- https://nodesecurity.io/
- https://github.com/nodesecurity/nsp
- https://github.com/nodesecurity/nsp#exceptions
- git hook
- Don't log secure data (e.g. cookies, passwords, sensitive data)
- S3 bucket config
- Auth checks on your endpoints (/api, /internal/api)
- Careful what's in the open