load-nuxt @99.0.3
Vulnerability report · Last retrieved from osv.dev July 8, 2026 at 7:23 PM UTC
OSV ID
MAL-2026-6934
Ecosystem
npm
Summary
Package name resembles the Nuxt ecosystem's helper naming ('load-nuxt') and is published at version 99.0.3, a version-number shape frequently used in name-confusion/dependency-confusion publishes rather than in normal semver progression. No install-time exfiltration, remote code fetch-and-execute, silent-relay, credential distribution, or backdoor mechanism was identified in the scanned contents, and no lifecycle scripts or suspicious network destinations were observed. Because both the name-similarity signal (subjective) and the anomalous version bump exist without a corroborated payload, the correct handling is human review of the maintainer, publish history, and package contents before recommending trust.
Source: amazon-inspector (d5e95bb337136d6bfafcd6f21bb8cb1d98da703f7e20b851b3af82876018ffac)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.