nextjs-security

Installation
SKILL.md

Next.js Security

Priority: P0 (CRITICAL)

Workflow: Secure Next.js App

  1. Add auth middleware — Create middleware.ts to verify JWT/session on protected routes.
  2. Validate Server Actions — Parse all inputs with Zod schemas; call await auth() first.
  3. Set security headers — Add CSP, HSTS, X-Frame-Options in middleware response.
  4. Use server-only — Import in modules containing secrets to prevent client bundling.
  5. Taint sensitive objects — Use taintObjectReference to block server objects from reaching client.

Secure Server Action Example

See implementation examples

Implementation Guidelines

Installs
GitHub Stars
521
First Seen
nextjs-security — hoangnguyen0403/agent-skills-standard