How to almost test Content-Security-Policy violations in your site using Cypress
How to pass passwords and tokens during Cypress tests to avoid accidentally revealing them in screenshots, videos and logs
Notes on small, simple off the shelf login solution for SPA and server.
How to use hashes for CDN resources.
Node.js is really really really susceptible to code injection attacks.
Using and observing ExpressJS sessions from the client code.
Compromise functions private to closures via partially applied references.