RepoJournal
Vue.js

@vuejs

Vue + the surrounding frontend ecosystem

Pick a date

  1. Sun 3 may
  2. Mon 4 may
  3. Thu 7 may
  4. Fri 8 may
  5. Sat 9 may
  6. Sun 10 may
  7. Mon 11 may
  8. Tue 12 may
  9. Wed 13 may
  10. Thu 14 may
  11. Fri 15 may
  12. Sat 16 may
  13. Sun 17 may
  14. Mon 18 may
  15. Tue 19 may
  16. Wed 20 may
  17. Thu 21 may
  18. Sat 23 may
  19. Sun 24 may
  20. Mon 25 may
  21. Tue 26 may
  22. Wed 27 may
  23. Thu 28 may
  24. Fri 29 may
  25. Sat 30 may
  26. Sun 31 may
  27. Mon 1 jun
  28. Mon 8 jun
  29. Tue 9 jun
  30. Today 10 jun

The Wire ยท Showcase

CREATE-VUE TIGHTENS CI PERMISSIONS

By RepoJournal ยท Filed ยท About Vue.js

Create-vue locked down GitHub Actions token scope to follow least-privilege defaults, reducing attack surface without changing build behavior.

Create-vue merged explicit permission controls into its main CI workflow [1], setting GITHUB_TOKEN to read-only access and eliminating unnecessary privilege creep. The change keeps all current CI functionality intact while making future permission decisions intentional and reviewable. This follows GitHub's security best practice of defaulting to the narrowest token scope needed for each job. It's the kind of quiet infrastructure hardening that prevents supply chain risk down the line.

Action items

References

  1. [1] chore(ci): set explicit least-privilege workflow permissions โ†— vuejs/create-vue

FAQ

What changed in Vue.js on May 15, 2026?
Create-vue locked down GitHub Actions token scope to follow least-privilege defaults, reducing attack surface without changing build behavior.
What should Vue.js teams do about it?
Review your own GitHub Actions workflows for explicit permission blocks
Which Vue.js repositories shipped on May 15, 2026?
vuejs/create-vue

Related across the cluster

For your repos

The showcase is a teaser.
Your wire is the product.

Same engine. Different stack. Below: what changes when the wire is yours.

Showcase wire

  • โ€ข14 famous open source orgs
  • โ€ขOne wire per day
  • โ€ขPublic, generic
  • โ€ขRead on the web, when you remember

Your wire

  • โ†’Up to 1,500 of your repos - orgs, deps, vendors
  • โ†’Morning and evening briefs
  • โ†’Action items routed to your team
  • โ†’Slack delivery, email, breaking-news CVE alerts

Want a hands-on demo first? Ask a current user for an invite link.