feat: add nuxt-csp-report module

[Gonzo17]

🔗 Linked issue

resolves #1373

❓ Type of change

• 📖 Documentation (updates to the documentation or readme)
• 🐞 Bug fix (a non-breaking change that fixes an issue)
• 👌 Enhancement (improving an existing functionality)
• ✨ New feature (a non-breaking change that adds functionality)
• 🧹 Chore (updates to the build process or auxiliary tools and libraries)
• ⚠️ Breaking change (fix or feature that would cause existing functionality to change)

📚 Description

Module: https://github.com/Gonzo17/nuxt-csp-report

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds a new Nuxt module descriptor file modules/nuxt-csp-report.yml containing static metadata (name, description, repo, npm, icon, GitHub, website, learn_more, category, type, maintainers, compatibility nuxt >= 3.12.0). Updates modules/jsonapi.yml changing compatibility.nuxt from ^3.0.0 to >=3.0.0. Updates modules/nuxt-smartlook.yml changing the first maintainer's name from "Milan Felix Šulc" to "Milan Šulc". No executable code or logic changes.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Out of Scope Changes check	⚠️ Warning	The PR includes out-of-scope changes: updating jsonapi.yml compatibility version and changing a maintainer name in nuxt-smartlook.yml are unrelated to adding the nuxt-csp-report module.	Remove changes to jsonapi.yml and nuxt-smartlook.yml; keep only the new nuxt-csp-report.yml file that addresses issue #1373.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'feat: add nuxt-csp-report module' directly and clearly describes the main change - adding a new Nuxt module to the listing.
Description check	✅ Passed	The description references issue #1373 and provides the module repository URL, clearly relating to the changeset of adding the nuxt-csp-report module.
Linked Issues check	✅ Passed	The PR adds the nuxt-csp-report module descriptor file matching issue #1373's request to list the CSP reporting module with Nuxt 3+ compatibility.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@modules/nuxt-csp-report.yml`:
- Around line 4-5: The module descriptor references a non-existent npm package
name "nuxt-csp-report" (and an icon "nuxt-csp-report.svg"); to fix, verify and
correct the package name in the descriptor (replace "nuxt-csp-report" with the
actual published npm package name) or publish the package to npm under that
name, and ensure the icon file "nuxt-csp-report.svg" is present/accessible in
the repo; update the descriptor's npm and icon fields accordingly and rerun
validation.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check if npm package exists
echo "Checking npm package 'nuxt-csp-report'..."
npm_status=$(curl -s -o /dev/null -w "%{http_code}" https://registry.npmjs.org/nuxt-csp-report)
echo "HTTP Status: $npm_status"

# Check if icon file exists in the icons directory
echo -e "\n\nSearching for icon file 'nuxt-csp-report.svg'..."
fd -t f "nuxt-csp-report.svg"

# Also search for any svg icons directory
echo -e "\n\nListing icon directory structure..."
fd -t d "icon" -t d "icons" | head -20
fd -t f "\.svg$" | grep -i icon | head -20

Repository: nuxt/modules

Length of output: 168

---

🌐 Web query:

npm package nuxt-csp-report registry

💡 Result:

I couldn’t find any package named nuxt-csp-report published on the public npm registry (npmjs.com) (i.e., no npmjs package page / listing turned up in search results), so there isn’t a public “registry URL” to point to for that exact name.

If you expected it to be public, it may be published under a different name, or only available via a private registry (GitHub Packages, Verdaccio, Artifactory, etc.). To confirm what registry your environment is using, run:

npm config get registry
npm view nuxt-csp-report --json

For reference, common Nuxt security/CSP-related packages that are on the public npm registry include nuxt-security and nuxt-helmet. [1] [2]

Sources: [1] [2]

---

The npm package nuxt-csp-report does not exist on the public npm registry.

This module descriptor references a non-existent npm package. Verify that the package name is correct or that the npm package has been published before adding this module descriptor to the registry. Icon file verification could not be completed due to repository access limitations.

