Data

JSON vs YAML for Configuration Files

Q: Can I add comments to JSON config files?

Standard JSON does not support comments. JSONC (JSON with Comments) adds // and /* */ comments — VS Code uses JSONC for settings.json and tsconfig.json allows JSONC-style comments. JSON5 also supports comments plus trailing commas and other relaxations. But both JSONC and JSON5 require special parsers; standard JSON parsers will reject them.

Q: Is YAML slower to parse than JSON?

Yes, YAML parsing is typically 5-10x slower than JSON parsing due to YAML's more complex grammar and type inference. For config files, this is irrelevant — parsing a 1KB config file takes microseconds in either format. Parse speed matters for large data files (use JSON or better, a binary format), not for configuration.

Q: Can I use JSON wherever YAML is expected?

In YAML 1.2, yes — every valid JSON document is valid YAML. You can technically write Kubernetes manifests, Docker Compose files, and GitHub Actions workflows in JSON. But the ecosystem documentation, examples, and community all use YAML, so using JSON in these contexts creates friction. Kubernetes does officially support JSON manifests, though.

Q: How do I convert my JSON config to YAML?

You can convert JSON to YAML using ChangeThisFile's JSON to YAML converter. The conversion is lossless — YAML can represent everything JSON can. After converting, you can add comments to document your config values. For command-line conversion, yq can also convert between formats: yq -P config.yaml.

Published Mar 19, 2026 7 min read By ChangeThisFile Team

Quick Answer

Use YAML for config files humans edit (comments, readability, multiline strings). Use JSON for config files machines generate and consume (strict syntax, guaranteed parse consistency, universal support). YAML has more footguns; JSON has more limitations. For greenfield projects, TOML often beats both.

The JSON vs YAML question comes up every time a team creates a new configuration file. Both formats can represent the same data. Both have libraries in every language. Both are text-based and version-control friendly. The choice isn't about capability — it's about who's reading and writing the file.

This guide compares JSON and YAML specifically for configuration files — not APIs, not data interchange, not database storage. Configuration files have unique requirements: humans edit them, they need documentation (comments), they're often modified under pressure (debugging at 2 AM), and errors in them can bring down production systems.

Comments: YAML's Biggest Advantage

This is the single most impactful difference. YAML supports comments (# like this). JSON does not.

In a configuration file, comments serve critical purposes:

Explaining why a value is set, not just what it is: # Reduced from 100 to 25 after the 2026-02 OOM incident
Temporarily disabling settings while debugging: # cache_ttl: 3600
Documenting valid values: # Options: debug, info, warn, error
Linking to tickets or documentation: # See JIRA-1234 for context

Without comments, this context lives in commit messages (which nobody reads while debugging), external documentation (which drifts out of sync), or nowhere at all. The inability to comment out a line during debugging is a daily friction point for JSON config files.

Workarounds for JSON: JSONC (JSON with Comments, used by VS Code) allows // and /* */ comments. JSON5 adds comments plus other human-friendly features. But both are non-standard — most JSON parsers reject them, and using them means your config can't be processed by standard JSON tools.

Readability: YAML Wins for Humans

Compare the same config in both formats:

// JSON
{
  "server": {
    "host": "0.0.0.0",
    "port": 8080,
    "ssl": {
      "enabled": true,
      "cert": "/etc/ssl/cert.pem",
      "key": "/etc/ssl/key.pem"
    }
  },
  "database": {
    "url": "postgres://localhost:5432/mydb",
    "pool_size": 25
  },
  "features": ["auth", "logging", "metrics"]
}

# YAML
server:
  host: 0.0.0.0
  port: 8080
  ssl:
    enabled: true
    cert: /etc/ssl/cert.pem
    key: /etc/ssl/key.pem

database:
  url: postgres://localhost:5432/mydb
  pool_size: 25

features:
  - auth
  - logging
  - metrics

YAML is visually cleaner: no braces, no brackets, no quoted keys, no commas. The indentation communicates structure directly. For humans scanning a config file to find and change a value, YAML's lower syntactic noise is a real productivity advantage.

The counter-argument: JSON's braces make structure explicit. In YAML, a one-space indentation error creates a structurally different document that's valid YAML but wrong. In JSON, a missing brace is a syntax error that the parser catches immediately. Explicitness vs. brevity — JSON fails loudly, YAML fails silently.

