CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl-labs/express-security-basics

Security defaults that belong in every Express application from day one.

93

6.18x
Quality

90%

Does it follow best practices?

Impact

99%

6.18x

Average score across 5 eval scenarios

SecuritybySnyk

Passed

No known issues

Overview
Quality
Evals
Security
Files

Evaluation results

100%

91%

Build a Blog Platform REST API

Criteria
Without context
With context

Helmet middleware added

0%

100%

CORS configured with explicit origins

0%

100%

Rate limiting on API routes

0%

100%

Stricter limit on write endpoints

0%

100%

Trust proxy configured

0%

100%

Secure error handler

0%

100%

JSON body size limit

0%

100%

Query param validation

37%

100%

CRUD endpoints functional

100%

100%

Security middleware before routes

20%

100%

100%

73%

Build an E-Commerce Order API

Criteria
Without context
With context

Helmet middleware added

0%

100%

CORS configured with explicit origins

0%

100%

Rate limiting on API routes

0%

100%

Stricter limit on order creation

0%

100%

Trust proxy configured

100%

100%

Secure error handler

0%

100%

JSON body size limit

0%

100%

Order validation logic

100%

100%

CRUD endpoints functional

100%

100%

Security middleware before routes

40%

100%

100%

86%

Refactor Express App for Production Deployment

Criteria
Without context
With context

Helmet middleware added

0%

100%

CORS configured with explicit origins

0%

100%

Rate limiting added

0%

100%

Trust proxy configured

50%

100%

Secure error handler

0%

100%

JSON body size limit

0%

100%

Routes properly separated

100%

100%

Security middleware before routes

0%

100%

Error handler after routes

0%

100%

Param validation added

0%

100%

98%

86%

Build a Todo API with Express

Criteria
Without context
With context

Helmet middleware added

0%

100%

CORS configured with explicit origins

0%

100%

Rate limiting on API routes

0%

100%

Trust proxy configured

0%

100%

Secure error handler

0%

100%

JSON body size limit

0%

100%

CRUD endpoints functional

100%

100%

Security middleware before routes

25%

100%

Input validation on params

0%

60%

100%

81%

Build a User Registration and Login API

Criteria
Without context
With context

Helmet middleware added

0%

100%

CORS configured with explicit origins

0%

100%

Rate limiting on auth endpoints

0%

100%

General API rate limiting

0%

100%

Secure error handler

0%

100%

JSON body size limit

0%

100%

Auth endpoints functional

100%

100%

Password not in responses

100%

100%

Trust proxy configured

0%

100%

Security middleware before routes

20%

100%

Evaluated
Agent
Claude Code
Model
Claude Sonnet 4.6

Table of Contents

Build a Blog Platform REST APIBuild an E-Commerce Order APIRefactor Express App for Production DeploymentBuild a Todo API with ExpressBuild a User Registration and Login API