Liran Tal is an AI security researcher and Node.js security expert focusing on securing agentic AI workflows, MCP, and software supply chains through research, education, and open-source work.
222 articles from this blog
Explains npm's evolving naming rules to combat typosquatting attacks, detailing case sensitivity and character restrictions for package names.
A guide to common pitfalls and best practices for testing asynchronous code using the Jest framework in JavaScript.
Explains security risks in the npm ecosystem, including malicious modules, typosquatting, and compromised contributors, with mitigation advice.
Key focus areas for hiring a VP of Engineering for a small, growing team, covering culture, automation, and team mentorship.
A developer's enthusiastic review of Jest's developer experience, highlighting its visual diffs, flexible conventions, and friendly CLI.
A developer shares key reasons to love the Jest testing framework, highlighting its zero-config setup, built-in features, and extensibility.
An introduction to the Node.js Security Working Group, its role in securing Node.js core and modules, and how to get involved.
Explains how flawed Regular Expressions can cause ReDoS attacks, crippling Node.js services with catastrophic backtracking and high CPU usage.
Introduces README Driven Development (RDD), a method for starting projects by writing a detailed README before code to define goals and features.
An engineering manager shares their personal Manager README, outlining their philosophies on team leadership, feedback, and software development processes.
A guide to implementing integration testing for Node.js microservices using the Pact.js framework for consumer-driven contract testing.
Analyzes the recent panic over npm security, arguing it's based on social engineering in PRs, not a flaw in npm itself.
A developer's guide to migrating a Node.js project's test suite from Mocha/Should.js to Jest using codemods, including challenges and solutions.
A developer shares a story about patience in open source, detailing a 7-month-old pull request to improve documentation for the freeboard dashboard project.
A developer shares their experience contributing to an open-source dashboard project, highlighting the patience required in open-source development.
Explains how to use Consumer-Driven Contracts for scalable integration testing in microservices, avoiding full environment deployment in CI.
A technical guide on configuring TLS/SSL encryption for a Node.js application using RethinkDB within Docker containers.
A developer's guide to setting up integration tests with Ava.js and Express, exploring alternatives to Supertest and using Gulp for server management.
Reveals three lesser-known technical facts about the Yarn package manager, including its dependency on npm and built-in spellcheck.
A guide on using Yarn to manage and test locally developed Node.js packages, including filesystem and Git repository integration.
