Gathering detailed insights and metrics for nuxt
Gathering detailed insights and metrics for nuxt
Installations
npm install nuxtDeveloper Guide
BETA
Typescript
Yes
Module System
ESM
Min. Node Version
^20.19.0 || >=22.12.0
Node Version
22.17.0
NPM Version
10.9.2
Releases
251
Languages
6
TypeScript
JavaScript
HTML
Vue
Shell
Dockerfile
TypeScript (95.38%)
JavaScript (1.82%)
HTML (1.64%)
Vue (0.96%)
Shell (0.18%)
Dockerfile (0.03%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
57,680 Stars
7,951 Commits
5,310 Forks
791 Watchers
64 Branches
866 Contributors
Updated on Jul 19, 2025
Maintainers
4
Package Meta Information
Latest Version
4.0.0
Package Id
nuxt@4.0.0
Unpacked Size
729.56 kB
Size
172.41 kB
File Count
259
NPM Version
10.9.2
Node Version
22.17.0
Published on
Jul 15, 2025
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
64
@nuxt/cli@nuxt/devalue@nuxt/devtools@nuxt/telemetry@unhead/vue@vue/sharedc12chokidarcompatxconsolacookie-esdefudestrdevalueerrxesbuildescape-string-regexpestree-walkerexsolveh3hookableignoreimpoundjitiklonaknitworkmagic-stringmllymocked-exportsnanotarnitropacknypmofetchohashon-changeoxc-minifyoxc-parseroxc-transformoxc-walkerpatheperfect-debouncepkg-typesradix3sculesemverstd-envstrip-literaltinyglobbyufoultrahtmluncryptounctxunimportunpluginunplugin-vue-routerunstorageuntypedvuevue-bundle-renderervue-devtools-stubvue-router@nuxt/kit@nuxt/vite-builder@nuxt/schema
Peer Dependencies
2
Nuxt
Nuxt is a free and open-source framework with an intuitive and extendable way to create type-safe, performant and production-grade full-stack web applications and websites with Vue.js.
It provides a number of features that make it easy to build fast, SEO-friendly, and scalable web applications, including:
- Server-side rendering, Static Site Generation, Hybrid Rendering and Edge-Side Rendering
- Automatic routing with code-splitting and pre-fetching
- Data fetching and state management
- SEO Optimization and Meta tags definition
- Auto imports of components, composables and utils
- TypeScript with zero configuration
- Go fullstack with our server/ directory
- Extensible with 200+ modules
- Deployment to a variety of hosting platforms
- ...and much more 🚀
Table of Contents
- 🚀 Getting Started
- 💻 Vue Development
- 📖 Documentation
- 🧩 Modules
- ❤️ Contribute
- 🏠 Local Development
- 🛟 Professional Support
- 🔗 Follow Us
- ⚖️ License
🚀 Getting Started
Use the following command to create a new starter project. This will create a starter project with all the necessary files and dependencies:
1npm create nuxt <my-project>
[!TIP] Discover also nuxt.new: Open a Nuxt starter on CodeSandbox, StackBlitz or locally to get up and running in a few seconds.
💻 Vue Development
Simple, intuitive and powerful, Nuxt lets you write Vue components in a way that makes sense. Every repetitive task is automated, so you can focus on writing your full-stack Vue application with confidence.
Example of an app.vue:
1<script setup lang="ts"> 2useSeoMeta({ 3 title: 'Meet Nuxt', 4 description: 'The Intuitive Vue Framework.' 5}) 6</script> 7 8<template> 9 <div id="app"> 10 <AppHeader /> 11 <NuxtPage /> 12 <AppFooter /> 13 </div> 14</template> 15 16<style scoped> 17#app { 18 background-color: #020420; 19 color: #00DC82; 20} 21</style>
📖 Documentation
We highly recommend you take a look at the Nuxt documentation to level up. It’s a great resource for learning more about the framework. It covers everything from getting started to advanced topics.
🧩 Modules
Discover our list of modules to supercharge your Nuxt project, created by the Nuxt team and community.
❤️ Contribute
We invite you to contribute and help improve Nuxt 💚
Here are a few ways you can get involved:
- Reporting Bugs: If you come across any bugs or issues, please check out the reporting bugs guide to learn how to submit a bug report.
- Suggestions: Have ideas to enhance Nuxt? We'd love to hear them! Check out the contribution guide to share your suggestions.
- Questions: If you have questions or need assistance, the getting help guide provides resources to help you out.
🏠 Local Development
Follow the docs to Set Up Your Local Development Environment to contribute to the framework and documentation.
