Hard-coded secret detected.

Description

Code is not a secure place to store hard-coded secrets. Use environment variables instead.

Remediations

✅ Use environment variables and a secret management system instead

 app.use(
session({
secret: process.env.secret,
name: "my-custom-session-name",
})
)

Resources

Associated CWE

OWASP Top 10