typescript-security-review

# TypeScript Security Review ## Overview Security review for TypeScript/Node.js applications. Evaluates code against OWASP Top 10, framework-specific patterns, and production-readiness criteria. Findings are classified by severity (Critical, High, Medium, Low) with remediation examples. Delegates to the `typescript-security-expert` agent for deep analysis. ## When to Use - Performing security audits on TypeScript/Node.js codebases - Reviewing authentication and authorization implementations (JWT, OAuth2, Passport.js) - Checking for common vulnerabilities (XSS, injection, CSRF, path traversal) - Validating input validation and sanitization logic - Reviewing dependency security (npm audit, known CVEs) - Checking secrets management and environment variable handling - Assessing API security (rate limiting, CORS, security headers) - Reviewing Express, NestJS, or Next.js security configurations - Before deploying to production or after significant code changes - Compliance checks (GDPR, HIPAA, SOC2 data handling requirements) ## Instructions 1. **Identify Scope**: Determine which files and modules are under review. Prioritize authentication, authorization, data handling, API endpoints, and configuration files. Use `grep` to find security-sensitive patterns (`eval`, `exec`, `innerHTML`, password handling, JWT operations). **Checkpoint**: Verify at least 3 security-sensitive files/modules identified before proceeding. 2. **Check Authentication & Authorization**: Review JWT...