Every published module, all in one place.
5 modules
Auth → Other
Core authentication rules every login system needs: password hashing, session revocation, verification, and the line between authentication and authorization.
by @markdowners
Project Setup → Env Secrets
Rules for keeping credentials out of git, out of client bundles, and rotatable — so a leak is an inconvenience, not a breach.
Payments → Other
Foundational rules for handling money safely: server-side pricing authority, idempotent charges, integer currency math, and staying out of PCI scope.
API & Backend → Rate Limiting
Which endpoints need explicit abuse budgets, how to choose limits per identity axis, and how to respond to breaches without leaking exploitable detail.
Auth → Sessions
Keeping an established session safe for its whole lifetime: cookie flags, revocation, CSRF defenses, and concurrent-session visibility.