- Add i18next + react-i18next + i18next-browser-languagedetector.
- EN/HI translation files covering all UI strings across every page and component.
- Language switcher button in Navbar; choice persisted to localStorage.
- document.documentElement.lang synced to active language in App.
- Skip-nav link and #main-content anchor for keyboard accessibility.
- aria-describedby on modal dialog; page title and meta description in index.html.
- Secure page title set to 'BIS SP-21 Standards.'
- Add helmet for secure HTTP response headers.
- Add express-rate-limit: 60 req/min general, 20 req/min on LLM endpoints.
- Restrict CORS to localhost origins in dev, CORS_ORIGIN env var in prod.
- Cap request body at 16kb.
- Add sanitizeText() to strip control chars on all string inputs.
- Add isValidStandardId() regex guard on :id param and standard_id fields.
- All route handlers use sanitized values; no raw req.body/req.query access.
Kshitij
atharvaombase