Ensure that CSRF protection is enforced. Disabling CSRF protection allows malicious sites to execute unauthorized actions on behalf of authenticated users.
security-hardeningstack-nodejs
High
Provide error handlers to subscription/listener APIs
When subscribing to streams/listeners, always provide an error handler and a deterministic unsubscribe/cleanup path.
error-handlingui-robustness+1
High
Validate environment/config at startup
At process start, validate required configuration keys and fail fast with a clear message if any are missing or malformed.
config-environmentstack-nodejs
Low
Avoid default exports
Detect the use of default exports. Named exports provide better clarity, maintainability, and prevent issues when refactoring.
maintainabilitymodule-architecture+2
Low
Avoid weak or missing CORS policies
Ensure that CORS policies are properly defined. Weak or missing CORS policies may allow unauthorized domains to access your resources, leading to security vulnerabilities.
security-hardeningstack-nodejs
Low
File titles must be lowercase with underscores or dashes
Check if file titles follow the lowercase naming convention with underscores or dashes. This improves cross-platform compatibility and consistency.
style-conventionsstack-nodejs
Low
Use graphql-upload with caution
Check for the use of graphql-upload. This library enables file uploads using multipart requests, which can be exploited for CSRF attacks if not properly secured.