Add Vitest security test suite and update security evaluation doc

Set up Vitest with server (node) and client (jsdom) test projects. 79 tests across 8 files verify all Phase 0-1 security controls: escapeHtml sanitization, DOMPurify markdown XSS prevention, CSRF enforcement, security headers, rate limiting, auth guards, profile field allowlist, and login anti-enumeration. Updated SECURITY_EVALUATION.md with remediation status, implementation summary, and automated test coverage details.
2026-03-01 12:30:06 +00:00 · 2026-03-01 12:30:06 +00:00 · 29c96a207e
commit 29c96a207e
parent d5c95ace0a
14 changed files with 2454 additions and 3 deletions
--- a/package.json
+++ b/package.json
@ -7,7 +7,9 @@
    "dev": "nuxt dev",
    "generate": "nuxt generate",
    "preview": "nuxt preview",
-    "postinstall": "nuxt prepare"
+    "postinstall": "nuxt prepare",
+    "test": "vitest",
+    "test:run": "vitest run"
  },
  "dependencies": {
    "@cloudinary/vue": "^1.13.3",
@ -21,11 +23,13 @@
    "chrono-node": "^2.8.4",
    "cloudinary": "^2.7.0",
    "eslint": "^9.34.0",
+    "isomorphic-dompurify": "^3.0.0",
    "jsonwebtoken": "^9.0.2",
    "marked": "^17.0.3",
    "mongoose": "^8.18.0",
    "nitro-cors": "^0.7.1",
    "nuxt": "^4.0.3",
+    "rate-limiter-flexible": "^9.1.1",
    "resend": "^6.0.1",
    "typescript": "^5.9.2",
    "vue": "^3.5.20",
@ -33,6 +37,9 @@
    "zod": "^4.1.3"
  },
  "devDependencies": {
-    "@tailwindcss/typography": "^0.5.19"
+    "@nuxt/test-utils": "^4.0.0",
+    "@tailwindcss/typography": "^0.5.19",
+    "jsdom": "^28.1.0",
+    "vitest": "^4.0.18"
  }
 }