npmpackage.info

Gathering detailed insights and metrics for bootstrap-vue

Other packages similar to bootstrap-vue

sortablejs

1.15.6

JavaScript library for reorderable drag-and-drop lists on modern browsers and touch devices. No jQuery required. Supports Meteor, AngularJS, React, Polymer, Vue, Knockout and any CSS library, e.g. Bootstrap.

bootstrap-vue-next

0.30.4

BootstrapVueNext is an early and lovely component library for Vue 3 & Nuxt 3 based on Bootstrap 5 and Typescript.

vue-cli-plugin-bootstrap-vue

0.8.2

vue-cli plugin to add Bootstrap-Vue

bootstrap-vue-3

0.5.1

Early (but lovely) implementation of Vue 3, Bootstrap 5 and Typescript

Gathering detailed insights and metrics for bootstrap-vue

bootstrap-vue - 2.23.1 | npmpackage.info

bootstrap-vue

BootstrapVue provides one of the most comprehensive implementations of Bootstrap v4 for Vue.js. With extensive and automated WAI-ARIA accessibility markup.

2.23.1

14,517

MIT

JavaScript

46.99 MB

5.4

Installations

npm install bootstrap-vue

Developer Guide

BETA

Typescript

Yes

Module System

CommonJS

Node Version

17.1.0

NPM Version

8.1.2 Pull Requests

Open

15

Total

3,708

Closed

385

Merged

3,308

Issues

Open

176

Total

3,409

Closed

3,233

Releases

107

v2.22.0

Updated on Apr 17, 2022

v2.21.2

Updated on Jan 01, 2021

v2.21.1

Updated on Dec 16, 2020

v2.21.0

Updated on Dec 14, 2020

v2.20.1

Updated on Dec 01, 2020

v2.20.0

Updated on Nov 30, 2020

View All 107 releases

Languages

JavaScript

SCSS

Shell

JavaScript (97.84%)

SCSS (2.03%)

Shell (0.13%)

Developer

bootstrap-vue

Download Statistics

Total Downloads

Last Day

Last Week

Last Month

Last Year

GitHub Statistics

MIT License

14,517 Stars

5,424 Commits

1,879 Forks

284 Watchers

10 Branches

344 Contributors

Updated on Jul 09, 2025

Maintainers

View All 344 Contributors

Package Meta Information

Latest Version

2.23.1

Package Id

bootstrap-vue@2.23.1

Unpacked Size

46.99 MB

Size

8.60 MB

File Count

1,134

NPM Version

8.1.2

Node Version

17.1.0

Total Downloads

Cumulative downloads

Total Downloads

NaN

Last Day

NaN

Compared to previous day

Last Week

NaN

Compared to previous week

Last Month

NaN

Compared to previous month

Last Year

NaN

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

@nuxt/opencollective bootstrap popper.js portal-vue vue-functional-data-merge

Dev Dependencies

@babel/cli @babel/core @babel/plugin-transform-modules-commonjs @babel/plugin-transform-runtime @babel/preset-env @babel/standalone @nuxt/content @nuxtjs/google-analytics @nuxtjs/pwa @nuxtjs/robots @nuxtjs/sitemap @testing-library/jest-dom @vue/compat @vue/compiler-dom @vue/test-utils @vue/test-utils-vue3 autoprefixer babel-core babel-eslint babel-jest babel-plugin-istanbul bootstrap-icons bundlewatch clean-css-cli codemirror codesandbox core-js cross-env eslint eslint-config-prettier eslint-config-standard eslint-config-vue eslint-plugin-import eslint-plugin-jest eslint-plugin-markdown eslint-plugin-node eslint-plugin-prettier eslint-plugin-promise eslint-plugin-vue execa highlight.js html-loader husky improved-yarn-audit jest jiti lint-staged loader-utils lodash marked nuxt postcss postcss-cli prettier require-context rollup rollup-plugin-babel rollup-plugin-commonjs rollup-plugin-node-resolve sass sass-loader standard-version terser vue vue-router vue-server-renderer vue-template-compiler vue-test-utils-compat

With more than 85 components, over 45 available plugins, several directives, and 1000+ icons, BootstrapVue provides one of the most comprehensive implementations of the Bootstrap v4.5 component and grid system available for Vue.js v2.6, complete with extensive and automated WAI-ARIA accessibility markup.

