security-auth-security
Security Patterns
Quick Guide: Managing secrets? Use .env.local (gitignored), CI secrets (GitHub/Vercel), rotate quarterly. Dependency security? Enable Dependabot, audit weekly, patch critical vulns within 24hrs. XSS prevention? React escapes by default - never use dangerouslySetInnerHTML with user input. Sanitize with DOMPurify if needed. Set CSP headers. CODEOWNERS? Require security team review for auth/, .env.example, workflows.
Detailed Resources:
- For code examples, see examples/core.md (essential patterns)
- For decision frameworks and anti-patterns, see reference.md
Additional Examples:
- examples/xss-prevention.md - XSS protection, DOMPurify, CSP headers
- examples/dependency-security.md - Dependabot, CI security checks
- examples/access-control.md - CODEOWNERS, rate limiting, branch protection
<critical_requirements>
More from agents-inc/skills
web-animation-css-animations
CSS Animation patterns - transitions, keyframes, scroll-driven animations, @property, GPU-accelerated properties, accessibility with prefers-reduced-motion
24web-animation-view-transitions
View Transitions API patterns - same-document transitions, cross-document MPA transitions, shared element animations, pseudo-element styling, accessibility
21web-testing-playwright-e2e
Playwright E2E testing patterns - test structure, Page Object Model, locator strategies, assertions, network mocking, visual regression, parallel execution, fixtures, and configuration
21web-styling-cva
Class Variance Authority - type-safe component variant styling with cva(), compound variants, and VariantProps
20web-animation-framer-motion
Motion (formerly Framer Motion) animation patterns - motion components, variants, gestures, layout animations, scroll-linked animations, accessibility
20web-i18n-next-intl
Type-safe i18n for Next.js App Router
19