# Vue

Endless Lifecycle Support (ELS) for Vue from TuxCare provides security fixes for Vue versions that have reached end of life. This allows you to continue running Vue applications without vulnerability concerns, even after official support has ended.

The versions 2.6.11, 2.6.14, and 2.7.16 are supported by TuxCare for the following Vue ecosystem packages:

• vue
• @vue/server-renderer
• vue-template-compiler

# Connection to ELS for Vue Repository

This guide outlines the steps needed to integrate the TuxCare ELS for Vue repository.

# Step 1: Get Token

You need a token in order to use the TuxCare ELS Vue repository. Anonymous access is disabled. To receive the token, contact sales@tuxcare.com.

# Step 2: Set Up ELS for Vue

TuxCare provides ELS for Vue as npm packages, hosted on a secure internal registry. Follow the steps below to add it to your project and get started.

1. Navigate to the root directory of your Vue project.

2. Create a .npmrc file (or update it if it already exists).

   my-vue-project/
   ├── node_modules/
   ├── package.json
   ├── .npmrc         ⚠️ ← Create it here
   └── package-lock.json
   

3. Add the ELS Vue registry configuration to .npmrc:

   registry=https://registry.npmjs.org/
   @els-vue:registry=https://nexus.repo.tuxcare.com/repository/els-vue/
   //nexus.repo.tuxcare.com/repository/els-vue/:_auth=${TOKEN}
   

   Replace ${TOKEN} with the token you received from sales@tuxcare.com.

4. Update your package.json dependencies to use TuxCare packages.

   For exact available patched versions, check your Nexus access first. The snippets below are examples. The >= range with -tuxcare.1 resolves to the latest TuxCare build for that upstream Vue version.

   Choose version: 2.7.162.6.142.6.11

   "dependencies": {
     "vue": "npm:@els-vue/vue@>=2.7.16-tuxcare.1",
     "@vue/server-renderer": "npm:@els-vue/vue-server-renderer@>=2.7.16-tuxcare.1",
     "vue-template-compiler": "npm:@els-vue/vue-template-compiler@>=2.7.16-tuxcare.1"
   },
   "overrides": {
     "vue@2.7.16": "npm:@els-vue/vue@>=2.7.16-tuxcare.1",
     "@vue/server-renderer@2.7.16": "npm:@els-vue/vue-server-renderer@>=2.7.16-tuxcare.1",
     "vue-template-compiler@2.7.16": "npm:@els-vue/vue-template-compiler@>=2.7.16-tuxcare.1"
   }
   

5. Remove old dependencies and clear npm cache:

   rm -rf node_modules package-lock.json && npm cache clean --force
   

6. Run the following command to install the ELS version of the Vue library (token for the TuxCare repository will be automatically picked up from your .npmrc file):

   npm install
   

# Step 3: Verify Installation

1. Confirm package resolution:

   npm list <package-name>
   

2. Run your application and verify that dependency resolution works through the TuxCare repository.

# Vulnerability Exploitability eXchange (VEX)

VEX is a machine-readable format that tells you if a known vulnerability is actually exploitable in your product. It reduces false positives and helps prioritize real risks.

TuxCare provides VEX data for Vue packages:

• vue
• vue-template-compiler

# How to Upgrade to a Newer Version of TuxCare Packages

If you already use TuxCare-patched Vue packages and need to upgrade, clear local dependencies and reinstall (the >= range will resolve to the latest available TuxCare build):

rm -rf node_modules package-lock.json && npm cache clean --force
npm install

# Resolved CVEs

Fixes for the following vulnerabilities are available in ELS for Vue from TuxCare versions:

If you are interested in TuxCare Endless Lifecycle Support, contact sales@tuxcare.com.