{"id":24151087,"url":"https://github.com/childsish/dynamic-yaml","last_synced_at":"2025-09-19T18:31:00.886Z","repository":{"id":8727972,"uuid":"10401011","full_name":"childsish/dynamic-yaml","owner":"childsish","description":"Using YAML for Python configuration files","archived":false,"fork":false,"pushed_at":"2024-04-09T20:52:06.000Z","size":60,"stargazers_count":45,"open_issues_count":3,"forks_count":9,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-08-19T17:02:15.354Z","etag":null,"topics":["python","yaml"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/childsish.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2013-05-31T08:36:10.000Z","updated_at":"2025-05-17T02:44:59.000Z","dependencies_parsed_at":"2024-06-19T05:32:08.947Z","dependency_job_id":"e0280942-390f-4d5b-a8da-45a4f597c1ae","html_url":"https://github.com/childsish/dynamic-yaml","commit_stats":{"total_commits":61,"total_committers":3,"mean_commits":"20.333333333333332","dds":"0.29508196721311475","last_synced_commit":"41c9cd918f9941085a5d46b83e9437753152e324"},"previous_names":[],"tags_count":19,"template":false,"template_full_name":null,"purl":"pkg:github/childsish/dynamic-yaml","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/childsish%2Fdynamic-yaml","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/childsish%2Fdynamic-yaml/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/childsish%2Fdynamic-yaml/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/childsish%2Fdynamic-yaml/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/childsish","download_url":"https://codeload.github.com/childsish/dynamic-yaml/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/childsish%2Fdynamic-yaml/sbom","scorecard":{"id":277608,"data":{"date":"2025-08-11","repo":{"name":"github.com/childsish/dynamic-yaml","commit":"a8971066dbe6f5508332ed251aa9e75856ba110d"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.9,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Code-Review","score":0,"reason":"Found 0/23 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/test-and-deploy.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Pinned-Dependencies","score":2,"reason":"dependency not pinned by hash detected -- score normalized to 2","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-and-deploy.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/childsish/dynamic-yaml/test-and-deploy.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-and-deploy.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/childsish/dynamic-yaml/test-and-deploy.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/test-and-deploy.yml:19","Warn: pipCommand not pinned by hash: .github/workflows/test-and-deploy.yml:20","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned","Info:   1 out of   1 third-party GitHubAction dependencies pinned","Info:   0 out of   2 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.txt:0","Info: FSF or OSI recognized license: MIT License: LICENSE.txt:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 15 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-17T14:56:00.900Z","repository_id":8727972,"created_at":"2025-08-17T14:56:00.900Z","updated_at":"2025-08-17T14:56:00.900Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":275982535,"owners_count":25564149,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-19T02:00:09.700Z","response_time":108,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["python","yaml"],"created_at":"2025-01-12T09:13:52.620Z","updated_at":"2025-09-19T18:31:00.601Z","avatar_url":"https://github.com/childsish.png","language":"Python","funding_links":[],"categories":["Parsers"],"sub_categories":["YAML is a **supserset of JSON**"],"readme":"![](https://github.com/childsish/dynamic-yaml/workflows/Project%20Tests/badge.svg)\n\ndynamic-yaml\n============\n\nDynamic YAML is a couple of classes and functions that add extra functionality to YAML that turns it into a great configuration language for Python. If you prefer JSON, then see [dynamic-json][dynamic-json].\n\nYAML already provides:\n\n* A very readable and clean syntax\n* Infinitely nestable key:value pairs\n* Sequence types\n* A regulated portable syntax that conforms to strict standards\n\nIn addition, the PyYAML parser provides:\n\n* Automatic type identification (a result of implementing the YAML standard)\n\nFinally, the classes introduced by Dynamic YAML enable:\n\n* Dynamic string resolution\n\nDynamic PyYAML requires PyYAML (https://bitbucket.org/xi/pyyaml).