Hello there,
it might be unintended, that javascript code can be injected to the generated .nuxt/router.js file by crafting a maliciously named file inside of the /pages/ dir.
For example, placing a file named ');console.log('hello') && ('.vue inside of the pages directory will lead to JS code execution both on the server and the client.