In this page you'll find the security guidelines you must follow to make sure your app is compliant with our standards, which is critical for it to pass our review process.
- Do not log secure data such as keys, tokens, credentials or other sensitive information.
- API keys must not be hardcoded in the source code. Instead of this, provide them as environment variables.
- Any confidential information that you store has to be encrypted.
- Avoid installing and using malicious npm packages or packages with high security risks.
- There must not be medium, high, or critical vulnerabilities in your App. You can check this with OWASP Dependency check.
Updated about 1 year ago