Skip to content

Default to yaml over js-yaml#859

Merged
markstos merged 1 commit intonode-config:masterfrom
jdmarshall:yaml
Jan 9, 2026
Merged

Default to yaml over js-yaml#859
markstos merged 1 commit intonode-config:masterfrom
jdmarshall:yaml

Conversation

@jdmarshall
Copy link
Copy Markdown
Collaborator

@jdmarshall jdmarshall commented Jan 9, 2026
edited by coderabbitai bot
Loading

js-yaml is mostly dead although it did get a CVE patch to address the issue that got it put onto a watch list.

'yaml' is no longer TJ's project but is a completely different repo that is being actively maintained.

addresses #851

Summary by CodeRabbit

  • Chores
    • Refactored internal YAML parsing logic and updated related dependencies.

✏️ Tip: You can customize this high-level summary in your review settings.

@jdmarshall
js-yaml is mostly dead although it did get a CVE patch to address
0e2a879 
the issue that got it put onto a watch list.

'yaml' is no longer TJ's project but is a completely different
repo that is being actively maintained.

addresses node-config#851
@coderabbitai
Copy link
Copy Markdown

coderabbitai bot commented Jan 9, 2026
edited
Loading

📝 Walkthrough

Walkthrough

The PR replaces the js-yaml devDependency with the yaml package. The parser.js file is refactored to update the YAML parsing lazy-load flow, including adjustments to method calls (parse vs load) and error messaging to align with the new dependency.

Changes

Cohort / File(s) Summary
YAML Dependency Migration
package.json, parser.js		 Replaced js-yaml ^3.2.2 with yaml ^2.8.2. Refactored lazy-load flow in parser: primary loader uses YAML_DEP for Yaml with parse(content), fallback loads JS_YAML_DEP into JSYaml with load(content). Error messages updated to reference "yaml" dependency.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 We've traded js-yaml for yaml's sweet way,
Lazy loads refactored for the new day,
Parse and load methods now in sight,
Dependencies dancing ever so light,
Hops of joy for this upgrade's might! 🌟

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately reflects the main change: switching the default YAML parser from js-yaml to yaml, which is clearly demonstrated by the dependency replacement and parser refactoring throughout the changeset.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing touches
  • 📝 Generate docstrings

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Jan 9, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Fix all issues with AI agents 
In @parser.js:
- Around line 137-156: Parser.yamlParser currently only logs to console and
returns undefined when neither YAML_DEP nor JS_YAML_DEP are available; change it
to throw a descriptive Error instead. In the lazy-loading block (the require
calls referencing YAML_DEP and JS_YAML_DEP) ensure the final else branch throws
an Error that states neither "yaml" nor "js-yaml" could be loaded and advises
adding one of them to package.json (mentioning both dependency names and that
js-yaml is the fallback), so callers of Parser.yamlParser get a clear exception
instead of undefined.
🧹 Nitpick comments (1)
parser.js (1)

13-15: Nit: keep naming consistent (Yaml vs JSYaml).

Yaml (capital Y, lowercase aml) vs JSYaml is a bit asymmetric; consider YAML/JS_YAML or Yaml/JsYaml for readability.

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6406d90 and 0e2a879.

📒 Files selected for processing (2)
  • package.json
  • parser.js
🔇 Additional comments (1)
package.json (1)

40-41: No action needed—YAML placement is intentional per project design.

All format parsers (yaml, toml, cson, hjson, properties, x2js, coffeescript) are in devDependencies as soft dependencies. This is consistent with the project's stated approach ("Define soft dependencies so transpilers don't include everything"). The code already handles missing parsers gracefully: if neither yaml nor js-yaml is installed, it logs a clear error message suggesting the user add the dependency. The [email protected] package fully supports CommonJS require() and Node.js 20.

markstos
markstos approved these changes Jan 9, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@markstos markstos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

QA Log

  • Reviewed related issue and diff.

@markstos markstos merged commit 848cde5 into node-config:master Jan 9, 2026
2 checks passed
@jdmarshall jdmarshall added this to the 4.2 milestone Jan 9, 2026
@jdmarshall jdmarshall deleted the yaml branch January 18, 2026 20:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@markstos markstos markstos approved these changes

Assignees

No one assigned

Labels

breaking-change

Projects

None yet

Milestone

4.2

Development

Successfully merging this pull request may close these issues.

2 participants

@jdmarshall @markstos