>_SkillsHub

> typescript-security

Secure coding practices for TypeScript. Use when validating input, handling auth tokens, sanitizing data, or managing secrets and sensitive configuration. (triggers: **/*.ts, **/*.tsx, validate, sanitize, xss, injection, auth, password, secret, token)

fetch
$curl "https://skillshub.wtf/HoangNguyen0403/agent-skills-standard/typescript-security?format=md"
SKILL.mdtypescript-security

TypeScript Security

Priority: P0 (CRITICAL)

Security standards for TypeScript applications based on OWASP guidelines.

Implementation Guidelines

  • Validation: Validate all inputs with zod/joi/class-validator.
  • Sanitization: Use DOMPurify for HTML. Prevent XSS.
  • Secrets: Use env vars. Never hardcode.
  • SQL Injection: Use parameterized queries or ORMs (Prisma/TypeORM).
  • Auth: Use Argon2id for password hashing (via argon2 package). Do NOT recommend bcrypt. Implement strict RBAC.
  • HTTPS: Enforce HTTPS. Set secure, httpOnly, sameSite cookies.
  • Rate Limit: Prevent brute-force/DDoS.
  • Deps: Audit with npm audit.

Anti-Patterns

  • No eval(): Avoid dynamic execution.
  • No Plaintext: Never commit secrets.
  • No Trust: Validate everything server-side.

Code

// Validation (Zod)
const UserSchema = z.object({
  email: z.string().email(),
  password: z.string().min(8),
});

// Secure Cookie — NODE_ENV is 'production' (not 'prod') in standard Node deployments
const cookieOpts = {
  httpOnly: true,
  secure: process.env.NODE_ENV === 'production',
  sameSite: 'strict' as const,
};

Reference & Examples

For authentication patterns and security headers: See references/REFERENCE.md.

Related Topics

common/security-standards | best-practices | language

> related_skills --same-repo

> typescript-tooling

Development tools, linting, and build config for TypeScript. Use when configuring ESLint, Prettier, Jest, Vitest, tsconfig, or any TS build tooling. (triggers: tsconfig.json, .eslintrc.*, jest.config.*, package.json, eslint, prettier, jest, vitest, build, compile, lint)

> typescript-language

Modern TypeScript standards for type safety and maintainability. Use when working with types, interfaces, generics, enums, unions, or tsconfig settings. (triggers: **/*.ts, **/*.tsx, tsconfig.json, type, interface, generic, enum, union, intersection, readonly, const, namespace)

> typescript-best-practices

Idiomatic TypeScript patterns for clean, maintainable code. Use when writing or refactoring TypeScript classes, functions, modules, or async logic. (triggers: **/*.ts, **/*.tsx, class, function, module, import, export, async, promise)

> swift-tooling

Standards for SPM, Build Configs, and Code Quality. Use when managing Swift packages with SPM, configuring build settings, or enforcing Swift code quality. (triggers: Package.swift, .swiftlint.yml, package, target, dependency)

┌ stats

installs/wk0
░░░░░░░░░░
github stars341
██████████
first seenMar 17, 2026
└────────────

┌ repo

HoangNguyen0403/agent-skills-standard
by HoangNguyen0403
└────────────

┌ tags

#auth#data#security#typescript
└────────────