types-strictyaml 1.7.3.0

Typing stubs for strictyaml

Typing stubs for strictyaml

* Python 3.10 through 3.14

new in 1.7.3.0

initial typing testsuite; tested against mypy pyright; publish to pypi;

Why?

strictyaml is ignored by the Python community. Instead these are promoted: TOML, Python internal yaml, pyyaml, and pydantic.

None of which strictly validate very likely malicious dangerous user input.

Feel sorry for those who have been mislead to believe, without validating against a schema, the input files are safe.

User input validation critical security issues pop up constantly. In Python at least, some of these can be avoided completely by choosing strictyaml.

History

The strictyaml author had his own ideas on how to test and document Python packages. Regardless agree with him or not, this created a barrier to entry to surmount for both potential contributors and maintainers.

Would argue that barrier, evidently, is too formidable for us average diabolical albeit lazy geniuses.

Then to add insult to injury, the author ascended to another plane of existence, leaving strictyaml unmaintained.

There exists a vacuum where there should be: stubs, pytest test suite, coverage, and Sphinx docs.

Roadmap

These stubs were created without forking strictyaml. And will help downstream authors test their packages. Hopefully lead to strictyaml acceptance by the Python community.

Static type checking performed using both mypy and pyright. With the hope that later strictyaml is forked and pytest test suite is created. So can prove coverage and allow pyright to find coding errors.

Projects

These packages input files are strictly validated against a schema.

If have a package built that is protected by strictyaml, we’d like to hear from you.

• strictyamlx

• logging-strict

• sphinx-external-toc-strict

strictyaml team

Dave Faulkmore and Muneeb ur Rahman both have made contributions to strictyaml community. Both have skin in the game and would like to see strictyaml project status revived.

If share our passion, throw caution to the wind, say hmm why not?, put the effort towards writing a message, then find the mental fortitude to click the Send button.

Contributing

Create .venv

pyenv versions
mkdir .venv && cd .venv
python -m venv .
cd - &>/dev/null

. .venv/bin/activate
python -m pip install -e ".[dev]"

Run tests

Verbose and show output

make v=1 show=1 check

Quiet and save output to /tmp folder

make check

Run mypy

make premypy

Run pyright

make preright

Run pre-commit

make pre-commit

licenses

Lets take legal compliance seriously to show commitment to respect and acknowledge authors.

Creates NOTICE.txt, licenses.json and sbom.json

rm -rf build/lib; cd .tox && tox --root=.. -c ../tox.ini -e notice \
--workdir=. -vvv; cd - &>/dev/null
rm -rf build/lib; cd .tox && tox --root=.. -c ../tox.ini -e sbom \
--workdir=. -vvv; cd - &>/dev/null

LICENSE and NOTICE.txt are essentially the same expect LICENSE is manually maintained.