nestjs-security

Installation
SKILL.md

NestJS Security Standards

Priority: P0 (CRITICAL)

Workflow: Secure NestJS Application

  1. Add Helmetapp.use(helmet()) in main.ts for HSTS, CSP headers.
  2. Configure JWT strategy — Use passport-jwt with RS256; validate iss and aud claims.
  3. Bind global AuthGuard — Register as APP_GUARD; use @Public() for open routes.
  4. Add throttling — Enable @nestjs/throttler with Redis store for rate limiting.
  5. Hash with Argon2id — Replace bcrypt with argon2.hash(password, { type: argon2.argon2id }).
  6. Verify — Run npm audit --prod and test that unauthenticated requests return 401.

Global Auth Guard Example

See implementation examples

Argon2id Hashing Example

See implementation examples

Installs
2
GitHub Stars
521
First Seen
14 days ago
nestjs-security — hoangnguyen0403/agent-skills-standard