Why Use This
This skill provides specialized capabilities for HoangNguyen0403's codebase.
Use Cases
- Developing new features in the HoangNguyen0403 repository
- Refactoring existing code to follow HoangNguyen0403 standards
- Understanding and working with HoangNguyen0403's codebase structure
Install Guide
2 steps - 1
- 2
Install inside Ananke
Click Install Skill, paste the link below, then press Install.
https://github.com/HoangNguyen0403/agent-skills-standard/tree/develop/skills/typescript/security
Skill Snapshot
Auto scan of skill assets. Informational only.
Valid SKILL.md
Checks against SKILL.md specification
Source & Community
Updated At Jan 18, 2026, 04:24 AM
Skill Stats
SKILL.md 60 Lines
Total Files 1
Total Size 0 B
License NOASSERTION
---
name: TypeScript Security
description: Secure coding practices for building safe TypeScript applications.
metadata:
labels: [security, typescript, validation, sanitization]
triggers:
files: ['**/*.ts', '**/*.tsx']
keywords:
[validate, sanitize, xss, injection, auth, password, secret, token]
---
# TypeScript Security
## **Priority: P0 (CRITICAL)**
Security standards for TypeScript applications based on OWASP guidelines.
## Implementation Guidelines
- **Validation**: Validate all inputs with `zod`/`joi`/`class-validator`.
- **Sanitization**: Use `DOMPurify` for HTML. Prevent XSS.
- **Secrets**: Use env vars. Never hardcode.
- **SQL Injection**: Use parameterized queries or ORMs (Prisma/TypeORM).
- **Auth**: Use `bcrypt` for hashing. Implement strict RBAC.
- **HTTPS**: Enforce HTTPS. Set `secure`, `httpOnly`, `sameSite` cookies.
- **Rate Limit**: Prevent brute-force/DDoS.
- **Deps**: Audit with `npm audit`.
## Anti-Patterns
- **No `eval()`**: Avoid dynamic execution.
- **No Plaintext**: Never commit secrets.
- **No Trust**: Validate everything server-side.
## Code
```typescript
// Validation (Zod)
const UserSchema = z.object({
email: z.string().email(),
password: z.string().min(8),
});
// Secure Cookie
const cookieOpts = {
httpOnly: true,
secure: process.env.NODE_ENV === 'prod',
sameSite: 'strict' as const,
};
```
## Reference & Examples
For authentication patterns and security headers:
See [references/REFERENCE.md](references/REFERENCE.md).
## Related Topics
common/security-standards | best-practices | language
