pyyaml¶
The canonical YAML library for Python, powering Ansible and the Python ecosystem.
Overview¶
pyyaml is the standard YAML library for Python. It's the foundation of Ansible, the world's most popular automation tool, and countless Python applications.
- Repository: github.com/yaml/pyyaml
- Language: Python (with C extension via libyaml)
- License: MIT
- Maintainer: YAML LLC
Why pyyaml Matters¶
Powers Automation¶
pyyaml is the YAML engine behind:
- Ansible - The world's leading automation platform
- Salt - Configuration management and orchestration
- Home Assistant - Smart home automation
- AWS CloudFormation - Infrastructure-as-code
- Pre-commit - Multi-language git hook framework
- Countless Python applications and frameworks
Massive Adoption¶
- 300M+ downloads per month via PyPI
- De facto standard for YAML in Python
- Used by millions of Python developers
- Essential infrastructure for DevOps and automation
Battle-Tested¶
- Decades of production use
- Proven reliability at scale
- Extensive compatibility
- Active community
YAML LLC Maintenance¶
Under YAML LLC's stewardship, pyyaml receives:
Security First¶
- Regular security audits
- Rapid vulnerability patching
- Safe defaults (SafeLoader)
- YES members get 48-hour early CVE notifications
Active Development¶
- Python 3.x compatibility improvements
- Performance optimizations via libyaml
- Bug fixes and stability improvements
- Documentation enhancements
Professional Support¶
- Responsive to issues and pull requests
- Clear development roadmap
- Integration support for enterprise users
- Backwards compatibility focus
Maintenance & Accountability¶
pyyaml is professionally maintained by YAML LLC, led by Ingy döt Net, co-creator of YAML.
- Security contact: security@yaml.com
- Disclosure policy: Coordinated disclosure with advance notice to YES members
- Release cadence: Security patches prioritized, feature releases quarterly
Need supply chain documentation for compliance? Learn about the YES Program →
Technical Details¶
Features¶
- Full YAML 1.1 support (YAML 1.2 in development)
- Pure Python and C-accelerated (libyaml) modes
- Safe and unsafe loading options
- Custom types and constructors
- Comprehensive error reporting
- Streaming API for large documents
Performance¶
- C extension via libyaml for speed
- Efficient memory usage
- Handles multi-document streams
- Optimized for common use cases
API¶
import yaml
# Safe loading (recommended)
with open('config.yaml') as f:
config = yaml.safe_load(f)
# Dump Python objects to YAML
with open('output.yaml', 'w') as f:
yaml.dump(data, f)
Use Cases¶
Ansible Playbooks¶
Every Ansible playbook uses pyyaml:
---
- name: Configure web servers
hosts: webservers
tasks:
- name: Install nginx
apt:
name: nginx
state: present
Application Configuration¶
Python applications use pyyaml for configuration:
Data Processing¶
Scientists and data engineers use pyyaml:
import yaml
# Load experimental parameters
with open('experiment.yaml') as f:
params = yaml.safe_load(f)
# Process data using parameters
results = run_experiment(**params)
Security¶
pyyaml provides multiple loaders with different security levels:
| Loader | Use Case | Safety |
|---|---|---|
safe_load() | Untrusted input | Safe |
full_load() | Known YAML tags | Use with caution |
unsafe_load() | Trusted input only | Dangerous |
Security Best Practice
Always use yaml.safe_load() for untrusted input. Never use yaml.load() or yaml.unsafe_load() with user-provided data.
Support pyyaml¶
pyyaml is maintained through the YES Program. YES members get:
- Priority support for pyyaml issues
- Early notification of security vulnerabilities
- Influence over roadmap and feature development
- Direct access to maintainers