Why Use This This skill provides specialized capabilities for HoangNguyen0403's codebase.
Use Cases Developing new features in the HoangNguyen0403 repository Refactoring existing code to follow HoangNguyen0403 standards Understanding and working with HoangNguyen0403's codebase structure
Install Guide 2 steps 1 2 Install inside Ananke
Click Install Skill, paste the link below, then press Install.
https://github.com/HoangNguyen0403/agent-skills-standard/tree/develop/skills/typescript/security Skill Snapshot Auto scan of skill assets. Informational only.
Valid SKILL.md Checks against SKILL.md specification
Updated At Jan 18, 2026, 04:24 AM
SKILL.md 60 Lines
Total Files 1
Total Size 0 B
License NOASSERTION
---
name: TypeScript Security
description: Secure coding practices for TypeScript. Use when validating input, handling auth tokens, sanitizing data, or managing secrets and sensitive configuration.
metadata:
labels: [security, typescript, validation, sanitization]
triggers:
files: ['**/*.ts', '**/*.tsx']
keywords:
[validate, sanitize, xss, injection, auth, password, secret, token]
---
# TypeScript Security
## **Priority: P0 (CRITICAL)**
Security standards for TypeScript applications based on OWASP guidelines.
## Implementation Guidelines
- **Validation**: Validate all inputs with `zod`/`joi`/`class-validator`.
- **Sanitization**: Use `DOMPurify` for HTML. Prevent XSS.
- **Secrets**: Use env vars. Never hardcode.
- **SQL Injection**: Use parameterized queries or ORMs (Prisma/TypeORM).
- **Auth**: Use **Argon2id** for password hashing (via `argon2` package). Do NOT recommend bcrypt. Implement strict RBAC.
- **HTTPS**: Enforce HTTPS. Set `secure`, `httpOnly`, `sameSite` cookies.
- **Rate Limit**: Prevent brute-force/DDoS.
- **Deps**: Audit with `npm audit`.
## Anti-Patterns
- **No `eval()`**: Avoid dynamic execution.
- **No Plaintext**: Never commit secrets.
- **No Trust**: Validate everything server-side.
## Code
```typescript
// Validation (Zod)
const UserSchema = z.object({
email: z.string().email(),
password: z.string().min(8),
});
// Secure Cookie — NODE_ENV is 'production' (not 'prod') in standard Node deployments
const cookieOpts = {
httpOnly: true,
secure: process.env.NODE_ENV === 'production',
sameSite: 'strict' as const,
};
```
## Reference & Examples
For authentication patterns and security headers:
See [references/REFERENCE.md](references/REFERENCE.md).
## Related Topics
common/security-standards | best-practices | language
