Rate limiter calls useStorage() at module top-level and crashes during prerender

[Anoesj]

Environment

Nuxt project info:
|                      |                                                     |
| -------------------- | --------------------------------------------------- |
| **Operating system** | `Linux 6.8.0-101-generic`                           |
| **CPU**              | `AMD Ryzen 7 5800H with Radeon Graphics (16 cores)` |
| **Node.js version**  | `v22.19.0`                                          |
| **nuxt/cli version** | `3.33.1`                                            |
| **Package manager**  | `pnpm@10.30.3`                                      |
| **Nuxt version**     | `3.15.2`                                            |
| **Nitro version**    | `2.10.4`                                            |
| **Builder**          | `vite@6.0.7`                                        |
| **Config**           | `-`                                                 |
| **Modules**          | `-`                                                 |

Nuxt Security Version

v2.5.1

Default setup used?

Yes, the bug happens even if the security option is not customized

Security options

Reproduction

I'm very sorry (I really am), but at this time I don't have time for a reproduction. I just wanted to let you know that I ran into this. Hopefully this is better than not reporting this. Feel free to close if a repro is mandatory.

Description

When using nuxt@3.15.2 with nuxt-security@2.5.1 and @nuxtjs/sitemap@7.6.0 and/or @nuxtjs/robots@5.7.0 (via @nuxtjs/seo@2.2.x), Nitro prerender crashes with what seems like a TDZ issue (see "Logs" below).

Even when setting rateLimiter: false, the generated prerender bundle contains:

useStorage("#rate-limiter-storage");
defaultSecurityConfig("", true).rateLimiter;

This seems to run at module top-level during import.

Solutions I found so far to "fix" the issue:

• Disabling nuxt-security altogether, but that's not desirable.
• Pinning @nuxtjs/sitemap to 7.0.2 and @nuxtjs/robots to 5.1.1 using pnpm overrides:

  overrides:
    "@nuxtjs/sitemap": "7.0.2"
    "@nuxtjs/robots": "5.1.1"
  

Extra info: adding routeRules: { '/**': { security: { rateLimiter: false }}} still crashes.

I have not yet tested on the latest Nuxt 3 version. I'm aware I'm running on a pretty outdated combination of dependencies. Unfortunately we're quite far behind on updates in this project, but working on it.. 😇

Additional context

No response

Logs

...
[success] Server built in 15ms
[info] [nitro] Initializing prerenderer
[error] Cannot access 'storage' before initialization
  at useStorage (.nuxt/prerender/chunks/nitro/nitro.mjs:5646:31)
  at .nuxt/prerender/chunks/nitro/nitro.mjs:4774:1
  at ModuleJob.run (node:internal/modules/esm/module_job:345:25)
  at async onImport.tracePromise.__proto__ (node:internal/modules/esm/loader:651:26)
  at async prerender (node_modules/.pnpm/nitropack@2.10.4_typescript@5.9.3/node_modules/nitropack/dist/core/index.mjs:1892:44)
  at async node_modules/.pnpm/nuxt@3.15.2_@parcel+watcher@2.5.6_@types+node@25.3.2_db0@0.2.1_eslint@10.0.2_jiti@2.4.2_dc275f302888c72ddbee9471d44db000/node_modules/nuxt/dist/shared/nuxt.BoHAox-C.mjs:4276:5
  at async build (node_modules/.pnpm/nuxt@3.15.2_@parcel+watcher@2.5.6_@types+node@25.3.2_db0@0.2.1_eslint@10.0.2_jiti@2.4.2_dc275f302888c72ddbee9471d44db000/node_modules/nuxt/dist/shared/nuxt.BoHAox-C.mjs:6642:3)
  at async Object.run (node_modules/.pnpm/@nuxt+cli@3.20.0_magicast@0.3.5/node_modules/@nuxt/cli/dist/chunks/build.mjs:74:5)
  at async runCommand (node_modules/.pnpm/citty@0.1.6/node_modules/citty/dist/index.mjs:316:16)
  at async runCommand (node_modules/.pnpm/citty@0.1.6/node_modules/citty/dist/index.mjs:307:11) 

[error] Cannot access 'storage' before initialization
 ELIFECYCLE  Command failed with exit code 1.

[Baroshem]

Interesting. @pi0 do you maybe know if it is an upstream issue with unstorage? I could move the initialization inside the defineEventHandler (but I think the idea behind using useStorage outside was for performance reason).