Forked template compiler for Vue with CVE-2024-9506 patch
npm install @lastboy/vue2-template-compiler> Fork of vue-template-compiler@2.7.16 with patched CVE-2024-9506, a ReDoS vulnerability in the parseHTML function.
This package is automatically built alongside @lastboy/vue2 and provides a secure template compiler compatible with that runtime.
This fork is intended for teams that still rely on Vue 2 but need to meet strict security compliance standards. It is API-compatible with the original vue-template-compiler and can be used as a drop-in replacement.
---
This compiler has been tested against a malicious HTML payload known to exploit the vulnerable regex in parseHTML. The test uses compiler.compile() directly with a crafted