Frequently Asked Questions¶

YAML stands for "YAML Ain't Markup Language".

It's a recursive acronym that emphasizes YAML's purpose as a data serialization language, not a markup language like HTML or XML.

The .yaml extension is preferred, but .yml is common and acceptable.

Both are widely supported by tools and platforms. For consistency, we recommend using .yaml.

YAML is used for:

• Configuration files - Kubernetes, Docker Compose, CI/CD pipelines
• Data serialization - Storing and transferring structured data
• Infrastructure as Code - Ansible playbooks, CloudFormation templates
• Application settings - Configuration management

YAML is popular because it's human-readable and easy to write.

JSON is actually a subset of YAML (in YAML 1.2). Key differences:

YAML is designed for humans; JSON is designed for machines.

YAML 1.2 is the current standard (specifically 1.2.2, released October 2021).

YAML 1.1 is still common but has some quirks that were fixed in 1.2. Most modern tools support 1.2.

YAML LLC is a company founded by Ingy döt Net (co-creator of YAML) to provide professional maintenance and enterprise support for YAML infrastructure.

We maintain go-yaml, pyyaml, libyaml, and YAMLScript.

YES (YAML Enterprise Sustainability) is an enterprise sponsorship program that provides:

• 48-hour early CVE notifications
• Professional support from YAML experts
• Influence over YAML's roadmap
• Enterprise-grade maintenance

Learn more about YES →

YAML is critical infrastructure used by millions of applications, but it has historically relied on volunteer maintenance. The YES Program ensures:

• Timely security patches - Professional response to vulnerabilities
• Sustained development - Ongoing improvements and new features
• Reliable maintenance - Not dependent on volunteer availability
• Expert support - Direct access to YAML's creators and maintainers

YAML LLC maintains yaml.org and has authority over the YAML specification. This site (yaml.com) is the business presence of YAML LLC, focused on the YES Program and enterprise support.

yaml.org remains the community and specification site for YAML.

The EU Cyber Resilience Act requires knowing who maintains your software dependencies. YES members have a direct relationship with YAML LLC—the official maintainers of go-yaml, pyyaml, and libyaml.

We provide maintainer documentation, security contacts, and coordinated vulnerability disclosure. For enterprises needing formal compliance documentation, our Partner and Leader tiers include custom attestations.

YAML has two ways to handle multi-line strings:

Literal style (|) - Preserves newlines:

message: |
  Line 1
  Line 2
  Line 3

Folded style (>) - Folds lines into spaces:

message: >
  This is a long sentence
  that will be folded
  into a single line.

Anchors (&) and aliases (*) let you reference the same data multiple times:

defaults: &defaults
  timeout: 30
  retries: 3

production:
  <<: *defaults
  host: prod.example.com

staging:
  <<: *defaults
  host: staging.example.com

Both production and staging will have timeout and retries from defaults.

Be careful! Some YAML parsers support features that can be dangerous with untrusted input.

Best practices: - Use safe loading functions (yaml.safe_load() in Python) - Disable tag resolution for untrusted input - Validate input structure after parsing

See our security best practices →

YAML does not allow tab characters for indentation. Use spaces only.

This is by design to avoid ambiguity about indentation levels.

• Community Chat: YAML Matrix Chat
• GitHub: Issues on specific project repositories
• This site: Check our resources and blog
• Enterprise Support: JOIN YES for professional support

For security issues in YAML LLC projects:

• Email: ingy@yaml.com (PGP key available on request)
• GitHub: Use private security advisories

YES Program members receive 48-hour early notification of vulnerabilities.