| Security Measure | Description | |
|---|---|---|
| ☐ | Use HTTPS everywhere | Prevents basic eavesdropping and man-in-the-middle attacks |
| ☐ | Input validation and sanitization | Prevents XSS attacks by validating all user inputs |
| ☐ | Don't store sensitive data in the browser | No secrets in localStorage or client-side code |
| ☐ | CSRF protection | Implement anti-CSRF tokens for forms and state-changing requests |
| ☐ | Never expose API keys in frontend | API credentials should always remain server-side |
Mahesh devnamipress
devnamipress
/ security-checklist.md
Created
April 12, 2025 18:00
— forked from mattppal/security-checklist.md
A simple security checklist for your vibe coded apps
I need you to act as a security expert and do a full audit of the codebase. Your goal is to flag high-impact vulnerabilities and help fix them with minimal changes. Follow this 3-phase approach:
Go through the entire repo. Focus especially on:
- Auth flows
- API endpoints
- DB queries
This document outlines the standardized rules and guidelines for developing mobile applications using Expo and React Native. These rules are designed to ensure consistency, maintainability, performance, accessibility, and error-free development across all projects. They apply to all Expo-based React Native apps and are crafted to minimize troubleshooting efforts and enforce best practices.
- Mandatory Compliance: Cursor must read and strictly follow all rules in this document for every Expo and React Native project.
- Self-Check: Before generating code or modifying a project, Cursor must verify that its actions align with these guidelines.
- Error Prevention: If Cursor detects a potential violation of these rules (e.g., creating a new project inside an existing one), it must halt and prompt the user for clarification instead of proceeding.
- Documentation Reference: Cursor must reference this document (
cursor-rules.md) w