npmpackage.info

Gathering detailed insights and metrics for vue

Other packages similar to vue

@vue/shared

3.5.13

internal utils shared across @vue packages

@vue/compiler-sfc

3.5.13

@vue/compiler-sfc

@vue/reactivity

3.5.13

@vue/reactivity

@vue/compiler-core

3.5.13

@vue/compiler-core

Gathering detailed insights and metrics for vue

vue - 3.5.13 | npmpackage.info

vue

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

3.5.13

49,479

MIT

TypeScript

44.96 kB

1,159,427,152 6.1

Installations

npm install vue

Developer Guide

BETA

Typescript

Yes

Module System

CommonJS, ESM

Node Version

20.18.0

NPM Version

10.8.2 Score

87.2

Supply Chain

90.9

Quality

87.6

Maintenance

100

Vulnerability

99.6

License

Pull Requests

Open

372

Total

5,198

Closed

1,821

Merged

3,005

Issues

Open

653

Total

5,580

Closed

4,927

Releases

238

v3.5.13

Updated on Nov 15, 2024

v3.5.12

Updated on Oct 11, 2024

v3.5.11

Updated on Oct 03, 2024

v3.5.10

Updated on Sep 27, 2024

v3.5.9

Updated on Sep 26, 2024

v3.5.8

Updated on Sep 22, 2024

View All 238 releases

Languages

TypeScript

JavaScript

HTML

Vue

CSS

TypeScript (96.31%)

JavaScript (1.89%)

HTML (1.29%)

Vue (0.48%)

CSS (0.03%)

Developer

vuejs

Download Statistics

Total Downloads

1,159,427,152

Last Day

286,574

Last Week

6,186,952

Last Month

25,969,692

Last Year

274,426,555

GitHub Statistics

MIT License

49,479 Stars

6,581 Commits

8,574 Forks

758 Watchers

90 Branches

552 Contributors

Updated on Mar 31, 2025

Bundle Size

124.89 kB

Minified

44.96 kB

Minified + Gzipped

Bundlephobia

Maintainers

View All 552 Contributors

Package Meta Information

Latest Version

3.5.13

Package Id

vue@3.5.13

Unpacked Size

2.28 MB

Size

614.98 kB

File Count

NPM Version

10.8.2

Node Version

20.18.0

Published on

Nov 15, 2024

Total Downloads

Cumulative downloads

Total Downloads

1,159,427,152

Last Day

4.6%

286,574

Compared to previous day

Last Week

-2.3%

6,186,952

Compared to previous week

Last Month

-4.8%

25,969,692

Compared to previous month

Last Year

30.3%

274,426,555

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

@vue/shared @vue/runtime-dom @vue/compiler-dom @vue/compiler-sfc @vue/server-renderer

Peer Dependencies

typescript

vue

Which dist file to use?

From CDN or without a Bundler

vue(.runtime).global(.prod).js:
- For direct use via <script src="..."> in the browser. Exposes the Vue global.
- Note that global builds are not UMD builds. They are built as IIFEs and is only meant for direct use via <script src="...">.
- In-browser template compilation:
  - vue.global.js is the "full" build that includes both the compiler and the runtime so it supports compiling templates on the fly.
  - vue.runtime.global.js contains only the runtime and requires templates to be pre-compiled during a build step.
- Inlines all Vue core internal packages - i.e. it's a single file with no dependencies on other files. This means you must import everything from this file and this file only to ensure you are getting the same instance of code.
- Contains hard-coded prod/dev branches, and the prod build is pre-minified. Use the *.prod.js files for production.
vue(.runtime).esm-browser(.prod).js:
- For usage via native ES modules imports (in browser via <script type="module">).
- Shares the same runtime compilation, dependency inlining and hard-coded prod/dev behavior with the global build.

With a Bundler

vue(.runtime).esm-bundler.js:
- For use with bundlers like webpack, rollup and parcel.
- Leaves prod/dev branches with process.env.NODE_ENV guards (must be replaced by bundler)
- Does not ship minified builds (to be done together with the rest of the code after bundling)
- Imports dependencies (e.g. @vue/runtime-core, @vue/compiler-core)
  - Imported dependencies are also esm-bundler builds and will in turn import their dependencies (e.g. @vue/runtime-core imports @vue/reactivity)
  - This means you can install/import these deps individually without ending up with different instances of these dependencies, but you must make sure they all resolve to the same version.
- In-browser template compilation:
  - vue.runtime.esm-bundler.js (default) is runtime only, and requires all templates to be pre-compiled. This is the default entry for bundlers (via module field in package.json) because when using a bundler templates are typically pre-compiled (e.g. in *.vue files).
  - vue.esm-bundler.js: includes the runtime compiler. Use this if you are using a bundler but still want runtime template compilation (e.g. in-DOM templates or templates via inline JavaScript strings). You will need to configure your bundler to alias vue to this file.

Bundler Build Feature Flags

Detailed Reference on vuejs.org

esm-bundler builds of Vue expose global feature flags that can be overwritten at compile time:

__VUE_OPTIONS_API__
- Default: true
- Enable / disable Options API support
__VUE_PROD_DEVTOOLS__
- Default: false
- Enable / disable devtools support in production
__VUE_PROD_HYDRATION_MISMATCH_DETAILS__
- Default: false
- Enable / disable detailed warnings for hydration mismatches in production

The build will work without configuring these flags, however it is strongly recommended to properly configure them in order to get proper tree-shaking in the final bundle.

For Server-Side Rendering

vue.cjs(.prod).js:
- For use in Node.js server-side rendering via require().
- If you bundle your app with webpack with target: 'node' and properly externalize vue, this is the build that will be loaded.
- The dev/prod files are pre-built, but the appropriate file is automatically required based on process.env.NODE_ENV.

Low

3.7/10

Summary

ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function

Affected Versions

>= 2.0.0-alpha.1, < 3.0.0-alpha.0

Patched Versions

3.0.0-alpha.0

10

Maintained

Determines if the project is "actively maintained".

10

Security-Policy

Determines if the project has published a security policy.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

License

Determines if the project has defined a license.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Packaging

Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.

8

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

8

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

3

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/autofix.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/autofix.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/autofix.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/autofix.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/autofix.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/autofix.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/canary-minor.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/canary-minor.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/canary-minor.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/canary-minor.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/canary-minor.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/canary-minor.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/canary.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/canary.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/canary.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/canary.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/canary.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/canary.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/close-cant-reproduce-issues.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/close-cant-reproduce-issues.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ecosystem-ci-trigger.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/ecosystem-ci-trigger.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ecosystem-ci-trigger.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/ecosystem-ci-trigger.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ecosystem-ci-trigger.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/ecosystem-ci-trigger.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/lock-closed-issues.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/lock-closed-issues.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/size-data.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/size-data.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/size-data.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/size-data.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/size-data.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/size-data.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/size-data.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/size-data.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/size-report.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/size-report.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/size-report.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/size-report.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/size-report.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/size-report.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/size-report.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/size-report.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/size-report.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/size-report.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/size-report.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/size-report.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/size-report.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/size-report.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/size-report.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/size-report.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/size-report.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/size-report.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/test.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/test.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/test.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/test.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/vuejs/core/test.yml/main?enable=pin
Info: 0 out of 27 GitHub-owned GitHubAction dependencies pinned
Info: 1 out of 21 third-party GitHubAction dependencies pinned

0

Fuzzing

Determines if the project uses fuzzing.

0

SAST

Determines if the project uses static code analysis.

Score

6.1

/10

Last Scanned on 2025-03-24

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More