I get it. We're all college students working on a volunteer basis, and we need to move fast when we can. But when it comes to full-stack security, there are definitely some pointers to take early on that'll help down the road.
After using locked-down google sheets for years, Bits of Good decided to hunker down and find a system for storing and retrieving secrets. If your chapter needs to store account credentials on a shared keychain or wants to store your .env configs somewhere other than old Slack messages, this should help a ton!
👆Uses the free Bitwarden password service
Bitwarden Open Source Password Manager
target="_blank"In short, a link with target=_blank" should usually include rel="noreferrer" as well! This article should explain why.
Links to cross-origin destinations are unsafe
As a precaution, we recommend using the eslint plugin eslint-plugin-react with default settings enabled. This should point out whenever you forget the rel-"noreferrer attribute. If you're not sure if your eslint has this, check your package.json (and if you're using Airbnb's default config, you should be good!)
Preview of lint error in VS Code