I'd like to specify which kind of error-checks are performed, e.g. test everything except duplicate key checks.

I'd like to add my custom checker(detector), parse the yaml nodes recursivley, likeYamlLint::Linter::KeyOverlapDetector. So I define the abstract class YamlLint::Linter:RecursiveChecker then inherits it to YamlLint::Linter::KeyOverlapDetector:

    class RecursiveChecker
      def parse(psych_parse_data)
        data_start = psych_parse_data.handler.root.children[0]
        parse_recurse(data_start)
      end

      def parse_recurse
        raise NotImplementedError
      end
    end

    ###
    # Detects duplicate keys in Psych parsed data
    #
    class KeyOverlapDetector < RecursiveChecker
    ...

But my test codes, just do YamlLint::Linter#check, throw an error for the inheritance.

Traceback (most recent call last):
	4: from test.rb:6:in `<main>'
	3: from test.rb:6:in `require_relative'
	2: from <my-local-path>/yamllint/lib/yamllint/linter.rb:6:in `<top (required)>'
	1: from <my-local-path>/yamllint/lib/yamllint/linter.rb:10:in `<module:YamlLint>'
 <my-local-path>/yamllint/lib/yamllint/linter.rb:132:in `<class:Linter>': superclass mismatch for class KeyOverlapDetector (TypeError)

I cannot understand why the inheritance does not work since the following codes has no errors:

module Mod
  class A
    class B ;end
    class C < B ;end
  end
end

Need to add more doc and comments

Should be able to pass in a directory path, then find all files with the allowed extentions (yml, yaml, and any given custom extensions), then lint them

Using the git version, I get this very unhelpful message:

% bundle exec rake --trace yamllint                                                                           :(
** Invoke yamllint (first_time)
** Execute yamllint
Running YamlLint...
Checking 412 files
Excluding 1 files
hieradata/env/qa.yaml
  The same key is defined more than once: DEBUG
YAML lint found 1 errors
YamlLint failed!

Looking in the file, it's not immediately obvious where this occurs; I can't even find a key named debug. Any ideas?

When #28 was merged, the change from YAML.load to YAML.safe_load changed this gem's behavior. I don't believe that was correct.

I think the current test suite happens to pass because there are:

• no aliases
• no symbols
• no classes other than the standard seven
• no recursion

Unfortunately this change will be breaking behavior for some, perhaps most, projects that use the gem.

I'd propose three changes:

First, each of the four features above should be added to the test suite in a spec/data/*.yaml file. (I'll volunteer, if you think it's a good idea but don't have time to do it.)

Second, for robustness in the test suite, where it currently rescues YAML::SyntaxError, also rescue Psych::Exception to cleanly catch both varieties of Psych error just in case.

Last, and to actually fix the error, I would switch that one line back to YAML.load, and add an exception in .rubocop.yml.

I think load is okay because generally, the reason one prefers safe_load is for processing untrusted user-supplied input. That doesn't seem likely. It's essentially impossible that any project where an attacker has write access to the config files in the codebase is going to be made any more vulnerable because that attacker can make its CI run a test load of those files with YAML.load. It's meant for data from third-parties or in a database, not config files.

If it were really important to keep safe_load, one would probably want to add several config options to the RakeTask's initialize to specify what kind of safe_load'ing should be applied to all the files. But honestly, real-world projects that use it would probably use different values for different files anyway and that'd be a huge pain to configure properly. A big increase in complexity for essentially no increase in security.

Can you please update the version on rubygems?

I need this update 2f61b6c

Thank you 👍

Hi.

This library is very useful for me.
But it seems that it is not maintained.

Will you be able to continue maintenance of yamllint in the future?

YAML files should only end in .yml or .yaml

Currently the only output is linting errors.

Need to add:

• Count of files being checked
• Progress bar or line

The published version of this gem still uses trollop - I see you have that updated already in the repository, and I'd love to drop the extra (rotting) dependency from our project :-)

Is there a release slated soon?

If given a yaml file with only comments yamllint will fail:

# test: true

with the following error:

undefined method `children' for nil:NilClass

CircleCI installs gems to vendor/bundle instead of .bundle. This causes problems with checking yaml files if you check all yaml files by default.

YamlLint::RakeTask.new do |t|
  t.paths = %w(
    **/*.yml
    **/*.yaml
  )
  t.exclude_paths = %w(
    vendor/**/*.yml
  )
end

I recently pasted some options from my sshd_config file and then added colons to the "key" side so that I could pass them to ssh::server_options: hash... however, one of the options had a "tab" character (\t) between the key and the value. Puppet balked with the following error:

.../hieradata/common.yaml): found character '\t(TAB)' that cannot start any token. (Do not use \t(TAB) for indentation) while scanning for the next token at line 509 column 22 on node

... but yaml-lint did not catch it. It should probably catch tabs as invalid whitespace characters between "tokens"

Example yaml:

ssh::server_options:
  AuthorizedKeysFile:	.ssh/authorized_keys

The following is a valid YAML file but yamllint detects dupe keys on foo

---
- foo: 1
  bar: 2
- foo: 1
  bar: 2

Loads into Ruby like so:

[{"foo"=>1, "bar"=>2}, {"foo"=>1, "bar"=>2}]

YamlLint output:

$ bundle exec ruby bin/yamllint spec/data/valid2.yaml 
Checking 1 files
spec/data/valid2.yaml
  The same key is defined more than once: 
  The same key is defined more than once: .foo
  The same key is defined more than once: .bar
YAML lint found 1 errors
$