Footguns: YAML Has Many, JSON Has Few

JSON's strict syntax means there are very few ways to create valid-but-wrong JSON. If you forget a comma, miss a quote, or add a trailing comma, the parser throws an error. JSON's rigidity is its safety net.

YAML's flexibility creates multiple categories of silent bugs:

Footgun	Example	Result
Boolean coercion	`country: NO`	Parsed as `false` (YAML 1.1)
Number coercion	`version: 3.10`	Parsed as float `3.1`
Octal numbers	`port: 0777`	Parsed as `511` (YAML 1.1)
Indentation error	2 spaces vs 3 spaces	Wrong nesting, valid YAML
Tab characters	Tab instead of spaces	Parse error (hard to see)
Trailing whitespace	`key:` (space after colon)	Null value instead of error
Unquoted strings	`value: null`	Null, not the string "null"

JSON's footgun list is much shorter: number precision loss on large integers, no way to represent Infinity or NaN, and string-only keys. That's about it. If you want a format where valid == correct, JSON is safer.

Type Coercion vs. Strict Typing

JSON's types are explicit. "8080" is always a string. 8080 is always a number. true is always a boolean. There's no ambiguity and no coercion.

YAML infers types from values. 8080 is a number. true is a boolean. But yes is also a boolean in YAML 1.1, and NO is false, and 3.10 is a float, and 0777 is octal. This inference saves keystrokes when it guesses right and creates bugs when it guesses wrong.

YAML 1.2 significantly reduced the problem by restricting booleans to only true/false and removing sexagesimal numbers. But YAML 1.2 adoption is incomplete — PyYAML still defaults to 1.1. The safe practice in YAML: quote any value that isn't obviously a number, boolean, or null.

For configuration files specifically, type coercion bugs are dangerous because configs are often modified rarely and tested even less. A YAML type coercion bug might sit unnoticed for months until someone changes a seemingly unrelated value and triggers a different code path. JSON's strict typing prevents this entire class of bug.

Tooling and Editor Support

Both formats have excellent tooling, but with different strengths:

Tool Category	JSON	YAML
Parsers (language support)	Standard library in every language	Libraries available for every language (some with 1.1/1.2 differences)
Schema validation	JSON Schema (mature, widespread)	Uses JSON Schema via YAML-to-JSON conversion
Editor support	Universal syntax highlighting and validation	Good but indentation issues can be subtle
Linting	Most editors validate JSON on save	yamllint (separate tool), editor extensions
Formatting	`jq`, `python -m json.tool`, Prettier	`yq`, Prettier (with YAML plugin)
Command-line processing	`jq` (powerful, widely installed)	`yq` (multiple implementations, less standardized)
Diff readability	Good (structural changes visible)	Excellent (minimal syntax noise in diffs)

JSON has an edge in tooling maturity, especially jq for command-line processing. YAML diffs are cleaner because of less syntactic noise, which matters for code review of config changes.

YAML's Merge Key: Powerful but Risky

YAML supports anchors (&name) and aliases (*name) to avoid repetition, plus a merge key (<<) to merge mappings:

defaults: &defaults
  timeout: 30
  retries: 3

production:
  <<: *defaults
  timeout: 60

staging:
  <<: *defaults

This is genuinely useful for configs with shared defaults. JSON has no equivalent — you must duplicate values or handle inheritance in application code.

The risk: the merge key (<<) is a YAML 1.1 extension, not part of the YAML 1.2 specification. Not all parsers support it. When they do, the merge order (which key "wins" when there are conflicts) can vary between implementations. Test merge key behavior in your specific parser before relying on it in production configs.

Recommendations by Use Case

Use Case	Recommendation	Why
Application config (humans edit)	YAML (or TOML)	Comments, readability, multiline strings
Application config (machine-generated)	JSON	Strict parsing, universal support, no coercion bugs
CI/CD pipelines	YAML	Required by GitHub Actions, GitLab CI, etc.
Kubernetes manifests	YAML	Required. Deep nesting makes JSON impractical.
API specifications	Either (both supported by OpenAPI)	YAML for authoring, JSON for machine consumption
VS Code settings	JSONC	VS Code chose JSONC (JSON with Comments)
TypeScript config	JSON	tsconfig.json. Ecosystem convention.
Node.js package config	JSON	package.json. Ecosystem convention.
Python project config	TOML	pyproject.toml. Ecosystem convention.
Rust project config	TOML	Cargo.toml. Ecosystem convention.