🛟 Professional Support
- Technical audit & consulting: Nuxt Experts
- Custom development & more: Nuxt Agencies Partners
🔗 Follow Us
⚖️ License
Critical
8.8/10
Summary
Nuxt vulnerable to remote code execution via the browser when running the test locally
Affected Versions
>= 3.4.0, < 3.12.4
Patched Versions
3.12.4
Critical
8.1/10
Summary
nuxt Code Injection vulnerability
Affected Versions
>= 3.4.0, < 3.4.3
Patched Versions
3.4.3
High
7.5/10
Summary
Nuxt allows DOS via cache poisoning with payload rendering response
Affected Versions
>= 3.0.0, < 3.16.0
Patched Versions
3.16.0
Moderate
6.3/10
Summary
nuxt vulnerable to Cross-site Scripting in navigateTo if used after SSR
Affected Versions
< 3.12.4
Patched Versions
3.12.4
Reason
30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
update tool detected
Details
- Info: detected update tool: RenovateBot: renovate.json:1
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
GitHub workflow tokens follow principle of least privilege
Details
- Warn: jobLevel 'actions' permission set to 'write': .github/workflows/cache-cleanup.yml:17
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/cache-cleanup.yml:18
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/changelog.yml:22
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/ci.yml:75
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/ci.yml:76
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:20
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/scorecards.yml:29
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/scorecards.yml:30
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/semantic-pull-requests.yml:15
- Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/semantic-pull-requests.yml:16
- Warn: jobLevel 'statuses' permission set to 'write': .github/workflows/semantic-pull-requests.yml:17
- Info: topLevel 'contents' permission set to 'read': .github/workflows/autofix-docs.yml:13
- Info: topLevel 'contents' permission set to 'read': .github/workflows/autofix.yml:9
- Info: found token with 'none' permissions: .github/workflows/cache-cleanup.yml:1
- Info: found token with 'none' permissions: .github/workflows/changelog.yml:1
- Info: found token with 'none' permissions: .github/workflows/ci.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/dependency-review.yml:15
- Info: found token with 'none' permissions: .github/workflows/docs-check-links.yml:1
- Info: found token with 'none' permissions: .github/workflows/docs-deploy.yml:1
- Info: found token with 'none' permissions: .github/workflows/docs.yml:1
- Info: found token with 'none' permissions: .github/workflows/label-pr.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/lint-monorepo.yml:22
- Info: topLevel 'contents' permission set to 'read': .github/workflows/lint-workflows.yml:20
- Info: found token with 'none' permissions: .github/workflows/notify-nuxt-bridge.yml:1
- Info: found token with 'none' permissions: .github/workflows/notify-nuxt-website.yml:1
- Info: found token with 'none' permissions: .github/workflows/release.yml:1
- Info: topLevel permissions set to 'read-all': .github/workflows/scorecards.yml:18
- Info: found token with 'none' permissions: .github/workflows/semantic-pull-requests.yml:1
Reason
all dependencies are pinned
Details
- Info: 57 out of 57 GitHub-owned GitHubAction dependencies pinned
- Info: 28 out of 28 third-party GitHubAction dependencies pinned
- Info: 1 out of 1 containerImage dependencies pinned
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
21 out of 21 merged PRs checked by a CI test -- score normalized to 10
Reason
project has 76 contributing companies or organizations
Details
- Info: found contributions from: D2Arsenal, DescendantGG, Developmint, GitHub-Stars, HelloAsso, HubSpot, JabRef, Lottomerkury, Strawbei, Tresjs, WinterTC55, Zettlr, albionstatus, alibaba-aero, antfu-collective, antfu-sponsors, benevolt, bootstrap-vue, chibivue-land, codecember-ink, ecosystem-ci, elk-zone, esbuild-kit, eslint-stylistic, fse-employability, github-beta, gridsome, gubutler, h3js, helloasso, intlify, jabama-co, javascript-compiler-hints, knightlyjs, krutie patel, leetchi, lottomerkury sp. z o.o., mash-up, masters-info-nantes, mdit-vue, myself, nitrojs, nuxt, nuxt-community, nuxt-contrib, nuxt-modules, nuxtjs, nuxtlabs, oxc-project, passionatepeople, shikijs, singularit-de, slidevjs, tastejs, tsperf, twoslashes, type-challenges, unjs, unjs . @nitrojs . @h3js . @nuxt, unocss, unplugin, vite-pwa, vitejs, vitest-dev, voidzero-dev, vue-reactivity, vue-terminal, vuejs, vuejs @vitejs @vueuse, vuejs-jp, vuetifyjs, vueuse, we-dance, webfansplz-sponsors, wenyan-lang, windicss
Reason
1 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-xffm-g5w8-qvg7
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 12 commits out of 21 are checked with a SAST tool
Reason
Found 14/27 approved changesets -- score normalized to 5
Reason
branch protection is not maximal on development and all release branches
Details
- Info: 'allow deletion' disabled on branch 'main'
- Info: 'allow deletion' disabled on branch '3.x'
- Info: 'force pushes' disabled on branch 'main'
- Info: 'force pushes' disabled on branch '3.x'
- Warn: 'branch protection settings apply to administrators' is disabled on branch 'main'
- Warn: 'branch protection settings apply to administrators' is disabled on branch '3.x'
- Warn: 'stale review dismissal' is disabled on branch 'main'
- Warn: 'stale review dismissal' is disabled on branch '3.x'
- Warn: required approving review count is 1 on branch 'main'
- Warn: required approving review count is 1 on branch '3.x'
- Info: codeowner review is required on branch 'main'
- Info: codeowner review is required on branch '3.x'
- Info: 'last push approval' is required to merge on branch 'main'
- Info: 'last push approval' is required to merge on branch '3.x'
- Warn: 'up-to-date branches' is disabled on branch 'main'
- Warn: 'up-to-date branches' is disabled on branch '3.x'
- Info: status check found to merge onto on branch 'main'
- Info: status check found to merge onto on branch '3.x'
- Info: PRs are required in order to make changes on branch 'main'
- Info: PRs are required in order to make changes on branch '3.x'
Reason
badge detected: InProgress
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Score
8.2
/10
Last Scanned on 2025-07-18T21:09:25Z
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More