Backers

Thank you to all our backers! 🙏 [Become a backer]

Contributors

This project exists thanks to all the people who contribute. [Contribute].

Partners

License

Released under the MIT License. Copyright (c) BootstrapVue.

High

0/10

Summary

Cross-Site Scripting in bootstrap-vue

Affected Versions

<= 2.0.0-rc.11

Patched Versions

2.0.0-rc.12

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

10

Security-Policy

Determines if the project has published a security policy.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

5

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

5

SAST

Determines if the project uses static code analysis.

2

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Maintained

Determines if the project is "actively maintained".

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/bootstrap-vue/bootstrap-vue/build.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/bootstrap-vue/bootstrap-vue/build.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/bootstrap-vue/bootstrap-vue/build.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-deploy.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/bootstrap-vue/bootstrap-vue/docs-deploy.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-deploy.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/bootstrap-vue/bootstrap-vue/docs-deploy.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-deploy.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/bootstrap-vue/bootstrap-vue/docs-deploy.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-deploy.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/bootstrap-vue/bootstrap-vue/docs-deploy.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-deploy.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/bootstrap-vue/bootstrap-vue/docs-deploy.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-deploy.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/bootstrap-vue/bootstrap-vue/docs-deploy.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/bootstrap-vue/bootstrap-vue/test.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/bootstrap-vue/bootstrap-vue/test.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/bootstrap-vue/bootstrap-vue/test.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/bootstrap-vue/bootstrap-vue/test.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/bootstrap-vue/bootstrap-vue/test.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/bootstrap-vue/bootstrap-vue/test.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/bootstrap-vue/bootstrap-vue/test.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/bootstrap-vue/bootstrap-vue/test.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/bootstrap-vue/bootstrap-vue/test.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:139: update your workflow using https://app.stepsecurity.io/secureworkflow/bootstrap-vue/bootstrap-vue/test.yml/dev?enable=pin
Info: 0 out of 18 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 1 third-party GitHubAction dependencies pinned

0

Fuzzing

Determines if the project uses fuzzing.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Reason

43 existing vulnerabilities detected

Details

Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
Warn: Project is vulnerable to: GHSA-4w2v-q235-vp99
Warn: Project is vulnerable to: GHSA-cph5-m8f7-6c5x
Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6
Warn: Project is vulnerable to: GHSA-vc8w-jr9v-vj7f
Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Warn: Project is vulnerable to: GHSA-74fj-2j2h-c42q
Warn: Project is vulnerable to: GHSA-pw2r-vq6v-hr8c
Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
Warn: Project is vulnerable to: GHSA-5v2h-r2cx-5xgj
Warn: Project is vulnerable to: GHSA-rrrm-qjm4-v8hf
Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
Warn: Project is vulnerable to: GHSA-vf6r-87q4-2vjf
Warn: Project is vulnerable to: GHSA-8g77-54rh-46hx
Warn: Project is vulnerable to: GHSA-h7cp-r72f-jxh6
Warn: Project is vulnerable to: GHSA-v62p-rq8g-8h59
Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Warn: Project is vulnerable to: GHSA-325j-24f4-qv5x
Warn: Project is vulnerable to: GHSA-vx3p-948g-6vhq
Warn: Project is vulnerable to: GHSA-8cj5-5rvv-wf4v
Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
Warn: Project is vulnerable to: GHSA-5j4c-8p2g-v4jx
Warn: Project is vulnerable to: GHSA-g3ch-rx76-35fx
Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
Warn: Project is vulnerable to: GHSA-776f-qx25-q3cc

Score

5.4

/10

Last Scanned on 2025-07-07

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

Other packages similar to bootstrap-vue

Other packages similar to bootstrap-vue

bootstrap-vue

Installations

Developer Guide

Yes

CommonJS

17.1.0

8.1.2

Pull Requests

15

3,708

385

3,308

Issues

176

3,409

3,233

Releases

Languages

Developer

Download Statistics

GitHub Statistics

Maintainers

Package Meta Information

Total Downloads

NaN

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

Dev Dependencies

Links

Sponsors

Backers

Contributors

Partners

License

10

10

10

10

10

5

5

2

0

0

0

0

5.4

/10