i was exploring some at proto projects this weekend and found one pervasive issue. Many of these proejcts have not been updated in months. All of these projects are activly in use.
The biggest issues were
Auth token stealing
SQL injections that would make
posts on a users behalf without their knowledge.
hard coded secrets
Project maintainers, please at least do weekly dependency checks on your git repos and make sure your app is secure. if you aren't maintaining your app anymore indicate on github your project is abandoned so users are aware.
