Nuxt Adapter improvements

.changeset/add-nuxt-module.md

@@ -0,0 +1,16 @@
+---
+"@csrf-armor/nuxt": minor
+---
+
+Add `@csrf-armor/nuxt` module for Nuxt 3/4 applications
+
+Introduces a new Nuxt module that provides server-side CSRF protection via a Nitro middleware and client-side utilities for token management.
+
+**Features:**
+- `NuxtAdapter` bridges H3 events with the framework-agnostic `@csrf-armor/core` engine
+- Server middleware automatically enforces CSRF protection on all mutating requests
+- `useCsrfToken` composable for SSR-safe token access via `useState`
+- `useCsrfFetch` composable wrapping `$fetch` with automatic CSRF token injection
+- Client plugin initialises the token on page load
+- Full support for all core strategies: `double-submit`, `signed-double-submit`, `signed-token`, `origin-check`, `hybrid`
+- Zero runtime dependencies — uses H3Event native Web API (`event.method`, `event.headers`, `event.path`) and Node.js built-ins instead of h3 helper functions

package.json

@@ -50,7 +50,16 @@
       "brace-expansion": "^2.0.2",
       "tmp": ">=0.2.4",
       "vite": "^6.4.1",
-      "qs": ">=6.14.1"
+      "qs": ">=6.14.2",
+      "simple-git": ">=3.32.3",
+      "rollup": ">=4.59.0",
+      "serialize-javascript": ">=7.0.3",
+      "svgo": ">=4.0.1",
+      "tar": ">=7.5.11",
+      "devalue": ">=5.6.3",
+      "minimatch@>=5.0.0 <6.0.0": "5.1.9",
+      "minimatch@>=9.0.0 <10.0.0": "9.0.9",
+      "minimatch@>=10.0.0 <11.0.0": "10.2.4"
     }
   },
   "packageManager": "pnpm@10.2.1+sha512.398035c7bd696d0ba0b10a688ed558285329d27ea994804a52bad9167d8e3a72bcb993f9699585d3ca25779ac64949ef422757a6c31102c12ab932e5cbe5cc92"