nextjs-security
Installation
SKILL.md
Next.js Security
Priority: P0 (CRITICAL)
Workflow: Secure Next.js App
- Add auth middleware — Create
middleware.tsto verify JWT/session on protected routes. - Validate Server Actions — Parse all inputs with Zod schemas; call
await auth()first. - Set security headers — Add CSP, HSTS, X-Frame-Options in middleware response.
- Use
server-only— Import in modules containing secrets to prevent client bundling. - Taint sensitive objects — Use
taintObjectReferenceto block server objects from reaching client.