Summary
This is a solid Express.js security middleware stack that layers Helmet, rate limiting, input validation, and XSS protection into your REST APIs. You get practical code for the usual suspects: sanitizing MongoDB queries, validating passwords with regex rules, and setting security headers like CSP and HSTS. The rate limiting examples are smart, with stricter limits on auth endpoints than general API routes. There's also a Python/FastAPI version and Nginx config tucked in the references. It won't catch everything, but it handles the OWASP basics you should already have in production and gives you a reasonable checklist to work from.
Install to Claude Code
npx -y skills add secondsky/claude-skills --skill api-security-hardening --agent claude-codeInstalls into .claude/skills of the current project.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Files
SKILL.md
Select a file.
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
