This is a reminder to review these topics in light of the changes originally proposed in #1004 from @wesleytodd, which I closed due to extensive merge conflicts (it was 5+ years old).

If the fundamental changes in that PR are worth preserving, then let's open a new PR. If not, then we can close this, but I didn't want to just toss out the work since it covers some important topics.

Oh wow I forgot about this one! I wonder if we should also split this into two and hand the security docs over to the @expressjs/security-triage team?

I wonder if we should also split this into two and hand the security docs over to the @expressjs/security-triage team?

Sounds like we can work on it and propose a PR. I will add it to the initiatives expressjs/security-wg#1