Liran Tal is an AI security researcher and Node.js security expert focusing on securing agentic AI workflows, MCP, and software supply chains through research, education, and open-source work.
213 articles from this blog
An engineering manager shares their personal Manager README, outlining their philosophies on team leadership, feedback, and software development processes.
A guide to implementing integration testing for Node.js microservices using the Pact.js framework for consumer-driven contract testing.
Analyzes the recent panic over npm security, arguing it's based on social engineering in PRs, not a flaw in npm itself.
A developer's guide to migrating a Node.js project's test suite from Mocha/Should.js to Jest using codemods, including challenges and solutions.
A developer shares a story about patience in open source, detailing a 7-month-old pull request to improve documentation for the freeboard dashboard project.
A developer shares their experience contributing to an open-source dashboard project, highlighting the patience required in open-source development.
Explains how to use Consumer-Driven Contracts for scalable integration testing in microservices, avoiding full environment deployment in CI.
A technical guide on configuring TLS/SSL encryption for a Node.js application using RethinkDB within Docker containers.
A developer's guide to setting up integration tests with Ava.js and Express, exploring alternatives to Supertest and using Gulp for server management.
Reveals three lesser-known technical facts about the Yarn package manager, including its dependency on npm and built-in spellcheck.
A guide on using Yarn to manage and test locally developed Node.js packages, including filesystem and Git repository integration.
Explores undocumented Gulp event handling to properly terminate Node.js processes after running Ava.js integration tests against Express servers.
Explores the evolution of JavaScript test runners, comparing Mocha, Tape, and Ava, and highlighting modern features like speed and parallel execution.
A developer shares their experience contributing to an open source OCR startup's Node.js SDK, fixing minor issues and submitting a pull request.
A technical guide exploring advanced Babel.js configuration, Stage-X presets for ES6 features, and source map debugging.
Explores the $500 security guarantee for finding vulnerabilities in qmail, highlighting principles for secure open-source software development.
A developer describes automating Docker image builds and pushes to Docker Hub for an open-source Node.js Docker management tool using CodeFresh.
A concise introduction to Babel.js, explaining its purpose as a JavaScript compiler for modern syntax and its core concepts like plugins and presets.
Discusses the decline of restrictive software licenses like GPL and the dominance of permissive licenses (MIT, Apache, BSD) in modern open source.
A guide to using ES6 features in Node.js projects, covering version support and setting up Babel with Gulp for transpilation.
