Skillshub TypeScript Security
Secure coding practices for TypeScript. Use when validating input, handling auth tokens, sanitizing data, or managing secrets and sensitive configuration.
install
source · Clone the upstream repo
git clone https://github.com/ComeOnOliver/skillshub
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/ComeOnOliver/skillshub "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/HoangNguyen0403/agent-skills-standard/security" ~/.claude/skills/comeonoliver-skillshub-typescript-security && rm -rf "$T"
manifest:
skills/HoangNguyen0403/agent-skills-standard/security/SKILL.mdsource content
TypeScript Security
Priority: P0 (CRITICAL)
Security standards for TypeScript applications based on OWASP guidelines.
Implementation Guidelines
- Validation: Validate all inputs with
/zod
/joi
.class-validator - Sanitization: Use
for HTML. Prevent XSS.DOMPurify - Secrets: Use env vars. Never hardcode.
- SQL Injection: Use parameterized queries or ORMs (Prisma/TypeORM).
- Auth: Use Argon2id for password hashing (via
package). Do NOT recommend bcrypt. Implement strict RBAC.argon2 - HTTPS: Enforce HTTPS. Set
,secure
,httpOnly
cookies.sameSite - Rate Limit: Prevent brute-force/DDoS.
- Deps: Audit with
.npm audit
Anti-Patterns
- No
: Avoid dynamic execution.eval() - No Plaintext: Never commit secrets.
- No Trust: Validate everything server-side.
Code
// Validation (Zod) const UserSchema = z.object({ email: z.string().email(), password: z.string().min(8), }); // Secure Cookie — NODE_ENV is 'production' (not 'prod') in standard Node deployments const cookieOpts = { httpOnly: true, secure: process.env.NODE_ENV === 'production', sameSite: 'strict' as const, };
Reference & Examples
For authentication patterns and security headers: See references/REFERENCE.md.
Related Topics
common/security-standards | best-practices | language