passport
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a documentation guide and code template for implementing authentication middleware. No malicious instructions or hidden behaviors were found.
- [SAFE]: All external dependencies listed (e.g., passport, bcrypt, jsonwebtoken, various OAuth strategies) are standard, well-known libraries from the official NPM registry.
- [SAFE]: The provided code examples demonstrate secure practices, such as using environment variables for sensitive secrets (SESSION_SECRET, JWT_SECRET, client IDs/secrets) and utilizing bcrypt for secure password hashing.
- [SAFE]: The OAuth integration guides include recommendations for security features like the 'state' parameter to prevent CSRF attacks and secure session cookie configurations (httpOnly, secure, sameSite).
- [SAFE]: Session management documentation includes important security patterns like session regeneration upon authentication to prevent session fixation attacks.
Audit Metadata