SecurityยทJuly 3, 2026ยท1 min read
๐ A safer way to say hello
Tiny detail, big difference. Here's what just changed: audit fixes.
Real auth brute-force cap, rate limit, no re-welcome, lint clean.
What's new
- verifyMagicCode: the attempts>=5 guard was dead code (attempts never
- requestMagicCode: rate limit to 5 code requests per email / 15 min
- joinWaitlist: only send the welcome email to new members (no re-welcome on
- Fix all ESLint errors (BlogCover RNG moved out of render, unused MARK removed,
- Add branded not-found (404) page
Why it matters
Account security is foundational. Every improvement here keeps your belongings โ and the people trying to return them โ protected by default.