npmpackage.info

vue-loader

📦 Webpack loader for Vue.js components

17.4.2

4,990

MIT

TypeScript

711,372,076 2.7

Installations

npm install vue-loader

Score

57.3

Supply Chain

70.7

Quality

79.7

Maintenance

100

Vulnerability

99.6

License

Pull Requests

Open

44

Total

575

Closed

136

Merged

395

Issues

Open

184

Total

1,481

Closed

1,297

Releases

140

v17.3.1

Published on 31 Oct 2023

v15.11.1

Published on 18 Oct 2023

v15.11.0

Published on 18 Oct 2023

v17.3.0

Published on 07 Oct 2023

v15.10.2

Published on 23 Aug 2023

v17.2.2

Published on 02 Jun 2023

View all 140 releases

Developer

vuejs

Developer Guide

BETA

Module System

CommonJS

Min. Node Version

Typescript Support

Yes

Node Version

16.20.0

NPM Version

8.19.4 Statistics

4,990 Stars

254 Commits

915 Forks

114 Watching

14 Branches

86 Contributors

Updated on 25 Nov 2024

Languages

TypeScript (91.35%)

JavaScript (6.67%)

Vue (1.87%)

HTML (0.1%)

Total Downloads

Cumulative downloads

Total Downloads

711,372,076

Last day

-5.9%

505,493

Compared to previous day

Last week

-0.3%

2,566,507

Compared to previous week

Last month

15.4%

10,925,327

Compared to previous month

Last year

-16.1%

126,966,613

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Versions

vue-loader

webpack loader for Vue Single-File Components

Documentation

v17.2.1+ Only Options

experimentalInlineMatchResource: boolean: enable Inline matchResource for rule matching for vue-loader.

v16+ Only Options

reactivityTransform: boolean: enable Vue Reactivity Transform (SFCs only).
~~refSugar: boolean: removed. use reactivityTransform instead.~~
customElement: boolean | RegExp: enable custom elements mode. An SFC loaded in custom elements mode inlines its <style> tags as strings under the component's styles option. When used with defineCustomElement from Vue core, the styles will be injected into the custom element's shadow root.
- Default is /\.ce\.vue$/
- Setting to true will process all .vue files in custom element mode.
enableTsInTemplate: boolean (16.8+): allow TS expressions in templates when <script> has lang="ts". Defaults to true.
- When used with ts-loader, due to ts-loader's cache invalidation behavior, it sometimes prevents the template from being hot-reloaded in isolation, causing the component to reload despite only the template being edited. If this is annoying, you can set this option to false (and avoid using TS expressions in templates).
- Alternatively, leave this option on (by default) and use esbuild-loader to transpile TS instead, which doesn't suffer from this problem (it's also a lot faster). However, do note you will need to rely on TS type checking from other sources (e.g. IDE or vue-tsc).

What is Vue Loader?

vue-loader is a loader for webpack that allows you to author Vue components in a format called Single-File Components (SFCs):

1<template>
2  <div class="example">{{ msg }}</div>
3</template>
4
5<script>
6export default {
7  data() {
8    return {
9      msg: 'Hello world!',
10    }
11  },
12}
13</script>
14
15<style>
16.example {
17  color: red;
18}
19</style>

There are many cool features provided by vue-loader:

Allows using other webpack loaders for each part of a Vue component, for example Sass for <style> and Pug for <template>;
Allows custom blocks in a .vue file that can have custom loader chains applied to them;
Treat static assets referenced in <style> and <template> as module dependencies and handle them with webpack loaders;
Simulate scoped CSS for each component;
State-preserving hot-reloading during development.

In a nutshell, the combination of webpack and vue-loader gives you a modern, flexible and extremely powerful front-end workflow for authoring Vue.js applications.

How It Works

The following section is for maintainers and contributors who are interested in the internal implementation details of vue-loader, and is not required knowledge for end users.

vue-loader is not a simple source transform loader. It handles each language blocks inside an SFC with its own dedicated loader chain (you can think of each block as a "virtual module"), and finally assembles the blocks together into the final module. Here's a brief overview of how the whole thing works:

vue-loader parses the SFC source code into an SFC Descriptor using @vue/compiler-sfc. It then generates an import for each language block so the actual returned module code looks like this:

1// code returned from the main loader for 'source.vue'
2
3// import the <template> block
4import render from 'source.vue?vue&type=template'
5// import the <script> block
6import script from 'source.vue?vue&type=script'
7export * from 'source.vue?vue&type=script'
8// import <style> blocks
9import 'source.vue?vue&type=style&index=1'
10
11script.render = render
12export default script

Notice how the code is importing source.vue itself, but with different request queries for each block.

We want the content in script block to be treated like .js files (and if it's <script lang="ts">, we want to to be treated like .ts files). Same for other language blocks. So we want webpack to apply any configured module rules that matches .js also to requests that look like source.vue?vue&type=script. This is what VueLoaderPlugin (src/plugins.ts) does: for each module rule in the webpack config, it creates a modified clone that targets corresponding Vue language block requests.

Suppose we have configured babel-loader for all *.js files. That rule will be cloned and applied to Vue SFC <script> blocks as well. Internally to webpack, a request like
```
1import script from 'source.vue?vue&type=script'
```
Will expand to:
```
1import script from 'babel-loader!vue-loader!source.vue?vue&type=script'
```
Notice the vue-loader is also matched because vue-loader are applied to .vue files.

