• 6.1. Embrace linter security rules
• 6.2. Limit concurrent requests using a middleware
• 6.3 Extract secrets from config files or use packages to encrypt them
• 6.4. Prevent query injection vulnerabilities with ORM/ODM libraries
• 6.5. Collection of generic security best practices
• 6.6. Adjust the HTTP response headers for enhanced security
• 6.7. Constantly and automatically inspect for vulnerable dependencies
• 6.8. Protect Users’ Passwords/Secrets using brypt or scrypt
• 6.9. Escape HTML, JS and CSS output
• 6.10. Validate incoming JSON schemas
• 6.11. Support blacklisting JWTs
• 6.12. Prevent brute-force attacks against authorization
• 6.13. Run Node.js as non-root user
• 6.14. Limit payload size using a reverse-proxy or a middleware
• 6.15. Avoid JavaScript eval statements
• 6.16. Prevent evil RegEx from overloading your single thread execution
• 6.17. Avoid module loading using a variable
• 6.18. Run unsafe code in a sandbox
• 6.19. Take extra care when working with child processes
• 6.20. Hide error details from clients
• 6.22. Modify session middleware settings
• 6.24. Prevent unsafe redirects
• 6.25. Avoid publishing secrets to the npm registry