https://pantsbuild.org/ logo
#development
Title
# development
f

fast-nail-55400

03/29/2022, 4:13 PM
do we prefer TOML or YAML for ancillary config files?
context: I am adding a config file separate from pants.toml for configuring BSP build targets.
(The BSP config file’s p ath would be specified in pants.toml via an option.)
b

bitter-ability-32190

03/29/2022, 4:16 PM
The fact that Pants uses
pants.toml
should answer that, right?
f

fast-nail-55400

03/29/2022, 4:19 PM
not really, since the regex-lint linter uses YAML for its ancillary config file.
👀 1
and my ulterior motive is that I prefer YAML, so I’m testing how strong the TOML preference is.
b

bitter-ability-32190

03/29/2022, 4:23 PM
FWIW I'm told the general dev community prefers TOML over YAML. for human readaibility. YAML has a lot of nasty cases (I found this quite funny: https://github.com/cblp/yaml-sucks) I think @hundreds-father-404 can comment on why the regex-linter uses YAML. However I think it's important to remember that went from an internal tool to an external one. So perhaps it would've been TOML if it was external from the start?
There's these too: https://www.arp242.net/yaml-config.html#surprising-behaviour This one is funny:
Copy code
python: 3.5.3
postgres: 9.3
results in:
Copy code
{'python': '3.5.3', 'postgres': 9.3}
(string vs. number)
👀 1
f

fast-nail-55400

03/29/2022, 4:32 PM
I think @hundreds-father-404 can comment on why the regex-linter uses YAML. However I think it’s important to remember that went from an internal tool to an external one. So perhaps it would’ve been TOML if it was external from the start?
good point
will stick with TOML then
👍 1
w

wide-midnight-78598

03/29/2022, 6:27 PM
TOML gives me the INI shakes
But
pyproject.toml
is a thing, so what do I know
h

hundreds-father-404

03/29/2022, 7:59 PM
I personally like TOML much more than YAML because the edge cases Re: regex-linter, no special reason. Pants has generic support for reading dictionary options from a file, which I think can be
.json
,
.yaml
, `.py`(??), and maybe
toml
? This isn't documented, it's a feature from v1 & well before my involvement w/ project
p

polite-garden-50641

03/29/2022, 9:14 PM
we should avoid yaml... it has a bunch of security issues. toml is preferable, and I think regex-lint should move to that too (deprecate yaml, and allow either toml or json).. so we can remove the yaml library dependency from pants. just my 2c.
💯 1
1
h

hundreds-father-404

03/29/2022, 9:34 PM
I would love to remove the YAML dep from Pants!!! 🙌
🎉 2
🚀 2
Asher would you be willing to open an issue with your proposal? It'd prob be helpful to link to the mentioned security issues I don't have much time for "fun" projects like this this month w/ the doctors visits etc, but happy to help pitch into the effort
p

polite-garden-50641

03/31/2022, 1:03 PM