proper auth implementation

web authentication

security headers

TKT-security headers

up to date dependencies

npm audit: report of all package vulnerabilities
npm audit fix --force automatically update and include major version bumps (might include breaking changes)
TKT-update packages

practices

input sanitation

ddos protection, spam filtering

cloudflare, captcha