Echo JS 0.11.0

Missing license.

Quick tutorial to startup postgraphile ... looks like it relies on Postgres' security model for access controls, which could be cumbersome.

Edited description and link to use github repo.

There is no such thing as a "JSON Object" there is JSON (a UTF-8 string of an encoded value) and there are Objects (in memory representation of properties and values).

Yes... if your security relies on obfuscation of JS, you have no real security.

node-fetch... I'll actually just set global.fetch = node-fetch in my starter...  this way all code is similar or the same between node server and js/browser client.

Some good information here, though it applies to any application, not just node.  In general a lot of this should be common sense in terms of security.  However, usually newer developers, sometimes expediency in getting things done will often lead to scenarios that are much less than secure.

One of the reasons I like using something like React on the client (most UI frameworks are similar) is that by default rendering will not be open to client-side injection.  For the server side, all API calls via JSON.parse, and all parameterized queries is your best defense.

Another major offense I've seen a lot, is private/secure data in the JWT payload, which is *NOT* encrypted, only base64 encoded and signed.

Yeah, most X vs Y posts are very low quality, usually delete this class of posts, the user in question has had all posts deleted.

I wish... cryptocurrency would be near the top of the list...