Liran Tal is an AI security researcher and Node.js security expert focusing on securing agentic AI workflows, MCP, and software supply chains through research, education, and open-source work.
213 articles from this blog
A guide to refactoring Vue.js 3 applications by replacing manual fetch logic with TanStack Query for efficient data fetching, caching, and state management.
Analyzes the trend towards zero-dependency JavaScript, its impact on security, performance, and developer experience, using the axobject-query controversy as a case study.
A guide on running Large Language Models (LLMs) locally for inference, covering tools like Ollama and Open WebUI for privacy and cost control.
The article argues for a shift from subscription-based online LLMs to offline-first Small Language Models (SLMs) due to privacy, security, and cost concerns.
A guide to installing and configuring Playwright for browser automation on Heroku using Node.js, including dependency management and code structure.
Analyzes common security flaws in Express.js authentication, focusing on hardcoded secrets and poor cookie configuration, with solutions.
A guide to using AdGuard Home and Home Assistant to block YouTube and other media sites on specific devices for parental controls.
A case study on implementing HTTP webhooks with Fastify on Firebase Functions, using Lemon Squeezy as a payment processor example.
A technical guide on implementing OpenGraph meta tags in Astro to create compelling social media previews for shared links.
A guide to robust configuration management in Node.js, covering async loading, schema validation, and avoiding common anti-patterns.
A guide on using Tailscale VPN to securely access a self-hosted Home Assistant instance remotely, avoiding insecure internet exposure.
Explores configuration management patterns and anti-patterns for Node.js applications, focusing on security, portability, and maintainability.
Explains how to use Vue.js 3 Composition API's refs and watch functions for proper reactive two-way data binding between parent and child components.
Learn to build an app that uses OpenAI, Node.js, Express, and Trigger.dev to automatically generate creative presentation titles via background jobs.
A tutorial on implementing scheduled background job processing in Node.js using the BullMQ library and Redis, with deployment instructions for Heroku.
Explores advanced tips and lesser-known features for using the env-schema package to manage environment variables and configuration in Node.js applications.
Introduces Changesets, a tool for automating semantic versioning and releases in monorepos, comparing it to semantic-release.
A guide on deploying a Vue 3 static site to Heroku using a Fastify Node.js backend server to serve the static files.
Explains why Fastify developers should avoid using reply.raw and reply.hijack for HTTP streams, despite their power, due to risks and complexity.
Discloses a Local File Inclusion vulnerability in the xmlhttprequest npm package, allowing arbitrary file reads due to insecure default permissions.
