@vue/typescript-plugin is a crucial component for Vue.js developers using TypeScript, acting as a bridge between your code and the TypeScript language server (tsserver) or any TypeScript language server implementation. This plugin enhances the development experience by providing features like type checking, autocompletion, and other language services within Vue templates and components.
The recent update from version 2.0.21 to 2.0.22 brings a few notable changes. One key difference lies in the dependency on @volar/typescript. Version 2.0.21 relied on a pre-release alpha version (~2.3.0-alpha.15), while version 2.0.22 upgrades this dependency to a stable release (~2.3.1). This shift suggests a move towards greater stability and reliability in the underlying TypeScript support provided by Volar. Developers can expect fewer potential bugs and more consistent behavior.
Another notable point is the releaseDate, showing recent activity in the project, and the minor change in the unpackedSize of the package, slightly decreasing from 48985 to 48037. While this change is small, it might indicate some minor optimizations or code refactorings. Core Vue dependencies have been updated to the latest stable versions. Users are encouraged to update for improved compatibility and potentially enhanced performance. The package is MIT licensed and openly supports contributions through its GitHub repository.
All the vulnerabilities related to the version 2.0.22 of the package
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
A vulnerability has been discovered in vue-template-compiler, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as Object.prototype.staticClass or Object.prototype.staticStyle to execute arbitrary JavaScript code. Vue 2 has reached End-of-Life. This vulnerability has been patched in Vue 3.
