start-core/auth-server-primitives
Pass
Audited by Gen Agent Trust Hub on Jun 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Provides secure session management patterns using HttpOnly, Secure, and SameSite cookie flags with the __Host- prefix to mitigate XSS and CSRF risks.
- [SAFE]: Implements constant-time password verification logic using dummy hashes to prevent user enumeration via timing attacks.
- [SAFE]: Includes robust CSRF defenses by validating the Origin header in middleware for all mutating requests.
- [SAFE]: Educates users on the importance of enforcing authorization within server-side handlers rather than relying solely on client-side route guards.
Audit Metadata