Highest-signal areas to watch

1) Auth & session flows

2) Privilege & feature-controls (beyond user flags)

3) Endpoint discovery (beyond declarations)

4) Source maps & build artifacts

5) Client-side sinks & sanitization