fastify-best-practices
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides extensive documentation on security best practices such as JWT authentication, secure password hashing with Argon2, and rate limiting (rules/authentication.md).
- [SAFE]: Recommends secure configuration management using environment variables and env-schema, explicitly warning against hardcoding secrets or using configuration files (rules/configuration.md).
- [SAFE]: Promotes secure input handling through JSON Schema validation (Ajv/TypeBox) and explicit file upload limits in @fastify/multipart (rules/schemas.md, rules/content-type.md).
- [SAFE]: Encourages the use of security headers via @fastify/helmet and proper CORS configuration (rules/cors-security.md).
- [SAFE]: Provides guidance on secure production deployments, including non-root Docker users and graceful shutdown mechanisms (rules/deployment.md).
Audit Metadata