GHSA-97m3-w2cp-4xx6
vue-cli
GHSA-97m3-w2cp-4xx6 | vue-cli | |
---|---|---|
13 | 87 | |
- | 29,756 | |
- | -0.0% | |
- | 0.0 | |
- | about 2 months ago | |
JavaScript | ||
- | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
GHSA-97m3-w2cp-4xx6
-
Selecting the Right Dependencies: A Comprehensive Practical Guide
How safe is it to use? It may sound like fiction, but yes, dependencies can be dangerous. For example, an interesting feature was added to a library with 500k downloads: it tries to replace all files on the computer with ❤️ if your IP address falls within a specific range.
- Embedded Malicious Code in node-ipc
- Open Source Maintainer Sabotages Code to Wipe Russian, Belarusian Computers
-
With the recent scandal over the 'node-ipc' package, is Composer also vulnerable like this? Is there any security measure in the Composer to prevent this type of attack?
Source: CVE-2022-23812
- CVE-2022-23812 - mbedded Malicious Code in node-ipc - The package node-ipc versions 10.1.1 and 10.1.2 are vulnerable to embedded malicious code that was introduced by the maintainer. The malicious code was intended to overwrite arbitrary files on Russian systems
- My entire PC got wiped Do not download
- NPM supply chain attack - Wipes your disk if you have a Russian/Byelorussian IP
-
Ukraine Invasion Megathread #3
I have not audited the malicious code myself, so you might be right, I'm going by the CVE reports that say it does this to arbitrary files.
vue-cli
-
Comparing Frontend Technologies: ReactJS vs VueJS
Ecosystem: Vue's ecosystem is smaller than React's but rapidly growing. The Vue CLI provides a robust tool for project scaffolding and build configuration.
-
Integration of Angular, Vue.js and React with .NET: Creating a Modern Web Experience
Immerse yourself in the official Vue CLI documentation for a deeper understanding.
-
Dependencies Belong in Version Control
Security would be a useful benefit/section to add to this post:
A.) If maintainers of your dependencies edited an existing version.
B.) If your dependencies did not pin their dependencies.
For instance, if you installed vue-cli in May of last year from NPM with --prefer-offline (basically the same as checking in your node_modules), you were fine. But because vue-cli doesn't pin its dependencies ("node-ipc"), installing fresh/online would create WITH-LOVE-FROM-AMERICA.txt on your desktop [1], which was at the very least a scare, but for some, very problematic.
[1] https://github.com/vuejs/vue-cli/issues/7054
-
Creating a Vue 3 Form Repeater Component: A Step-by-Step Guide
Vue CLI documentation: https://cli.vuejs.org/
-
Selecting the Right Dependencies: A Comprehensive Practical Guide
An interesting fact is that this dependency was used in vue-cli.
-
Build complex SPAs quickly with vue-element-admin
Vue CLI 3
-
Upgrade to Vue3 with @vue/compat on Vue CLI project just doesn't work
Open issue for half a year https://github.com/vuejs/vue-cli/issues/7234
-
What is Vue?
Vue CLI (command-line interface), which is used to install and create the main Vue framework libraries and third-party plugins.
-
I made browser extension for bookmarks (Vue 3 + TailwindCSS + IndexedDB)
Is there a reason you've used the old Vue CLI though, with webpack and babel?Imho you're missing a lot not using Vite... npm init vue@latest (create-vue) is the recommended way to scaffold a new Vue app, Vue CLI is in Maintenance Mode
-
Open Source Projects Made Using Vue.js
The official Vue CLI UI is made with Vue + Apollo GraphQL. You'll know it when you run vue ui in your terminal. - https://github.com/vuejs/vue-cli/tree/dev/packages/%40vue/cli-ui
What are some alternatives?
es5-ext - ECMAScript extensions (with respect to upcoming ECMAScript features)
vite - Next generation frontend tooling. It's fast!
peacenotwar - Attempts to determine if the computer its running on has an IP originating from Russia or Belarus. If it is then depending on the version of the malware either attempts to delete all files on the computer, or creates a text file on the computers desktop protesting the war in ukraine.
inertia-laravel - The Laravel adapter for Inertia.js.
node-ipc - A nodejs module for local and remote Inter Process Communication (IPC), Neural Networking, and able to facilitate machine learning.
create-react-app - Set up a modern web app by running one command.
Symfony - The Symfony PHP framework
Vue.js - This is the repo for Vue 2. For Vue 3, go to https://github.com/vuejs/core
vuex - 🗃️ Centralized State Management for Vue.js.
core - 🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
vue-demi - 🎩 Creates Universal Library for Vue 2 & 3