What are our options for password protecting or otherwise access controlling SPJS?

What are our options for password protecting or otherwise access controlling SPJS? I’d really just not want my serial port exposed in order to access it remotely.

SSH Tunnel? I mean - I totally could. But is there a more supported method?

Yeah I would say an ssh tunnel is best. Feel free to fork spjs as well and add password auth. Https was added recently and there is a raspi auth implementation in the exec command that you could repurpose

SSL with client certificates?