Security guidelines

In this page you'll find the security guidelines you must follow to make sure your app is compliant with our standards, which is critical for it to pass our review process.


  • Do not log secure data such as keys, tokens, credentials or other sensitive information.

Data storage

  • API keys must not be hardcoded in the source code. Instead of this, provide them as environment variables.
  • Any confidential information that you store has to be encrypted.


  • Avoid installing and using malicious npm packages or packages with high security risks.
  • There must not be medium, high, or critical vulnerabilities in your App. You can check this with OWASP Dependency check.