Security vulnerabilities

Description

Contributor guide

Tech stack

javascript

Domain

securitydocumentation

Issue type

documentation

DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.

3

Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.

1-3 hours

Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.

stale

ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.

clear

Prerequisites

None

Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.

60

Research direction

The issue requests adding documentation about security concerns for different JWT storage methods (cookie vs localStorage) such as XSS and CSRF. The repository is a tutorial on JWT, likely with markdown files. A good starting point would be to assess the current documentation and identify where to insert a new section. Look at the existing structure in the repository's README or docs folder. Then research common security pitfalls for JWT client side storage and write a concise guide. Cite relevant resources. No existing pull requests or comments offer guidance, so the maintainer may need to respond to confirm scope.