react-security
Safeguard articles tagged "react-security" — guides, analysis, and best practices for software supply chain and application security.
5 articles
React security best practices: stopping XSS, dangerouslySetInnerHTML, and dependency risk
React auto-escapes JSX text by default, but dangerouslySetInnerHTML, href injection, and a 500-package npm worm show where that protection stops.
React Security Best Practices: A Practical Checklist for 2026
React escapes JSX text for you, but XSS sinks, secrets in the client bundle, token storage, and a 500-package npm worm are still yours to handle.
GitHub Copilot code security: XSS vulnerabilities found in React
Copilot commonly suggests dangerouslySetInnerHTML and unsanitized DOM writes in React. Here's the data on AI-generated XSS risk and how to catch it.
10 React security best practices
Real CVEs, real npm supply chain hijacks, and the concrete React practices — from CSP to token storage — that actually stop them.
JavaScript frameworks security report
Safeguard's H1 2026 audit finds 61% of JS repos ship a high-severity framework CVE, with a 47-day median patch lag attackers routinely beat.