Liran Tal is an AI security researcher and Node.js security expert focusing on securing agentic AI workflows, MCP, and software supply chains through research, education, and open-source work.
222 articles from this blog
Explores configuration management patterns and anti-patterns for Node.js applications, focusing on security, portability, and maintainability.
Explains how to use Vue.js 3 Composition API's refs and watch functions for proper reactive two-way data binding between parent and child components.
Learn to build an app that uses OpenAI, Node.js, Express, and Trigger.dev to automatically generate creative presentation titles via background jobs.
A tutorial on implementing scheduled background job processing in Node.js using the BullMQ library and Redis, with deployment instructions for Heroku.
Explores advanced tips and lesser-known features for using the env-schema package to manage environment variables and configuration in Node.js applications.
Introduces Changesets, a tool for automating semantic versioning and releases in monorepos, comparing it to semantic-release.
A guide on deploying a Vue 3 static site to Heroku using a Fastify Node.js backend server to serve the static files.
Explains why Fastify developers should avoid using reply.raw and reply.hijack for HTTP streams, despite their power, due to risks and complexity.
Discloses a Local File Inclusion vulnerability in the xmlhttprequest npm package, allowing arbitrary file reads due to insecure default permissions.
Discloses a CWE-400 uncontrolled resource consumption vulnerability in the xmlhttprequest npm package due to missing timeout controls.
A technical guide on customizing the visual styles of admonitions (notes, warnings, etc.) in AsciiDoc documents, particularly for PDF output.
A guide to writing and publishing books using the AsciiDoc markup language and a starter GitHub template.
A developer shares their journey in open source, focusing on web security, Node.js contributions, and receiving the GitHub Stars 2023 award.
A developer shares their journey creating an open source activism program to teach collaboration and inclusivity in software development.
A tutorial on integrating PageFind, a client-side search tool, into an Astro static blog website.
Advanced techniques for customizing element screenshots in Playwright, including DOM manipulation and image preprocessing.
A look at Warp, a modern terminal emulator with AI-assisted command suggestions and crowd-sourced workflow templates to boost command-line productivity.
Explains why using RegEx for URL validation in JavaScript can introduce security vulnerabilities like ReDoS attacks, and recommends safer alternatives.
A guide to resources for finding tech conferences and submitting effective Call for Papers (CFP) proposals for public speaking.
A recipe of GitHub Actions CI workflows to automate documentation linting, dependency alerts, and PR management for open source maintainers.
