Echo JS 0.11.0

Edited description and link to use github repo.

There is no such thing as a "JSON Object" there is JSON (a UTF-8 string of an encoded value) and there are Objects (in memory representation of properties and values).

Yes... if your security relies on obfuscation of JS, you have no real security.

node-fetch... I'll actually just set global.fetch = node-fetch in my starter...  this way all code is similar or the same between node server and js/browser client.

Some good information here, though it applies to any application, not just node.  In general a lot of this should be common sense in terms of security.  However, usually newer developers, sometimes expediency in getting things done will often lead to scenarios that are much less than secure.

One of the reasons I like using something like React on the client (most UI frameworks are similar) is that by default rendering will not be open to client-side injection.  For the server side, all API calls via JSON.parse, and all parameterized queries is your best defense.

Another major offense I've seen a lot, is private/secure data in the JWT payload, which is *NOT* encrypted, only base64 encoded and signed.

Yeah, most X vs Y posts are very low quality, usually delete this class of posts, the user in question has had all posts deleted.

I wish... cryptocurrency would be near the top of the list...

I suggest, related to creating more components, is components that make fewer choices... if you have more than one or two if statements or conditionals in rendering, you should probably have a child component.

I also prefer redux for state management, so most of my components are pretty much a render method with hooks on my most recent app.