Gathering detailed insights and metrics for vite
Gathering detailed insights and metrics for vite
Gathering detailed insights and metrics for vite
Gathering detailed insights and metrics for vite
npm install vite
Typescript
Module System
Min. Node Version
Node Version
NPM Version
TypeScript (83.22%)
JavaScript (9.82%)
HTML (5.18%)
CSS (1.23%)
Vue (0.14%)
AppleScript (0.11%)
SCSS (0.1%)
Svelte (0.1%)
Less (0.05%)
Stylus (0.02%)
Shell (0.01%)
Pug (0.01%)
Sass (0.01%)
SugarSS (0.01%)
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
MIT License
74,107 Stars
7,932 Commits
6,943 Forks
459 Watchers
42 Branches
1,128 Contributors
Updated on Jul 13, 2025
Latest Version
7.0.4
Package Id
vite@7.0.4
Unpacked Size
2.16 MB
Size
534.79 kB
File Count
39
NPM Version
10.8.2
Node Version
20.19.3
Published on
Jul 10, 2025
Cumulative downloads
Total Downloads
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
11
57
1
Next Generation Frontend Tooling
Vite (French word for "fast", pronounced /vit/
) is a new breed of frontend build tool that significantly improves the frontend development experience. It consists of two major parts:
A dev server that serves your source files over native ES modules, with rich built-in features and astonishingly fast Hot Module Replacement (HMR).
A build command that bundles your code with Rollup, pre-configured to output highly optimized static assets for production.
In addition, Vite is highly extensible via its Plugin API and JavaScript API with full typing support.
8.6/10
Summary
Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service
Affected Versions
>= 3.0.0-alpha.0, < 3.0.0-beta.4
Patched Versions
3.0.0-beta.4
8.6/10
Summary
Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service
Affected Versions
< 2.9.13
Patched Versions
2.9.13
7.5/10
Summary
Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem
Affected Versions
>= 5.0.0, <= 5.0.11
Patched Versions
5.0.12
7.5/10
Summary
Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem
Affected Versions
>= 4.0.0, <= 4.5.1
Patched Versions
4.5.2
0/10
Summary
Vite's server.fs.deny bypassed with /. for files under project root
Affected Versions
<= 4.5.13
Patched Versions
4.5.14
0/10
Summary
Vite's server.fs.deny bypassed with /. for files under project root
Affected Versions
>= 5.0.0, <= 5.4.18
Patched Versions
5.4.19
0/10
Summary
Vite's server.fs.deny bypassed with /. for files under project root
Affected Versions
>= 6.0.0, <= 6.1.5
Patched Versions
6.1.6
0/10
Summary
Vite's server.fs.deny bypassed with /. for files under project root
Affected Versions
>= 6.2.0, <= 6.2.6
Patched Versions
6.2.7
0/10
Summary
Vite's server.fs.deny bypassed with /. for files under project root
Affected Versions
>= 6.3.0, <= 6.3.3
Patched Versions
6.3.4
0/10
Summary
Vite has an `server.fs.deny` bypass with an invalid `request-target`
Affected Versions
< 4.5.13
Patched Versions
4.5.13
0/10
Summary
Vite has an `server.fs.deny` bypass with an invalid `request-target`
Affected Versions
>= 5.0.0, < 5.4.18
Patched Versions
5.4.18
0/10
Summary
Vite has an `server.fs.deny` bypass with an invalid `request-target`
Affected Versions
>= 6.0.0, < 6.0.15
Patched Versions
6.0.15
0/10
Summary
Vite has an `server.fs.deny` bypass with an invalid `request-target`
Affected Versions
>= 6.1.0, < 6.1.5
Patched Versions
6.1.5
0/10
Summary
Vite has an `server.fs.deny` bypass with an invalid `request-target`
Affected Versions
>= 6.2.0, < 6.2.6
Patched Versions
6.2.6
5.3/10
Summary
Vite allows server.fs.deny to be bypassed with .svg or relative paths
Affected Versions
< 4.5.12
Patched Versions
4.5.12
5.3/10
Summary
Vite allows server.fs.deny to be bypassed with .svg or relative paths
Affected Versions
>= 5.0.0, < 5.4.17
Patched Versions
5.4.17
5.3/10
Summary
Vite allows server.fs.deny to be bypassed with .svg or relative paths
Affected Versions
>= 6.0.0, < 6.0.14
Patched Versions
6.0.14
5.3/10
Summary
Vite allows server.fs.deny to be bypassed with .svg or relative paths
Affected Versions
>= 6.1.0, < 6.1.4
Patched Versions
6.1.4
5.3/10
Summary
Vite allows server.fs.deny to be bypassed with .svg or relative paths
Affected Versions
>= 6.2.0, < 6.2.5
Patched Versions
6.2.5
5.3/10
Summary
Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query
Affected Versions
< 4.5.11
Patched Versions
4.5.11
5.3/10
Summary
Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query
Affected Versions
>= 5.0.0, < 5.4.16
Patched Versions
5.4.16
5.3/10
Summary
Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query
Affected Versions
>= 6.0.0, < 6.0.13
Patched Versions
6.0.13
5.3/10
Summary
Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query
Affected Versions
>= 6.1.0, < 6.1.3
Patched Versions
6.1.3
5.3/10
Summary
Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query
Affected Versions
>= 6.2.0, < 6.2.4
Patched Versions
6.2.4
5.3/10
Summary
Vite bypasses server.fs.deny when using ?raw??
