Gathering detailed insights and metrics for @sasanfa/vite-plugin-vue
Gathering detailed insights and metrics for @sasanfa/vite-plugin-vue
Next generation frontend tooling. It's fast!
Installations
npm install @sasanfa/vite-plugin-vueDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Min. Node Version
>=12.0.0
Releases
584
Languages
15
TypeScript
JavaScript
HTML
CSS
Vue
AppleScript
SCSS
Svelte
Less
Stylus
Shell
Pug
Sass
SugarSS
Astro
TypeScript (83.22%)
JavaScript (9.82%)
HTML (5.18%)
CSS (1.23%)
Vue (0.14%)
AppleScript (0.11%)
SCSS (0.1%)
Svelte (0.1%)
Less (0.05%)
Stylus (0.02%)
Shell (0.01%)
Pug (0.01%)
Sass (0.01%)
SugarSS (0.01%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
74,107 Stars
7,932 Commits
6,944 Forks
459 Watchers
42 Branches
1,128 Contributors
Updated on Jul 13, 2025
Maintainers
1
Package Meta Information
Latest Version
1.0.6
Package Id
@sasanfa/vite-plugin-vue@1.0.6
Unpacked Size
169.13 kB
Size
38.03 kB
File Count
8
Total Downloads
Cumulative downloads
Total Downloads
NaN
Peer Dependencies
1
@vitejs/plugin-vue 
Note: requires @vue/compiler-sfc as peer dependency. This is largely a port of rollup-plugin-vue with some vite-specific tweaks.
1// vite.config.js 2import vue from '@vitejs/plugin-vue' 3 4export default { 5 plugins: [vue()] 6}
Options
1export interface Options { 2 include?: string | RegExp | (string | RegExp)[] 3 exclude?: string | RegExp | (string | RegExp)[] 4 5 ssr?: boolean 6 isProduction?: boolean 7 8 // options to pass on to @vue/compiler-sfc 9 script?: Partial<SFCScriptCompileOptions> 10 template?: Partial<SFCTemplateCompileOptions> 11 style?: Partial<SFCStyleCompileOptions> 12}
Example for passing options to @vue/compiler-dom:
1import vue from '@vitejs/plugin-vue' 2 3export default { 4 plugins: [ 5 vue({ 6 template: { 7 compilerOptions: { 8 // ... 9 } 10 } 11 }) 12 ] 13}
Example for transforming custom blocks
1import vue from '@vitejs/plugin-vue' 2 3const vueI18nPlugin = { 4 name: 'vue-i18n', 5 transform(code, id) { 6 if (!/vue&type=i18n/.test(id)) { 7 return 8 } 9 if (/\.ya?ml$/.test(id)) { 10 code = JSON.stringify(require('js-yaml').safeLoad(code.trim())) 11 } 12 return `export default Comp => { 13 Comp.i18n = ${code} 14 }` 15 } 16} 17 18export default { 19 plugins: [vue(), vueI18nPlugin] 20}
License
MIT
No vulnerabilities found.
Reason
30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/vitejs/.github/SECURITY.md:1
- Info: Found linked content: github.com/vitejs/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/vitejs/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/vitejs/.github/SECURITY.md:1
Reason
2 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-cxrh-j4jr-qwg3
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/ecosystem-ci-trigger.yml:14
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/ecosystem-ci-trigger.yml:15
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/publish.yml:16
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release-tag.yml:17
- Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/semantic-pull-request.yml:16
- Info: found token with 'none' permissions: .github/workflows/ci.yml:1
- Warn: no topLevel permission defined: .github/workflows/ecosystem-ci-trigger.yml:1
- Warn: no topLevel permission defined: .github/workflows/issue-close-require.yml:1
- Warn: no topLevel permission defined: .github/workflows/issue-labeled.yml:1
- Warn: no topLevel permission defined: .github/workflows/publish.yml:1
- Warn: no topLevel permission defined: .github/workflows/release-tag.yml:1
- Warn: no topLevel permission defined: .github/workflows/semantic-pull-request.yml:1
Reason
binaries present in source code
Details
- Warn: binary detected: playground/wasm/add.wasm:1
- Warn: binary detected: playground/wasm/heavy.wasm:1
- Warn: binary detected: playground/wasm/light.wasm:1
Reason
Found 17/28 approved changesets -- score normalized to 6
Reason
dependency not pinned by hash detected -- score normalized to 6
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/vitejs/vite/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/vitejs/vite/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/vitejs/vite/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:151: update your workflow using https://app.stepsecurity.io/secureworkflow/vitejs/vite/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:157: update your workflow using https://app.stepsecurity.io/secureworkflow/vitejs/vite/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/vitejs/vite/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ecosystem-ci-trigger.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/vitejs/vite/ecosystem-ci-trigger.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ecosystem-ci-trigger.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/vitejs/vite/ecosystem-ci-trigger.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ecosystem-ci-trigger.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/vitejs/vite/ecosystem-ci-trigger.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ecosystem-ci-trigger.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/vitejs/vite/ecosystem-ci-trigger.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ecosystem-ci-trigger.yml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/vitejs/vite/ecosystem-ci-trigger.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ecosystem-ci-trigger.yml:131: update your workflow using https://app.stepsecurity.io/secureworkflow/vitejs/vite/ecosystem-ci-trigger.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ecosystem-ci-trigger.yml:198: update your workflow using https://app.stepsecurity.io/secureworkflow/vitejs/vite/ecosystem-ci-trigger.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ecosystem-ci-trigger.yml:217: update your workflow using https://app.stepsecurity.io/secureworkflow/vitejs/vite/ecosystem-ci-trigger.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/preview-release.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/vitejs/vite/preview-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/vitejs/vite/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/vitejs/vite/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-tag.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/vitejs/vite/release-tag.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-tag.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/vitejs/vite/release-tag.yml/main?enable=pin
- Warn: downloadThenRun not pinned by hash: .github/workflows/ci.yml:183
- Info: 0 out of 18 GitHub-owned GitHubAction dependencies pinned
- Info: 11 out of 12 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 downloadThenRun dependencies pinned
Reason
SAST tool is not run on all commits -- score normalized to 3
Details
- Warn: 8 commits out of 24 are checked with a SAST tool
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Score
7
/10
Last Scanned on 2025-06-30
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More