Gathering detailed insights and metrics for nuxt
Gathering detailed insights and metrics for nuxt
Installations
npm install nuxtDeveloper Guide
BETA
Typescript
Yes
Module System
ESM
Min. Node Version
^20.9.0 || >=22.0.0
Node Version
22.16.0
NPM Version
10.9.2
Score
63.7
Supply Chain
62.6
Quality
94.4
Maintenance
100
Vulnerability
93.4
License
Releases
248
Languages
6
TypeScript
JavaScript
HTML
Vue
Shell
Dockerfile
TypeScript (95.36%)
JavaScript (1.82%)
HTML (1.65%)
Vue (0.96%)
Shell (0.18%)
Dockerfile (0.03%)
Developer
Download Statistics
Total Downloads
140,486,698
Last Day
40,811
Last Week
809,888
Last Month
3,447,932
Last Year
39,681,370
GitHub Statistics
MIT License
57,496 Stars
7,891 Commits
5,285 Forks
788 Watchers
64 Branches
860 Contributors
Updated on Jul 06, 2025
Maintainers
4
Package Meta Information
Latest Version
3.17.6
Package Id
nuxt@3.17.6
Unpacked Size
811.53 kB
Size
182.80 kB
File Count
265
NPM Version
10.9.2
Node Version
22.16.0
Published on
Jul 01, 2025
Total Downloads
Cumulative downloads
Total Downloads
140,486,698
Last Day
0.5%
40,811
Compared to previous day
Last Week
-6.1%
809,888
Compared to previous week
Last Month
1.7%
3,447,932
Compared to previous month
Last Year
34.2%
39,681,370
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
61
@nuxt/cli@nuxt/devalue@nuxt/devtools@nuxt/telemetry@unhead/vue@vue/sharedc12chokidarcompatxconsolacookie-esdefudestrdevalueerrxesbuildescape-string-regexpestree-walkerexsolveh3hookableignoreimpoundjitiklonaknitworkmagic-stringmllymocked-exportsnanotarnitropacknypmofetchohashon-changeoxc-parserpatheperfect-debouncepkg-typesradix3sculesemverstd-envstrip-literaltinyglobbyufoultrahtmluncryptounctxunimportunpluginunplugin-vue-routerunstorageuntypedvuevue-bundle-renderervue-devtools-stubvue-router@nuxt/kit@nuxt/vite-builder@nuxt/schema
Peer Dependencies
2
Nuxt
Nuxt is a free and open-source framework with an intuitive and extendable way to create type-safe, performant and production-grade full-stack web applications and websites with Vue.js.
It provides a number of features that make it easy to build fast, SEO-friendly, and scalable web applications, including:
- Server-side rendering, Static Site Generation, Hybrid Rendering and Edge-Side Rendering
- Automatic routing with code-splitting and pre-fetching
- Data fetching and state management
- SEO Optimization and Meta tags definition
- Auto imports of components, composables and utils
- TypeScript with zero configuration
- Go fullstack with our server/ directory
- Extensible with 200+ modules
- Deployment to a variety of hosting platforms
- ...and much more 🚀
Table of Contents
- 🚀 Getting Started
- 💻 Vue Development
- 📖 Documentation
- 🧩 Modules
- ❤️ Contribute
- 🏠 Local Development
- 🛟 Professional Support
- 🔗 Follow Us
- ⚖️ License
🚀 Getting Started
Use the following command to create a new starter project. This will create a starter project with all the necessary files and dependencies:
1npm create nuxt <my-project>
[!TIP] Discover also nuxt.new: Open a Nuxt starter on CodeSandbox, StackBlitz or locally to get up and running in a few seconds.
💻 Vue Development
Simple, intuitive and powerful, Nuxt lets you write Vue components in a way that makes sense. Every repetitive task is automated, so you can focus on writing your full-stack Vue application with confidence.
Example of an app.vue:
1<script setup lang="ts"> 2useSeoMeta({ 3 title: 'Meet Nuxt', 4 description: 'The Intuitive Vue Framework.' 5}) 6</script> 7 8<template> 9 <div id="app"> 10 <AppHeader /> 11 <NuxtPage /> 12 <AppFooter /> 13 </div> 14</template> 15 16<style scoped> 17#app { 18 background-color: #020420; 19 color: #00DC82; 20} 21</style>
📖 Documentation
We highly recommend you take a look at the Nuxt documentation to level up. It’s a great resource for learning more about the framework. It covers everything from getting started to advanced topics.
🧩 Modules
Discover our list of modules to supercharge your Nuxt project, created by the Nuxt team and community.
❤️ Contribute
We invite you to contribute and help improve Nuxt 💚
Here are a few ways you can get involved:
- Reporting Bugs: If you come across any bugs or issues, please check out the reporting bugs guide to learn how to submit a bug report.
- Suggestions: Have ideas to enhance Nuxt? We'd love to hear them! Check out the contribution guide to share your suggestions.
- Questions: If you have questions or need assistance, the getting help guide provides resources to help you out.
🏠 Local Development
Follow the docs to Set Up Your Local Development Environment to contribute to the framework and documentation.
