tessl-labs/express-security-basics
Security defaults that belong in every Express application from day one.
93
6.18x
Quality
90%
Does it follow best practices?
Impact
99%
6.18xAverage score across 5 eval scenarios
Securityby
Passed
No known issues
rate-limiting-added.jsonverifiers/
{
"instruction": "Add rate limiting to all API endpoints",
"relevant_when": "Agent creates or modifies an Express application, adds routes to an Express app, or sets up an Express project",
"context": "Every Express API must have rate limiting. Use express-rate-limit with a general limit on all API routes and stricter limits on auth and mutation endpoints. Rate limiting prevents brute force attacks and abuse. This is a baseline requirement for any Express app.",
"sources": [
{
"type": "file",
"filename": "skills/express-security-basics/SKILL.md",
"tile": "tessl-labs/express-security-basics@0.2.0"
}
],
"checklist": [
{
"name": "rate-limiter-installed",
"rule": "Agent includes express-rate-limit in dependencies",
"relevant_when": "Agent creates or modifies an Express application"
},
{
"name": "rate-limit-applied",
"rule": "Agent applies rate limiting middleware to API routes (at minimum a general limiter on /api or all routes)",
"relevant_when": "Agent creates or modifies an Express application"
},
{
"name": "auth-rate-limit-stricter",
"rule": "Agent applies a stricter rate limit to authentication endpoints (login, register, password reset) with a lower max value than the general limiter",
"relevant_when": "Agent creates authentication routes in Express"
},
{
"name": "rate-limit-response-format",
"rule": "Agent configures a meaningful rate limit response message with standardHeaders: true",
"relevant_when": "Agent creates or modifies an Express application"
}
]
}evals
scenario-1
scenario-2
scenario-3
scenario-4
scenario-5
skills
express-security-basics
verifiers