Hardcoded jwt secret deteted

Description

Code is not a secure place to store secrets, use environment variables instead.

Remediations

Use environment variables

  var jwt = require("jsonwebtoken");

var token = jwt.sign({ foo: "bar" }, process.env.JWT_SECRET);

Resources

Associated CWE

OWASP Top 10