Securie for Nuxt

Securie covers Nuxt's Nitro server, useFetch / $fetch call-sites, and server-side middleware. Leaked runtime-config secrets, missing auth in /server/api routes, and SSR-side SSRF are all detected.

Start free — one repoRead the guides

Why it matters for Nuxt

Install on your Nuxt 3 repository. Every file under /server/api and every middleware is reviewed.

  • Covers Nuxt 3 Nitro server + /server/api handlers
  • Validates runtimeConfig public/private split
  • Detects SSR SSRF via $fetch from server context
  • Integrates with Vercel, Netlify, Cloudflare Pages, and self-hosted

Common bugs we catch in Nuxt

Unauthenticated /server/api/ routes

Nuxt's /server/api routes are server-rendered APIs. Ship without auth = data leak.

Read the guide →

runtimeConfig.public containing a secret

Everything under runtimeConfig.public ships to the client. Common mistake on first setup.

$fetch with user-controlled URL

Server-side $fetch calls with attacker-controlled URLs are SSRF.

Install in under a minute

  1. Install the Securie GitHub App on your Nuxt 3 repo
  2. Securie detects nuxt.config.ts
  3. Push any PR. Review findings in minutes.

Nuxt is a project of the Nuxt team. Securie is independent.