Fork of Vue 2.7.16 with patched CVE-2024-9506 (ReDoS vulnerability in
parseHTML).
This package is maintained independently from the Vue core team and is intended for use in environments where Vue 2 is still required but must meet security compliance standards.
This fork includes a test to verify the patch for CVE-2024-9506, a ReDoS vulnerability in Vue's parseHTML function.
Running the test:
pnpm test:patchThis test runs a deliberately malformed HTML payload through Vue.compile() using:
- Vue 2.7.16 from CDN (unpatched)
- Local patched build
It measures the compile time and prints a warning and result:
If the parse takes more than 1000ms, the version is considered vulnerable.
The patched version should return in ~20ms and display as not vulnerable.
You are looking at the now inactive repository for Vue 2. The actively maintained repository for the latest version of Vue is vuejs/core.
Vue has reached End of Life on December 31st, 2023. It no longer receives new features, updates, or fixes. However, it is still available on all existing distribution channels (CDNs, package managers, Github, etc).
If you are starting a new project, please start with the latest version of Vue (3.x). We also strongly recommend current Vue 2 users to upgrade (guide), but we also acknowledge that not all users have the bandwidth or incentive to do so. If you have to stay on Vue 2 but also have compliance or security requirements about unmaintained software, check out Vue 2 NES.
Vue.js is an MIT-licensed open source project with its ongoing development made possible entirely by the support of these awesome backers. If you'd like to join them, please consider sponsor Vue's development.
Vue (pronounced /vjuː/, like view) is a progressive framework for building user interfaces. It is designed from the ground up to be incrementally adoptable, and can easily scale between a library and a framework depending on different use cases. It consists of an approachable core library that focuses on the view layer only, and an ecosystem of supporting libraries that helps you tackle complexity in large Single-Page Applications.
Vue.js supports all browsers that are ES5-compliant (IE8 and below are not supported).
| Project | Status | Description |
|---|---|---|
| vue-router |  |
Single-page application routing |
| vuex |  |
Large-scale state management |
| vue-cli |  |
Project scaffolding |
| vue-loader |  |
Single File Component (*.vue file) loader for webpack |
| vue-server-renderer |  |
Server-side rendering support |
| vue-class-component |  |
TypeScript decorator for a class-based API |
| vue-rx |  |
RxJS integration |
| vue-devtools |  |
Browser DevTools extension |
To check out live examples and docs, visit vuejs.org.
For questions and support please use the official forum or community chat. The issue list of this repo is exclusively for bug reports and feature requests.
Please make sure to read the Issue Reporting Checklist before opening an issue. Issues not conforming to the guidelines may be closed immediately.
Detailed changes for each release are documented in the release notes.
Please make sure to read the Contributing Guide before making a pull request. If you have a Vue-related project/component/tool, add it with a pull request to this curated list!
Thank you to all the people who already contributed to Vue!
Copyright (c) 2013-present, Yuxi (Evan) You