Securie for Nuxt

Nuxt 3's server routes (server/api/*) are the security boundary. Missing auth + missing rate limits + leaked runtimeConfig values are the common bugs.

Request accessRead the guides

Why it matters for Nuxt

Securie reviews every Nuxt PR; specialists cover server routes, nitro middleware, and runtimeConfig hygiene.

  • Designed for Nuxt 3+
  • Catches runtimeConfig.public leaks (server secrets in public scope)
  • Validates server route auth + rate limits
  • Works with Vercel + Netlify + Cloudflare + Node

Common bugs we catch in Nuxt

runtimeConfig.public used for a server secret

runtimeConfig.public ships to client; runtimeConfig (top-level) is server-only. Confusing the two = secret leak.

Read the guide →

Server route without auth check

server/api/*.ts files accept any request unless you add auth in handler or via a Nitro middleware.

Read the guide →

BOLA on dynamic server routes

server/api/orders/[id].ts without ownership check.

Read the guide →

Install in under a minute

  1. Install the Securie GitHub App
  2. Securie auto-detects Nuxt via nuxt package
  3. Push any PR

Nuxt is open-source. Securie is independent.