rules/typescript/security.md

# TypeScript/JavaScript Security

> This file extends [common/security.md](../common/security.md) with TypeScript/JavaScript specific content.

## Secret Management

```typescript
// NEVER: Hardcoded secrets
const apiKey = "sk-proj-xxxxx"

// ALWAYS: Environment variables
const apiKey = process.env.OPENAI_API_KEY

if (!apiKey) {
  throw new Error('OPENAI_API_KEY not configured')
}
```

## Agent Support

- Use **security-reviewer** skill for comprehensive security audits
refactor(rules): restructure into common + language-specific directories * refactor(rules): restructure rules into common + language-specific directories - Split 8 flat rule files into common/, typescript/, python/, golang/ - common/ contains language-agnostic principles (no code examples) - typescript/ extracts TS/JS specifics (Zod, Playwright, Prettier hooks, etc.) - python/ adds Python rules (PEP 8, pytest, black/ruff, bandit) - golang/ adds Go rules (gofmt, table-driven tests, gosec, functional options) - Replace deprecated ultrathink with extended thinking documentation - Add README.md with installation guide and new-language template Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * Fix installation commands for rules Updated installation instructions to copy all rules to a single directory. * docs: update README.md to reflect new rules directory structure Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Hor1zonZzz <Hor1zonZzz@users.noreply.github.com> Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> 2026-02-05 21:58:06 +08:00			`# TypeScript/JavaScript Security`

			`> This file extends [common/security.md](../common/security.md) with TypeScript/JavaScript specific content.`

			`## Secret Management`

			```typescript
			`// NEVER: Hardcoded secrets`
			`const apiKey = "sk-proj-xxxxx"`

			`// ALWAYS: Environment variables`
			`const apiKey = process.env.OPENAI_API_KEY`

			`if (!apiKey) {`
			`throw new Error('OPENAI_API_KEY not configured')`
			`}`
			```

			`## Agent Support`

			`- Use security-reviewer skill for comprehensive security audits`