The honest answer for new projects: if you can choose freely, use TOML. It has comments (unlike JSON), explicit types (unlike YAML), and no indentation footguns. TOML only falls short for deeply nested configs, which is when YAML's indentation-based nesting becomes necessary.

The JSON vs YAML debate is less about which format is better and more about which tradeoffs you prefer. JSON trades human-friendliness for machine-safety. YAML trades precision for expressiveness. Neither is wrong — they're optimized for different consumers.

If you're writing config that machines generate and read, use JSON. If you're writing config that humans maintain and debug, use YAML (but quote your strings). If you have a clean slate and your config isn't deeply nested, skip both and use TOML — it's what both formats wish they were for configuration.

Key Takeaways

YAML's comments are the single biggest advantage over JSON for config files. Being unable to comment out a line during debugging is a real cost.
YAML is more readable (less syntactic noise) but JSON is more reliable (no implicit type coercion, no invisible indentation bugs).
YAML 1.1's type coercion (the Norway problem) creates silent data corruption. JSON's strict types never surprise you.
JSON has better tooling maturity (jq, universal parsers). YAML has better diff readability and merge key support.
Most config format choices are made by the ecosystem (package.json, Cargo.toml, docker-compose.yml), not by you.
For greenfield projects with a free choice, TOML beats both: comments + explicit types + no indentation bugs.

Frequently Asked Questions

Can I add comments to JSON config files?

Standard JSON does not support comments. JSONC (JSON with Comments) adds // and /* */ comments — VS Code uses JSONC for settings.json and tsconfig.json allows JSONC-style comments. JSON5 also supports comments plus trailing commas and other relaxations. But both JSONC and JSON5 require special parsers; standard JSON parsers will reject them.

Is YAML slower to parse than JSON?

Yes, YAML parsing is typically 5-10x slower than JSON parsing due to YAML's more complex grammar and type inference. For config files, this is irrelevant — parsing a 1KB config file takes microseconds in either format. Parse speed matters for large data files (use JSON or better, a binary format), not for configuration.

Can I use JSON wherever YAML is expected?

In YAML 1.2, yes — every valid JSON document is valid YAML. You can technically write Kubernetes manifests, Docker Compose files, and GitHub Actions workflows in JSON. But the ecosystem documentation, examples, and community all use YAML, so using JSON in these contexts creates friction. Kubernetes does officially support JSON manifests, though.

How do I convert my JSON config to YAML?

You can convert JSON to YAML using ChangeThisFile's JSON to YAML converter. The conversion is lossless — YAML can represent everything JSON can. After converting, you can add comments to document your config values. For command-line conversion, yq can also convert between formats: yq -P < config.json > config.yaml.

What about YAML's security vulnerabilities?

YAML's most dangerous security feature is its ability to deserialize arbitrary objects in some languages. Python's yaml.load() could execute arbitrary code through YAML tags like !!python/object. Always use yaml.safe_load() in Python (and equivalent safe loaders in other languages). JSON doesn't have this vulnerability because it has no type tag system.

Should I validate my YAML configs with a schema?

Yes. YAML files can use JSON Schema for validation (YAML is converted to JSON internally before validation). Tools like yamllint check syntax, and JSON Schema checks structure and types. For Kubernetes, kubeconform validates manifests against Kubernetes API schemas. Schema validation catches type coercion bugs, missing required fields, and structural errors before deployment.

Why do some projects use both JSON and YAML?

Because they serve different audiences. OpenAPI specifications are commonly authored in YAML (human-friendly for writing) and published in JSON (machine-friendly for tooling). Docker Compose uses YAML for the compose file but JSON for the Docker Engine API. The pattern is: YAML for human authoring, JSON for machine processing.

Is there a way to prevent YAML type coercion issues?

Three approaches: (1) Always quote strings that might be misinterpreted — version: '3.10', country: 'NO'. (2) Use a YAML 1.2 parser (Go's go-yaml, Rust's serde_yaml). (3) Validate with JSON Schema after parsing, which catches type mismatches. The safest approach is all three. Using a linter like yamllint also helps catch common issues early.

Ready to convert your files?

Use ChangeThisFile to convert between 600+ formats — free, fast, and private.

Start Converting