Similarly, if you have configured style-loader + css-loader + sass-loader for *.scss files:
```
1<style scoped lang="scss">
```
Will be returned by vue-loader as:
```
1import 'source.vue?vue&type=style&index=1&scoped&lang=scss'
```
And webpack will expand it to:
```
1import 'style-loader!css-loader!sass-loader!vue-loader!source.vue?vue&type=style&index=1&scoped&lang=scss'
```
When processing the expanded requests, the main vue-loader will get invoked again. This time though, the loader notices that the request has queries and is targeting a specific block only. So it selects (src/select.ts) the inner content of the target block and passes it on to the loaders matched after it.
For the <script> block, this is pretty much it. For <template> and <style> blocks though, a few extra tasks need to be performed:
- We need to compile the template using the Vue template compiler;
- We need to post-process the CSS in <style scoped> blocks, after css-loader but before style-loader.
Technically, these are additional loaders (src/templateLoader.ts and src/stylePostLoader.ts) that need to be injected into the expanded loader chain. It would be very complicated if the end users have to configure this themselves, so VueLoaderPlugin also injects a global Pitching Loader (src/pitcher.ts) that intercepts Vue <template> and <style> requests and injects the necessary loaders. The final requests look like the following:
```
1// <template lang="pug">
2import 'vue-loader/template-loader!pug-loader!source.vue?vue&type=template'
3
4// <style scoped lang="scss">
5import 'style-loader!vue-loader/style-post-loader!css-loader!sass-loader!vue-loader!source.vue?vue&type=style&index=1&scoped&lang=scss'
```

No vulnerabilities found.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

2

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Maintained

Determines if the project is "actively maintained".

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Security-Policy

Determines if the project has published a security policy.

0

Fuzzing

Determines if the project uses fuzzing.

0

SAST

Determines if the project uses static code analysis.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Reason

63 existing vulnerabilities detected

Details

Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
Warn: Project is vulnerable to: GHSA-x9w5-v3q2-3rhw
Warn: Project is vulnerable to: GHSA-w8qv-6jwh-64r5
Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
Warn: Project is vulnerable to: GHSA-r9p9-mrjm-926w
Warn: Project is vulnerable to: GHSA-434g-2637-qmqr
Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m
Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw
Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p
Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747
Warn: Project is vulnerable to: GHSA-74fj-2j2h-c42q
Warn: Project is vulnerable to: GHSA-pw2r-vq6v-hr8c
Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
Warn: Project is vulnerable to: GHSA-ww39-953v-wcq6
Warn: Project is vulnerable to: GHSA-765h-qjxv-5f44
Warn: Project is vulnerable to: GHSA-f2jv-r9rf-7988
Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq
Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488
Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g
Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
Warn: Project is vulnerable to: GHSA-5v2h-r2cx-5xgj
Warn: Project is vulnerable to: GHSA-rrrm-qjm4-v8hf
Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Warn: Project is vulnerable to: GHSA-5rrq-pxf6-6jx5
Warn: Project is vulnerable to: GHSA-8fr3-hfg3-gpgp
Warn: Project is vulnerable to: GHSA-gf8q-jrpm-jvxq
Warn: Project is vulnerable to: GHSA-2r2c-g63r-vccr
Warn: Project is vulnerable to: GHSA-cfm4-qjh2-4765
Warn: Project is vulnerable to: GHSA-x4jg-mjrx-434g
Warn: Project is vulnerable to: GHSA-5fw9-fq32-wv5p
Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr
Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
Warn: Project is vulnerable to: GHSA-566m-qj78-rww5
Warn: Project is vulnerable to: GHSA-hwj9-h5mp-3pm3
Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
Warn: Project is vulnerable to: GHSA-p493-635q-r6gr
Warn: Project is vulnerable to: GHSA-3965-hpx2-q597
Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Warn: Project is vulnerable to: GHSA-4rq4-32rv-6wp6
Warn: Project is vulnerable to: GHSA-64g7-mvw6-v9qj
Warn: Project is vulnerable to: GHSA-vx3p-948g-6vhq
Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc
Warn: Project is vulnerable to: GHSA-jgrx-mgxx-jf9v
Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
Warn: Project is vulnerable to: GHSA-38fc-wpqx-33j7
Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Warn: Project is vulnerable to: GHSA-6fc8-4gx4-v693
Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh

Score

2.7

/10

Last Scanned on 2024-11-18

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

Other packages similar to vue-loader

vue-ts-loader

0.0.3

TypeScript loader for vue-loader

vux-loader

1.2.9

extended loader for vue-loader

@esm.sh/vue-loader

1.0.3

A `.vue` loader for esm.sh services.

vue-webpack-gettext

0.3.4

Extract and compile translations with vue-gettext and vue-loader, i.e. for .vue files with <template lang='pug'></template>

vue-loader

Installations

Score

Pull Requests

44

575

136

395

Issues

184

1,481

1,297

Releases

Developer

vuejs

Developer Guide

CommonJS

Yes

16.20.0

8.19.4

Statistics

Languages

Total Downloads

711,372,076

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

Peer Dependencies

Dev Dependencies

vue-loader

v17.2.1+ Only Options

v16+ Only Options

What is Vue Loader?

How It Works

10

10

10

2

0

0

0

0

0

0

0

0

0

2.7

/10

Other packages similar to vue-loader