notes

/ dotenvx                               - .env
/ bcrypt                                - password hashing
/ jsonwebtoken                          - authentication
/ cookie-session                        - session management
/ express-rate-limit                    - brute force protection
/ express-validator                     - SQL injection or Cross-Site Scripting (XSS) protection
/ cookie-parser + custom middleware     - CSRF protection
/ helmet                                - Content Security Policy (CSP) | Helps prevent XSS attacks by specifying which dynamic resources are allowed to load. Prevents various attacks by setting HTTP headers that enforce security policies.
/ html-entities or use template engine  - Escape output data
/ winston                               - Logger

Additional:

Regular Security Audits
- Helps identify and fix security vulnerabilities regularly.
Automated Tools: Use tools like Snyk, npm audit, and OWASP ZAP to scan for vulnerabilities.