The vibe coder checklist that nobody is warning you about

-control your risk first e.g rate limiters for databases unless you want a crippling bill
-run /security-review command within the claude code terminal. Bare minimum audit check. Do this religiously, especially before a live push
-user input validation, never trust user input, even from your own forms (SQL/XSS attacks)
-search for potential attack vectors. Run simulations to test your security
-ensure policies are set up correctly to prevent user data cross contamination/leaks
-dependency vulnerabilities, supply chain attacks are a thing, use npm audit or the equivalent
-prioritise efficiency now so you don't get nasty surprises at scale, whether this is from bandwidth, unnecessary calls, redundant re-renders, or wasteful state updates
-nail down auth and ensure correct settings are used
-error handling, ensure they are dealt with gracefully
-environment variables, don't expose your API keys in client side code
-use docs as reference points and don't rely on claude to know everything
-run more security and audits until you're blue in the face and consider having a third party review
-https/ssl, super basic stuff but easily overlooked

I don't claim to be an expert in any of this. But these are some of the common risks you should consider looking out for. There's likely a ton of stuff I have missed. But this should take care of the obvious and help boost your security above 0

Get the bare minimum on lock first and you will be much better off. Then you can have fun building out cool utility

Please feel free to drop your security tips below. The more awareness around this topic the better