nodejs-backend-patterns
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides security-hardened templates for Express.js and Fastify, including headers (Helmet), CORS, and body size limits.
- [SAFE]: Database interactions in the repository layer use parameterized queries (via the pg library), which effectively prevents SQL injection attacks.
- [SAFE]: Authentication implementation uses industry-standard bcrypt for password hashing and jsonwebtoken (JWT) for session management, with secrets managed via environment variables.
- [SAFE]: Input validation is enforced using the zod library and Fastify's built-in schema validation, protecting against malformed or malicious payloads.
- [SAFE]: Rate limiting is implemented using express-rate-limit with a Redis backend, mitigating brute-force and Denial-of-Service (DoS) risks.
Audit Metadata