Closed ruichen199801 closed 1 year ago
Security practices so far:
cookie-session
(more lightweight compared to express-session
as we only want to store the user in cookie)npm audit
to get report. Currently our dependency vulnerabilities are all related to using the older version of passport
, which is necessary for third party auth to workjoi
with express-joi-validation
csurf
is deprecated, and there seems to be no good substitute npm package for nowexpress-rate-limit
: #67 req.user
exists
Take measures to make the express app more secure.
Use this as a checklist: https://www.freecodecamp.org/news/express-js-security-tips/amp/