and expressions to be evaluated during YAML loading. This functionality, while seemingly powerful, introduces significant security vulnerabilities, as arbitrary Python code can be executed from untrusted YAML sources. It is distinct from the widely used and actively maintained `PyYAML` library.","language":"en","status":"abandoned","version":"0.0.2","tags":["yaml","configuration","serialization","deserialization","security-risk","abandoned"],"last_verified":"Wed May 27","install":[{"cmd":"pip install pyyml","imports":["from pyyml.pyyml import PythonLoader","from pyyml.pyyml import PythonDumper","import yaml"]}],"homepage":null,"github":null,"docs":null,"changelog":null,"pypi":null,"npm":null,"openapi_spec":null,"status_page":null,"smithery":null,"compatibility":{"summary":{"python_range":"3.10–3.9","success_rate":100,"avg_install_s":1.7,"avg_import_s":null,"wheel_type":"wheel"},"url":"https://checklist.day/v1/registry/pyyml/compatibility"}}