This is a solid Express.js security middleware stack that layers Helmet, rate limiting, input validation, and XSS protection into your REST APIs. You get practical code for the usual suspects: sanitizing MongoDB queries, validating passwords with regex rules, and setting security headers like CSP and HSTS. The rate limiting examples are smart, with stricter limits on auth endpoints than general API routes. There's also a Python/FastAPI version and Nginx config tucked in the references. It won't catch everything, but it handles the OWASP basics you should already have in production and gives you a reasonable checklist to work from.
npx skills add https://github.com/secondsky/claude-skills --skill api-security-hardening