Best Practices

What it does

This skill provides actionable best practices and guidance related to modern web development, drawing from the Tech Leads Club's expertise. It focuses specifically on security considerations, ensuring browser compatibility, and maintaining high code quality based on Lighthouse audit recommendations. The skill covers topics like enforcing HTTPS, implementing Content Security Policy (CSP), utilizing security headers, and avoiding vulnerable libraries.

When to use it

• When you need guidance on securing a web application.
• To ensure your website adheres to modern web development standards.
• For help understanding and implementing best practices for browser compatibility.
• When performing code reviews or audits of existing web projects.

Key capabilities

• HTTPS Enforcement: Provides examples and explanations for enforcing HTTPS connections, including protocol-relative URLs.
• Content Security Policy (CSP): Offers guidance on implementing CSP through meta tags and HTTP headers, including the use of nonces for inline scripts.
• Security Headers: Provides example configurations for security headers like X-Frame-Options, X-Content-Type-Options, X-XSS-Protection, Referrer-Policy, and Permissions-Policy.
• Vulnerability Scanning: Reminds users to check for vulnerabilities in their project dependencies using tools like npm audit or yarn audit.

Example prompts

• "What is a Content Security Policy (CSP) header?"
• "Show me an example of how to enforce HTTPS."
• "How can I prevent clickjacking on my website?"
• "Explain the purpose of X-Content-Type-Options: nosniff"

Tips & gotchas

• The skill focuses specifically on web development best practices, not general software engineering.
• CSP configurations require careful planning and testing to avoid breaking functionality.
• Regularly audit your project dependencies for known vulnerabilities using tools like npm audit or yarn audit.