Weak obfuscation of web requests makes your application vulnerable to unauthorized access. Using stronger obfuscation significantly reduces the chances of attacks due to unauthorized access.
1var jwt = require('jsonwebtoken')
2function weakObfuscationOfRequestNoncompliant() {
3    // Noncompliant: secret is hardcoded.
4    var secret = "secret"
5    jwt.sign(payload, secret)
6}
1var jwt = require('jsonwebtoken')
2function weakObfuscationOfRequestCompliant() {
3    // Compliant: secret is properly loaded from environment variables.
4    var secret = process.env.JWT_TOKEN_SECRET
5    jwt.sign(payload, secret)
6}