npm

load-nuxt @99.0.3

Vulnerability report · Last retrieved from osv.dev July 8, 2026 at 7:23 PM UTC

Malicious

OSV ID

MAL-2026-6934

Ecosystem

npm

Summary

Package name resembles the Nuxt ecosystem's helper naming ('load-nuxt') and is published at version 99.0.3, a version-number shape frequently used in name-confusion/dependency-confusion publishes rather than in normal semver progression. No install-time exfiltration, remote code fetch-and-execute, silent-relay, credential distribution, or backdoor mechanism was identified in the scanned contents, and no lifecycle scripts or suspicious network destinations were observed. Because both the name-similarity signal (subjective) and the anomalous version bump exist without a corroborated payload, the correct handling is human review of the maintainer, publish history, and package contents before recommending trust.

Source: amazon-inspector (d5e95bb337136d6bfafcd6f21bb8cb1d98da703f7e20b851b3af82876018ffac)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.