security-express

Security audit patterns for Express.js applications covering essential security middleware, CORS configuration, auth patterns, and common vulnerabilities.

Essential Security Middleware

Helmet.js (Security Headers)

// Missing security headers - MUST NOT do this
const app = express();

// MUST use Helmet
const helmet = require('helmet');
app.use(helmet());