Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
@vaadin/vaadin-usage-statistics
Advanced tools
@vaadin/vaadin-usage-statistics
Gathers usage statistics for components used during application development
Gathers usage statistics for components used during application development
To be able to understand and focus development more efficiently, Vaadin gathers product usage statistics during development time and ties this to users who are logged in to their Vaadin account. No statistics or other data is collected from the users of the applications based on any Vaadin technologies.
Statistics are only gathered when the application is in development mode. Statistics are automatically disabled and the statistics gathering code is automatically excluded from production builds.
Collected data
- Vaadin products used in the application, including version numbers
- Frameworks used in the application, including version numbers
- Flow features used in the application, including version numers
- The first and last time a product was used
- The first time statistics were gathered
- Your Vaadin user account
- Whether you are a Vaadin Pro user or not (true/false)
- Browser user-agent string
- The IP address the statistics is sent from
Opting out
npm and Vaadin 14+ (using npm)
Using npm, you can disable it for the machine by running
npm explore @vaadin/vaadin-usage-statistics -- npm run disable
or you can disable it for the project by adding
"vaadin": { "disableUsageStatistics": true }
to your project package.json and running npm install again (remove node_modules if needed).
You can verify this by checking that vaadin-usage-statistics.js contains an empty function.
Vaadin 10 - 14 (using Bower)
Add to your pom.xml:
<dependency>
<groupId>org.webjars.bowergithub.vaadin</groupId>
<artifactId>vaadin-usage-statistics</artifactId>
<version>1.0.0-optout</version>
</dependency>
Bower
To opt-out from statistics, install the no-op version of the vaadin-usage-statistics package using
bower install --save vaadin/vaadin-usage-statistics#optout
You can verify this by checking that vaadin-usage-statistics.html is empty.
If you have any questions on the use of the statistics, please contact statistics@vaadin.com.
FAQs
Gathers usage statistics for components used during application development
We found that @vaadin/vaadin-usage-statistics demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 12 open source maintainers collaborating on the project.
Package last updated on 30 Aug 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025