strictyaml
config
Our great sponsors
strictyaml | config | |
---|---|---|
21 | 32 | |
1,407 | 6,088 | |
- | 0.3% | |
1.9 | 4.5 | |
about 1 month ago | 6 months ago | |
Python | Java | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
strictyaml
- StrictYAML
-
XML is better than YAML
NestedText already is the way I use YAML; everything is intepreted as a string. I have some trust in my YAML parser to not mangle most strings. I could use NestedText, but users would be unfamiliar with it, and IIRC the only parsers are in Python. But then I could use StrictYaml too https://github.com/crdoconnor/strictyaml
-
The new type of SQL injection
you can stick to a subset of YAML syntax (e.g. strictYAML)
-
DO YOU YAML?
YAML stands for "YAML Ain’t Markup Language" - this is known as a recursive acronym. YAML is often used for writing configuration files. It’s human readable, easy to understand and can be used with other programming languages. Although YAML is commonly used in many disciplines, it has received criticism on the amoutn of whitespace .yml files have, difficulty in editing, and complexity of the standard. Despite the criticism, properly using YAML ensures that you can reproduce the results of a project and makes sure that the virtual environment packages play nicely with system packages. (If you're looking for another way to share environments there are other alternatives to YAML which include StrictYAML (a type-safe YAML parser) and NestedText)
-
The yaml document from hell
The example you linked provides this as an example of a YAML document that he wants his format to support.
-
The YAML Document from Hell
That safe subset exists and is implemented in a number of languages. It is called strict-yaml: https://hitchdev.com/strictyaml/
-
Hacker News top posts: Jul 3, 2022
StrictYAML\ (33 comments)
-
Why JSON Isn’t a Good Configuration Language (2018)
To me those are in the category of "nice to have", and the problem is that every developer has different preferences for these [1] [2]. But the main features of StrictYaml, like supporting comments and less syntactic noise, I think are pretty uncontroversial, and perhaps it's worth it to get people to switch over for those alone. It doesn't need to be perfect, it just needs to be a significant enough improvement over JSON, and I'd say those two features are more than enough
[1]: https://github.com/crdoconnor/strictyaml/issues/37
[2]: https://github.com/crdoconnor/strictyaml/issues/38
config
- Hocon (Human-Optimized Config Object Notation)
-
XML is better than YAML
I don‘t understand why HOCON (https://github.com/lightbend/config/blob/main/HOCON.md) isn‘t used more often (at least for configuration use cases). It‘s a superset of JSON, has comments, multiline strings, optional quotes, replacement syntax. We use it at many places, and it‘s as nice at it can get.
- Toml-bench – Which toml package to use in Python?
- slf4j or System.Logger?
- TOML: Tom's Obvious Minimal Language
-
Ron: Rusty Object Notation
HOCON is a great human-readable alternative to JSON. It's a superset of JSON with lots of cool features that make it both more readable and easier to use.
Here's a rundown of HOCON's main features: https://github.com/lightbend/config#features-of-hocon
-
Spring and scala
"Typesafe Config" is the library generally used to read configuration files in HOCON format, which this library introduced. It's commonly used in essentially OOP/imperative Scala contexts, including Akka and its ecosystem.
-
Make systemd better for Podman with Quadlet
Interesting!
For my own servers I use an internal tool that integrates apps with systemd. You point it at the output of your build system and a config file, and it produces a deb that contains systemd unit files and which registers/starts the server on install/reboot/upgrade, as a regular debian package would. Then it uploads it to the server via sftp and installs it using apt, so dependencies are resolved. As part of the build process it can download and bundle language runtimes (I use it with a JVM), it scans native binaries to find packages that the app should depend on, and you can define your config including package metadata like dependencies and systemd units using the HOCON language [1].
Upshot is you can go from a Gradle or Maven build to a running server with a few lines of config. Oh and it can build debs from any OS, so you can push from macOS and Windows too. If your server needs to depend on e.g. Postgres, you just add that dependency in your config and it'll be up and running after the push.
It also has features to turn on DynamicUser and other sandboxing features. I think I'll experiment with socket activation next, and then bundled BorgBackup.
Net/net it's pretty nice. I haven't tried with containers because many language ecosystems don't seem to really need them for many use cases. If your build tool knows how to download your language runtime and bundle it sans container by just setting up paths correctly, then going without means you can rely on your Linux distribution to keep things up to date with security patches in the background, it means networking works as you'd expect (no accidentally opened firewall ports!) and so on. SystemD knows how to configure resource isolation/cgroups and kernel sandboxing, so if you need those you can just write that into your build config and it's done. Or not, as you wish.
With a deployment tool to automate builds/pushes, systemd to supervise processes and a big beefy dedicated machine to let you scale up, I wonder how much value the container part is really still providing if you don't need the full functionality of Kubernetes.
[1] https://github.com/lightbend/config/blob/main/HOCON.md
-
Introducing JXC: An extensible, expressive data language. It's a drop-in replacement for JSON and supports type annotations, numeric suffixes, base64 strings, and more!
Other similar standards: TOML, HOCON
-
Jsonnet is better than YAML for generating JSON
I've also used HOCON pretty extensively for config, and it is better than both YAML and JSON for config with moderate to high complexity.
What are some alternatives?
pyyaml - Canonical source repository for PyYAML
cfg4j - Modern configuration library for distributed apps written in Java.
nestedtext - Human readable and writable data interchange format
owner - Get rid of the boilerplate code in properties based configuration.
ytt - YAML templating tool that works on YAML structure instead of text
dotenv - Loads environment variables from .env for nodejs projects.
crudini - A utility for manipulating ini files
dotenv - A twelve-factor configuration (12factor.net/config) library for Java 8+
yaml-rust - A pure rust YAML implementation.
Configur8 - Nano-library which provides the ability to define typesafe (!) configuration templates for applications.
starlark-go - Starlark in Go: the Starlark configuration language, implemented in Go
centraldogma - Highly-available version-controlled service configuration repository based on Git, ZooKeeper and HTTP/2