Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@vue/tsconfig
Advanced tools
@vue/tsconfig
TSConfigs for Vue projects to extend.
Requires TypeScript >= 5.0. For TypeScript v4.5 to v4.9, please use v0.1.x. Requires Vue.js >= 3.3.
See below for the breaking changes in v0.3.x.
npm add -D @vue/tsconfig
Add one of the available configurations to your tsconfig.json
:
"extends": "@vue/tsconfig/tsconfig.json"
"extends": "@vue/tsconfig/tsconfig.dom.json"
First install the base tsconfig and types for the Node.js version you are targeting, for example:
npm add -D @tsconfig/node22 @types/node@22
If you are not using any bundlers, the Node.js code doesn't rely on any Vue/Vite-specific features, then these would be enough, you may not need to extend the Vue TSConfig:
"extends": "@tsconfig/node22/tsconfig.json",
"compilerOptions": {
"types": ["node"]
}
Otherwise, if you are trying to use Vue components in Node.js environments (e.g. Server Side Rendering, Vitest, etc.), you will need to extend the Vue TSConfig along with the Node.js TSConfig:
"extends": [
"@tsconfig/node22/tsconfig.json",
"@vue/tsconfig/tsconfig.json"
],
"compilerOptions": {
"types": ["node"]
}
Make sure to place @vue/tsconfig/tsconfig.json
after @tsconfig/node22/tsconfig.json
so that it takes precedence.
As most Vue projects are built with bundlers, the default Vue TSConfig does not emit declaration files. If you are building a library or a component library, you can enable declaration file emitting by also extending @vue/tsconfig/tsconfig.lib.json
in your tsconfig.json
:
"extends": [
"@vue/tsconfig/tsconfig.dom.json",
"@vue/tsconfig/tsconfig.lib.json"
]
tsconfig.json
is unchanged.tsconfig.web.json
is now renamed to tsconfig.dom.json
, to align with @vue/runtime-dom
and @vue/compiler-dom
.tsconfig.node.json
is removed, please read the Node.js section above for Node.js usage.Some configurations have been updated, which might affect your projects:
moduleResolution
changed from node
to bundler
. This aligns more closely to the actual resolution rules in modern bundlers like Vite. However, some existing code may be broken under this new mode
"resolvePackageJsonExports": true
by default, so it prefers the exports
field of package.json
files when resolving a third party module.
node
mode.vue-i18n@9.2.2
, vuetify@3.2.3
, v-calendar@3.0.3
, etc.vue-i18n
has fixed this issue in v9.3 beta, and vuetify will solve the issue in v3.3, other packages may not be so quick to fix. In that case, you can override the compilerOptions.resolvePackageJsonExports
option to false
in your tsconfig.json
to temporarily work around the issue.publint
and Are the types wrong? to help you find and debug the issues.--moduleResolution bundler
does not support resolution of require
calls. In TypeScript files, this means the import mod = require("foo”)
syntax is forbidden.lib
option in tsconfig.dom.json
now includes ES2020
by default.
Previously it was ES2016, which was the lowest ES version that Vue 3 supports.
Vite 4 transpiles down to ES2020 by default, this new default is to align with the build tool.
This change won't throw any new errors on your existing code, but if you are targeting old browsers and want TypeScript to throw errors on newer features used, you can override the lib
option in your tsconfig.json
:
{
"extends": "@vue/tsconfig/tsconfig.dom.json",
"compilerOptions": {
"lib": ["ES2016", "DOM", "DOM.Iterable"]
}
}
FAQs
A base TSConfig for working with Vue.js
We found that @vue/tsconfig demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.