vitejs/vite v7.3.1 → v8.0.0

Vite 8.0.0 is a broad release focused on build pipeline evolution, plugin compatibility, and a long list of edge-case fixes across SSR, HMR, CSS, assets, and dev server security. The published notes are minimal, but the merged work shows a clear theme: smoother migration toward the new rolldown-powered architecture while tightening correctness in places users actually hit.

What's new

  • Vite’s plugin system now supports hook filters, matching rolldown’s plugin hook filter model and reducing the gap between rollup-powered and rolldown-powered Vite. This is groundwork rather than an immediate speedup in current rollup builds, but it gives plugin authors a clearer path as Vite moves further toward rolldown compatibility (#19586, #19602).

  • Type support around environment variables is stricter by default. ImportMetaEnv no longer forces a catch-all [key: string]: any, so you can make env typing truly strict in vite-env.d.ts; if you still want loose access, you can add the index signature yourself (#19077).

  • Vite now exposes and improves more plugin and HMR-related types. This includes type hints for HMR event names used by hot.on, hot.off, and hot.send, plus an exposed CustomPluginOptionsVite type that can be extended through declaration merging while keeping backward compatibility for existing plugin code (#19579, #19557, #19760).

  • create-vite adds a Marko starter, including both marko and marko-ts examples, so Marko projects can be scaffolded alongside the other built-in framework templates (#19257).

  • create-vite also adds commands for creating TanStack Router apps, based on the create-tsrouter-app CLI (#19573).

  • plugin-legacy adds sourcemapBaseUrl, which lets you set a specific base URL for generated sourcemap references in legacy builds (#19281).

  • Environment loading can now be disabled with envDir: false. This is useful when another tool is responsible for loading environment variables and you do not want Vite to automatically read .env files from disk (#19503).

  • Vite now warns when define['process.env'] appears to include a real path value. This catches the common pattern of passing process.env wholesale into client code, which can accidentally expose environment variables that were never meant to ship to the browser (#19517).

Breaking changes

  • ImportMetaEnv typing is stricter. If your app or library relied on arbitrary property access being accepted automatically, add your own [key: string]: any back into the ImportMetaEnv interface in vite-env.d.ts to keep the old loose behavior (#19077).

  • Internal plugin hooks were moved under [hookName].handler as part of the hook filter work. This should not affect normal plugin usage, but third-party tools or frameworks that manually call Vite’s internal plugin hooks may need to update how they access them (#19586).

Fixes

  • SSR export handling is more correct in cyclic and re-export cases, including hoisting exports earlier, preserving live bindings for default exports, and fixing re-export execution order (#18983, #19842, #19841).

  • Sourcemap combination now handles multiple sources better when a source does not have a matching entry, fixing cases like nested Sass partials no longer appearing correctly in devtools (#18971).

  • Built asset URLs no longer keep the ?no-inline marker in production output (#19496).

  • this.addWatchFile works again when base is set, so watched files update correctly instead of being missed (#19794).

  • HMR event handling now runs sequentially, and circular import.meta.hot.invalidate() chains no longer loop forever; Vite falls back to a full reload when the invalidation path becomes circular (#19793, #19870).

  • CSS handling is more robust: image-set() is parsed correctly even without a space after the comma, and scoped CSS now preserves style order when mixed with non-scoped CSS in the same module (#19661, #19678).

  • HTML proxy resolution is more tolerant of extra query params, fixing cases where URLs like ?v=...&html-proxy failed to resolve in browser-based test environments (#19767).

  • The module runner now accepts an already-resolved id as the entry, which fixes inconsistencies around virtual module ids (#19768).

  • Older browsers are less likely to break in preload code because Vite no longer depends directly on Promise.allSettled there (#19805).

Other notable changes

  • Several dev server and file serving security issues were fixed, including request targets containing #, static file checks in sirv, transform middleware fs checks, and raw query separator handling (#19830, #19965, #19761, #19702, #19782).

  • Vite’s docs site now generates LLM-friendly documentation output, including llms.txt-style content for vite.dev (#19675).

  • Various internal cleanup and dependency updates landed, along with more documentation for plugin authors and debugging tips (#19759, #19631).

Contributors

@hi-ogawa, @OnlyWick, @sapphi-red, @yunics-highfield, @LuLaValva, @novlan1, @94726, @anatawa12, @patak-cat, @okineadev, @reyhappen, @cnzgray, @wobsoriano, @maxpatiiuk, @saintnoodle, @renovate[bot], @benmccann, @btea, @iiio2, @Dykam, @BenoitRanque, @dsonet

Only a subset of merged work was shown here.

Only the most active 50 of 146 merged PRs were included. See the full compare view.

View on GitHub →