hoangnguyen0403-typescript-security
Installation
SKILL.md
TypeScript Security
Priority: P0 (CRITICAL)
Security standards for TypeScript applications based on OWASP guidelines.
Implementation Guidelines
- Validation: Validate all inputs with
zod/joi/class-validator. - Sanitization: Use
DOMPurifyfor HTML. Prevent XSS. - Secrets: Use env vars. Never hardcode.
- SQL Injection: Use parameterized queries or ORMs (Prisma/TypeORM).
- Auth: Use
bcryptfor hashing. Implement strict RBAC. - HTTPS: Enforce HTTPS. Set
secure,httpOnly,sameSitecookies. - Rate Limit: Prevent brute-force/DDoS.
- Deps: Audit with
npm audit.