bcrypt is used to hash passwords and other sensitive information before storing them in a database. Hashing is a security measure that converts sensitive data into a fixed-length string of characters, making it difficult for attackers to decipher the original data. This helps protect against breaches by ensuring that even if the database is compromised, the original passwords and sensitive information remain secure.

jsonwebtoken is used to create and verify JSON Web Tokens (JWTs), which are a means of representing claims between two parties securely.

JWTs are commonly used for authentication and information exchange in web development.

The package allows developers to create tokens containing information (claims) that can be verified by the receiving party to ensure their authenticity and integrity.

This helps enhance app security by enabling secure communication and verification of user identity.

Authorization in app security controls what users can do in the application. It decides which parts of the app a user can access based on their identity and role. This prevents unauthorized access to sensitive data and features, ensuring that users only have access to what they're supposed to.

Authentication in app security is like proving you are who you say you are. It's the process of verifying your identity, typically by entering a username and password, to access an app. This helps ensure that only the right people can get into the app and keeps out unauthorized users.

dotenv helps keep sensitive information, like passwords or API keys, safe by storing them in a separate file. It loads these details into the app securely, so they're not exposed in the code.