Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
Supporting Vue.js
Vue.js is an MIT-licensed open source project with its ongoing development made possible entirely by the support of these awesome backers. If you'd like to join them, please consider:
- Become a backer or sponsor on Patreon.
- Become a backer or sponsor on Open Collective.
- One-time donation via PayPal or crypto-currencies.
What's the difference between Patreon and OpenCollective?
Funds donated via Patreon go directly to support Evan You's full-time work on Vue.js. Funds donated via OpenCollective are managed with transparent expenses and will be used for compensating work and expenses for core team members or sponsoring community events. Your name/logo will receive proper recognition and exposure by donating on either platform.
Special Sponsors
Platinum Sponsors
|
|
|
|
Platinum Sponsors (China)
|
Gold Sponsors
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Sponsors via Open Collective
Platinum
Gold
Introduction
Vue (pronounced /vjuː/, like view) is a progressive framework for building user interfaces. It is designed from the ground up to be incrementally adoptable, and can easily scale between a library and a framework depending on different use cases. It consists of an approachable core library that focuses on the view layer only, and an ecosystem of supporting libraries that helps you tackle complexity in large Single-Page Applications.
Browser Compatibility
Vue.js supports all browsers that are ES5-compliant (IE8 and below are not supported).
Ecosystem
| Project | Status | Description |
|---|---|---|
| vue-router |  | Single-page application routing |
| vuex |  | Large-scale state management |
| vue-cli |  | Project scaffolding |
| vue-loader |  | Single File Component (*.vue file) loader for webpack |
| vue-server-renderer |  | Server-side rendering support |
| vue-class-component |  | TypeScript decorator for a class-based API |
| vue-rx |  | RxJS integration |
| vue-devtools |  | Browser DevTools extension |
Documentation
To check out live examples and docs, visit vuejs.org.
Questions
For questions and support please use the official forum or community chat. The issue list of this repo is exclusively for bug reports and feature requests.
Issues
Please make sure to read the Issue Reporting Checklist before opening an issue. Issues not conforming to the guidelines may be closed immediately.
Changelog
Detailed changes for each release are documented in the release notes.
Stay In Touch
Contribution
Please make sure to read the Contributing Guide before making a pull request. If you have a Vue-related project/component/tool, add it with a pull request to this curated list!
Thank you to all the people who already contributed to Vue!
License
Copyright (c) 2013-present, Yuxi (Evan) You
Keywords
FAQs
Reactive, component-oriented view layer for modern web interfaces.
We found that @arijs/vue demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 01 Jan 2020
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025