Affected Versions
< 4.5.10
Patched Versions
4.5.10
5.3/10
Summary
Vite bypasses server.fs.deny when using ?raw??
Affected Versions
>= 5.0.0, < 5.4.15
Patched Versions
5.4.15
5.3/10
Summary
Vite bypasses server.fs.deny when using ?raw??
Affected Versions
>= 6.0.0, < 6.0.12
Patched Versions
6.0.12
5.3/10
Summary
Vite bypasses server.fs.deny when using ?raw??
Affected Versions
>= 6.1.0, < 6.1.2
Patched Versions
6.1.2
5.3/10
Summary
Vite bypasses server.fs.deny when using ?raw??
Affected Versions
>= 6.2.0, < 6.2.3
Patched Versions
6.2.3
6.5/10
Summary
Websites were able to send any requests to the development server and read the response in vite
Affected Versions
<= 4.5.5
Patched Versions
4.5.6
6.5/10
Summary
Websites were able to send any requests to the development server and read the response in vite
Affected Versions
>= 5.0.0, <= 5.4.11
Patched Versions
5.4.12
6.5/10
Summary
Websites were able to send any requests to the development server and read the response in vite
Affected Versions
>= 6.0.0, <= 6.0.8
Patched Versions
6.0.9
5.3/10
Summary
Vite's `server.fs.deny` is bypassed when using `?import&raw`
Affected Versions
>= 5.0.0, <= 5.1.7
Patched Versions
5.1.8
5.3/10
Summary
Vite's `server.fs.deny` is bypassed when using `?import&raw`
Affected Versions
>= 5.2.0, < 5.2.14
Patched Versions
5.2.14
6.4/10
Summary
Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS
Affected Versions
>= 5.0.0, < 5.1.8
Patched Versions
5.1.8
6.4/10
Summary
Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS
Affected Versions
< 3.2.11
Patched Versions
3.2.11
6.4/10
Summary
Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS
Affected Versions
>= 5.2.0, < 5.2.14
Patched Versions
5.2.14
6.4/10
Summary
Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS
Affected Versions
>= 5.3.0, < 5.3.6
Patched Versions
5.3.6
6.4/10
Summary
Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS
Affected Versions
>= 5.4.0, < 5.4.6
Patched Versions
5.4.6
6.4/10
Summary
Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS
Affected Versions
>= 4.0.0, < 4.5.4
Patched Versions
4.5.4
5.3/10
Summary
Vite's `server.fs.deny` is bypassed when using `?import&raw`
Affected Versions
<= 3.2.10
Patched Versions
3.2.11
5.3/10
Summary
Vite's `server.fs.deny` is bypassed when using `?import&raw`
Affected Versions
>= 4.0.0, <= 4.5.3
Patched Versions
4.5.4
5.3/10
Summary
Vite's `server.fs.deny` is bypassed when using `?import&raw`
Affected Versions
>= 5.3.0, <= 5.3.5
Patched Versions
5.3.6
5.3/10
Summary
Vite's `server.fs.deny` is bypassed when using `?import&raw`
Affected Versions
>= 5.4.0, <= 5.4.5
Patched Versions
5.4.6
5.9/10
Summary
Vite's `server.fs.deny` did not deny requests for patterns with directories.
Affected Versions
>= 5.2.0, <= 5.2.5
Patched Versions
5.2.6
5.9/10
Summary
Vite's `server.fs.deny` did not deny requests for patterns with directories.
Affected Versions
>= 5.1.0, <= 5.1.6
Patched Versions
5.1.7
5.9/10
Summary
Vite's `server.fs.deny` did not deny requests for patterns with directories.
Affected Versions
>= 5.0.0, <= 5.0.12
Patched Versions
5.0.13
5.9/10
Summary
Vite's `server.fs.deny` did not deny requests for patterns with directories.
Affected Versions
>= 4.0.0, <= 4.5.2
Patched Versions
4.5.3
5.9/10
Summary
Vite's `server.fs.deny` did not deny requests for patterns with directories.
Affected Versions
>= 3.0.0, <= 3.2.8
Patched Versions
3.2.10
5.9/10
Summary
Vite's `server.fs.deny` did not deny requests for patterns with directories.
Affected Versions
>= 2.7.0, <= 2.9.17
Patched Versions
2.9.18
Reason
30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
Reason
security policy file detected
Details
Reason
0 existing vulnerabilities detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
Reason
binaries present in source code
Details
Reason
dependency not pinned by hash detected -- score normalized to 6
Details
Reason
Found 14/27 approved changesets -- score normalized to 5
Reason
SAST tool is not run on all commits -- score normalized to 1
Details
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
Score
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More