Procedure
- •Run
npm audit. - •Scan for hardcoded secrets using
grep. - •Review authentication/authorization logic in changed files.
- •Check for injection risks (SQLi, XSS) in inputs.
- •Report findings to
docs/findings.mdor fix if critical.
分析代码或依赖项是否存在漏洞的标准化流程。
--- frontmattername: security-audit description: Procedure for analyzing code or dependencies for vulnerabilities
npm audit.grep.docs/findings.md or fix if critical.