How to almost test Content-Security-Policy violations in your site using Cypress
How to pass passwords and tokens during Cypress tests to avoid accidentally revealing them in screenshots, videos and logs
Notes on small, simple off the shelf login solution for SPA and server.
How to use hashes for CDN resources.
Node.js is really really really susceptible to code injection attacks.
Generating JavaScript configurtion snippets from templates to be used with the Content-Security-Policy and disabled inline scripts.
Use JS to JS template engine in Express to ban all inlined JavaScript.
Using and observing ExpressJS sessions from the client code.
Compromise functions private to closures via partially applied references.