\n\nUsage\n-----\n\nThe key feature that was introduced is the ability for a string scalar to reference other parts of the configuration tree.\nThis is done using the Python string formatting syntax.\nThe characters '{' and '}' enclose a reference to another entry in the configuration structure.\nThe reference takes the form key1.key2 where key1 maps to another mapping object and can be found in the root mapping, and key2 can be found in key1's mapping object.\nMultiple levels of nesting can be used (eg. key1.key2.key3 etc...).\nIf you need brace literals, they can be escaped by doubling them up, as described by the Python format string [documentation](https://docs.python.org/3/library/string.html#formatstrings). \n\nAn example yaml configuration:\n```yaml\nproject_name: hello-world\ndirs:\n    home: /home/user\n    venv: \"{dirs.home}/venvs/{project_name}\"\n    bin: \"{dirs.venv}/bin\"\n    data: \"{dirs.venv}/data\"\n    errors: \"{dirs.data}/errors\"\n    sessions: \"{dirs.data}/sessions\"\n    databases: \"{dirs.data}/databases\"\n    output: \"{dirs.data}/output-{parameters.parameter1}-{parameters.parameter2}\"\nexes:\n    main: \"{dirs.bin}/main\"\n    test: tests\nparameters:\n    parameter1: a\n    parameter2: b\n```\n\nReading in a yaml file:\n\n```python\nimport dynamic_yaml\n\nwith open('/path/to/file.yaml') as fileobj:\n    cfg = dynamic_yaml.load(fileobj)\n    assert cfg.dirs.venv == '/home/user/venvs/hello-world'\n    assert cfg.dirs.output == '/home/user/venvs/hello-world/data/output-a-b'\n```\n\nAs the variables are dynamically resolved, it is also possible to combine this with `argparse`:\n\n```python\nimport dynamic_yaml\n\nfrom argparse import ArgumentParser\n\nwith open('/path/to/file.yaml') as fileobj:\n    cfg = dynamic_yaml.load(fileobj)\n    parser = ArgumentParser()\n    parser.add_argument('--parameter1')\n    parser.add_argument('--parameter2')\n    parser.parse_args('--parameter1 c --parameter2 d'.split(), namespace=cfg.parameters)\n    assert cfg.dirs.output == '/home/user/venvs/hello-world/data/output-c-d'\n```\n\nWriting yaml will resolve all references:\n\n```python\nimport dynamic_yaml\nimport yaml\n\nwith open('/path/to/file.yaml') as fileobj:\n    cfg = dynamic_yaml.load(fileobj)\n    assert yaml.safe_load(dynamic_yaml.dump(cfg)) == yaml.safe_load('''\nproject_name: hello-world\ndirs:\n    home: /home/user\n    venv: /home/user/venvs/hello-world\n    bin: /home/user/venvs/hello-world/bin\n    data: /home/user/venvs/hello-world/data\n    errors: /home/user/venvs/hello-world/data/errors\n    sessions: /home/user/venvs/hello-world/data/sessions\n    databases: /home/user/venvs/hello-world/data/databases\n    output: /home/user/venvs/hello-world/data/output-a-b}\nexes:\n    main: /home/user/venvs/hello-world/bin/main\n    test: tests\nparameters:\n  - 0.5\n  - 0.1\n''')\n```\n\nInstallation\n------------\n\nTo install, simply run:\n\n```bash\npip install dynamic-yaml\n```\n\nRestrictions\n------------\n\nDue to the short amount of time I was willing to spend on working upon this, there are a few restrictions that I could not overcome.\n\n* **Wild card strings must be surrounded by quotes.**\nBraces ('{' and '}') in a YAML file usually enclose a mapping object.\nHowever, braces are also used by the Python string formatting syntax to enclose a reference.\nAs there is no way to change either of these easily, strings that look like a yaml mapping must be explicitly declared using single or double quotes to enclose them.\nFor example:\n  ```yaml\n  quotes_needed: '{variable}'\n  ```\n* **Certain keys can only be used via `__getitem__` and not `__getattr__`.**\nBecause `dict` comes with it's own set of attributes that are always resolved first, the values for the following keys must be gotten using the item getter rather than the attribute getter (eg. config['items'] vs. config.items):\n  * append\n  * extend\n  * insert\n  * remove\n  * pop\n  * clear\n  * index\n  * count\n  * sort\n  * reverse\n  * copy \n\n[dynamic-json]: https://github.com/childsish/dynamic-json\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchildsish%2Fdynamic-yaml","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchildsish%2Fdynamic-yaml","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchildsish%2Fdynamic-yaml/lists"}