🤖 Prompt for AI Agents

In `@modules/nuxt-csp-report.yml` around lines 4 - 5, The module descriptor
references a non-existent npm package name "nuxt-csp-report" (and an icon
"nuxt-csp-report.svg"); to fix, verify and correct the package name in the
descriptor (replace "nuxt-csp-report" with the actual published npm package
name) or publish the package to npm under that name, and ensure the icon file
"nuxt-csp-report.svg" is present/accessible in the repo; update the descriptor's
npm and icon fields accordingly and rerun validation.

[Flo0806]

https://www.npmjs.com/package/nuxt-csp-report

That's wrong

[coderabbitai]

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify the npm package exists
echo "Checking if nuxt-csp-report package exists on npm..."
npm_response=$(curl -s https://registry.npmjs.org/nuxt-csp-report)

if echo "$npm_response" | jq -e '.name' > /dev/null 2>&1; then
    echo "✓ Package EXISTS"
    echo ""
    echo "Package details:"
    echo "$npm_response" | jq -r '{
        name: .name,
        description: .description,
        latest_version: ."dist-tags".latest,
        repository: .repository.url,
        homepage: .homepage
    }'
else
    echo "✗ Package NOT FOUND"
fi

Length of output: 388

---

@Flo0806, you're absolutely right, and I apologize for the error. The npm package nuxt-csp-report does exist on the registry. I've verified:

• ✅ Package name: nuxt-csp-report
• ✅ Version: 1.0.0
• ✅ Repository: https://github.com/Gonzo17/nuxt-csp-report
• ✅ Description matches the descriptor

The module descriptor is correct. My initial check was faulty, and I apologize for the confusion. Thank you for the correction!

    (\_(\ 
    (o.o)  Oops, my mistake!
    (> <)  Sorry about that.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@modules/jsonapi.yml`:
- Line 15: The Nuxt version constraint currently set as nuxt: '>=3.0.0' in
modules/jsonapi.yml is too broad and may include Nuxt 4; update this constraint
to explicitly exclude Nuxt 4 by changing the value to either '^3.0.0' or
'>=3.0.0 <4.0.0' so the module correctly advertises compatibility with Nuxt 3.x
only.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

patrickcate/nuxt-jsonapi Nuxt 4 compatibility support

💡 Result:

As of January 23, 2026, patrickcate/nuxt-jsonapi does not state official Nuxt 4 support. Its published compatibility notes say:

• nuxt-jsonapi v2.x and v3.x support Nuxt 3.x
• v1.x supports Nuxt 2.x [1][2]

Nuxt 4 is positioned by the Nuxt team as a stability-focused release and the current active major version (with Nuxt 3 supported in maintenance until January 31, 2026) [3]. Practically, that means it may work on Nuxt 4, but there’s no explicit guarantee from this module’s docs today—so you should validate in your app and pin a working version.

Sources: [1] [2] [3]

---

Bound the Nuxt version constraint to exclude Nuxt 4.

The nuxt-jsonapi module does not officially support Nuxt 4 as of now—it supports only Nuxt 3.x. Expanding the range to >=3.0.0 would include Nuxt 4 and mislead users in the module registry. Change to ^3.0.0 or >=3.0.0 <4.0.0 to accurately reflect actual compatibility.

🔧 Suggested fix

-  nuxt: '>=3.0.0'
+  nuxt: '^3.0.0'

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	nuxt: '>=3.0.0'
	nuxt: '^3.0.0'

🤖 Prompt for AI Agents

In `@modules/jsonapi.yml` at line 15, The Nuxt version constraint currently set as
nuxt: '>=3.0.0' in modules/jsonapi.yml is too broad and may include Nuxt 4;
update this constraint to explicitly exclude Nuxt 4 by changing the value to
either '^3.0.0' or '>=3.0.0 <4.0.0' so the module correctly advertises
compatibility with Nuxt 3.x only.