🛟 Professional Support
- Technical audit & consulting: Nuxt Experts
- Custom development & more: Nuxt Agencies Partners
🔗 Follow Us
⚖️ License
Critical
8.8/10
Summary
Nuxt vulnerable to remote code execution via the browser when running the test locally
Affected Versions
>= 3.4.0, < 3.12.4
Patched Versions
3.12.4
Critical
8.1/10
Summary
nuxt Code Injection vulnerability
Affected Versions
>= 3.4.0, < 3.4.3
Patched Versions
3.4.3
High
7.5/10
Summary
Nuxt allows DOS via cache poisoning with payload rendering response
Affected Versions
>= 3.0.0, < 3.16.0
Patched Versions
3.16.0
Moderate
6.3/10
Summary
nuxt vulnerable to Cross-site Scripting in navigateTo if used after SSR
Affected Versions
< 3.12.4
Patched Versions
3.12.4
Reason
30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
Reason
update tool detected
Details
- Info: detected update tool: RenovateBot: renovate.json:1
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
GitHub workflow tokens follow principle of least privilege
Details
- Warn: jobLevel 'actions' permission set to 'write': .github/workflows/cache-cleanup.yml:17
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/cache-cleanup.yml:18
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/changelog.yml:22
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/ci.yml:76
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/ci.yml:75
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:20
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/scorecards.yml:29
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/scorecards.yml:30
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/semantic-pull-requests.yml:15
- Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/semantic-pull-requests.yml:16
- Warn: jobLevel 'statuses' permission set to 'write': .github/workflows/semantic-pull-requests.yml:17
- Info: topLevel 'contents' permission set to 'read': .github/workflows/autofix-docs.yml:13
- Info: topLevel 'contents' permission set to 'read': .github/workflows/autofix.yml:9
- Info: found token with 'none' permissions: .github/workflows/cache-cleanup.yml:1
- Info: found token with 'none' permissions: .github/workflows/changelog.yml:1
- Info: found token with 'none' permissions: .github/workflows/ci.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/dependency-review.yml:15
- Info: found token with 'none' permissions: .github/workflows/docs-check-links.yml:1
- Info: found token with 'none' permissions: .github/workflows/docs-deploy.yml:1
- Info: found token with 'none' permissions: .github/workflows/docs.yml:1
- Info: found token with 'none' permissions: .github/workflows/label-pr.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/lint-monorepo.yml:22
- Info: topLevel 'contents' permission set to 'read': .github/workflows/lint-workflows.yml:20
- Info: found token with 'none' permissions: .github/workflows/notify-nuxt-bridge.yml:1
- Info: found token with 'none' permissions: .github/workflows/notify-nuxt-website.yml:1
- Info: found token with 'none' permissions: .github/workflows/release.yml:1
- Info: topLevel permissions set to 'read-all': .github/workflows/scorecards.yml:18
- Info: found token with 'none' permissions: .github/workflows/semantic-pull-requests.yml:1
Reason
all dependencies are pinned
Details
- Info: 57 out of 57 GitHub-owned GitHubAction dependencies pinned
- Info: 28 out of 28 third-party GitHubAction dependencies pinned
- Info: 1 out of 1 containerImage dependencies pinned
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
25 out of 25 merged PRs checked by a CI test -- score normalized to 10
Reason
project has 76 contributing companies or organizations
Details
- Info: found contributions from: D2Arsenal, DescendantGG, Developmint, GitHub-Stars, HelloAsso, HubSpot, JabRef, Lottomerkury, Strawbei, Tresjs, WinterTC55, Zettlr, albionstatus, alibaba-aero, antfu-collective, antfu-sponsors, benevolt, bootstrap-vue, chibivue-land, codecember-ink, ecosystem-ci, elk-zone, esbuild-kit, eslint-stylistic, fse-employability, github-beta, gridsome, gubutler, h3js, helloasso, intlify, jabama-co, javascript-compiler-hints, knightlyjs, krutie patel, leetchi, lottomerkury sp. z o.o., mash-up, masters-info-nantes, mdit-vue, myself, nitrojs, nuxt, nuxt-community, nuxt-contrib, nuxt-modules, nuxtjs, nuxtlabs, oxc-project, passionatepeople, shikijs, singularit-de, slidevjs, tastejs, tsperf, twoslashes, type-challenges, unjs, unjs . @nitrojs . @h3js . @nuxt, unocss, unplugin, vite-pwa, vitejs, vitest-dev, voidzero-dev, vue-reactivity, vue-terminal, vuejs, vuejs @vueuse, vuejs-jp, vuetifyjs, vueuse, we-dance, webfansplz-sponsors, wenyan-lang, windicss
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 22 commits out of 25 are checked with a SAST tool
Reason
1 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
Reason
branch protection is not maximal on development and all release branches
Details
- Info: 'allow deletion' disabled on branch 'main'
- Info: 'allow deletion' disabled on branch '3.x'
- Info: 'force pushes' disabled on branch 'main'
- Info: 'force pushes' disabled on branch '3.x'
- Warn: 'branch protection settings apply to administrators' is disabled on branch 'main'
- Warn: 'branch protection settings apply to administrators' is disabled on branch '3.x'
- Warn: 'stale review dismissal' is disabled on branch 'main'
- Warn: 'stale review dismissal' is disabled on branch '3.x'
- Warn: required approving review count is 1 on branch 'main'
- Warn: required approving review count is 1 on branch '3.x'
- Info: codeowner review is required on branch 'main'
- Info: codeowner review is required on branch '3.x'
- Info: 'last push approval' is required to merge on branch 'main'
- Info: 'last push approval' is required to merge on branch '3.x'
- Warn: 'up-to-date branches' is disabled on branch 'main'
- Warn: 'up-to-date branches' is disabled on branch '3.x'
- Info: status check found to merge onto on branch 'main'
- Info: status check found to merge onto on branch '3.x'
- Info: PRs are required in order to make changes on branch 'main'
- Info: PRs are required in order to make changes on branch '3.x'
Reason
Found 10/24 approved changesets -- score normalized to 4
Reason
badge detected: InProgress
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Score
8.2
/10
Last Scanned on 2025-07-02T21:52:15Z
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More