26. Node.js application security
Apply secure coding practices for injection, cross-site scripting, CSRF, broken access control, secret leakage, dependency risk, and unsafe file handling. Use Helmet, CORS settings, rate limits, and threat modeling on real Node.js routes.