2024-04-20 00:00
I use Home Assistant to manage my smart home devices and AdGuard Home to block ads, lower bandwidth consumption, and generally manage DNS filters and denylists on my network. I recently want… Read More
Blog Directory > Technology Blogs > Liran Tal's technology Blog >
Liran Tal's Blog
lirantal.com
Tags:
configuration
assistant
const
background job
queue
addon
component
tailscale vpn
innodb
script setupgt import
Known for his open source and JavaScript security initiatives, Liran Tal is an award-winning software developer, security researcher, and open source champion in the JavaScript community. He's an internationally recognized GitHub Star, acknowledged for his open source advocacy, and has received the OpenJS Foundation's Pathfinder for Security for his work on Node.js security. His contributions to developer security education include leading OWASP projects, building supply chain security tools, participation in CNCF and OpenSSF initiatives, and authoring books such as O'Reilly's Serverless Security. He leads the developer advocacy team at Snyk.io and is on a mission to empower developers with better application security skills.
2024-02-16 00:00
I’m building a side-project on Firebase and as it usually is
with overly abstracted platforms, the rudimentary things often get in the way.
This step-by-step code through is how I mana… Read More
2024-01-03 00:00
So, you’ve got this fantastic website, and you’re ready to share it with the world. But wait, have you considered how it looks when someone shares it on Facebook, Twitter, Linked… Read More
2023-10-31 00:00
Bootstrapping a Node.js application often requires loading configuration, whether from environment variables, or static configuration files. In a previous article, I shared my opinions on en… Read More
2023-10-15 00:00
Often smart home automation enthusiasts want to access their Home Assistant instance remotely. This can be done by exposing the Home Assistant instance to the internet. However, this is not… Read More
2023-10-01 00:00
Crafting robust and maintainable applications is no small feat. One of the fundamental pillars of building reliable Node.js applications is effective configuration management.
Configuration… Read More
2023-09-16 22:10
In the spirit of the computer video game Doom and its skill levels, we’ll review a few ways you can improve your Drupal speed performance and optimize for better results and server res… Read More
2023-09-13 00:00
Here’s the use-case: A parent Vue.js component needs to pass data to a child component. It does so using Props. The child component needs to receive this external data as its initial s… Read More
2023-09-04 00:00
In this article, you’ll learn how to use OpenAI background jobs with Node.js, Express, and Trigger.dev to generate creative presentation titles automatically. We’re going to buil… Read More
2023-08-17 00:00
Background job processing is a technique for running tasks that can take a long time to complete in a separate process from the main application server. This allows the main application serv… Read More
2023-08-07 00:00
As Node.js developers, we often find ourselves dealing with various configuration options to tailor our applications for different environments. Configuration management is a critical aspect… Read More
2023-07-17 00:00
As open source project maintainers, we often encounter challenges when managing project versions and releases. Keeping track of changes, ensuring proper versioning, and automating the releas… Read More
2023-07-08 00:00
In today’s fast-paced world of web development, deploying static sites has become a common practice.
And I know, you’re thinking “why would anyone deploy static sites (also… Read More
2023-06-30 00:00
As web developers, we often encounter situations where we need fine-grained control over the HTTP request and response process. It might be about handling large file uploads, implementing re… Read More
2023-04-27 00:00
What is the xmlhttprequest npm package?
The open-source npm package xmlhttprequest is a library for Node.js server-side projects to use a browser-like HTTP client. Mostly intended for a conv… Read More
2023-04-16 00:00
What is the xmlhttprequest npm package?
The xmlhttprequest npm package is an open-source library for Node.js server-side projects to use a familiar browser-like HTTP client. It is technicall… Read More
2023-04-10 00:00
What are AsciiDoc admonitions?
AsciiDoc admonitions are a way to highlight important information in your document. If you’ve ever read a book and seen a note or warning in the margin… Read More
2023-04-05 00:00
This article is based on the AsciiDoc Book Starter template repository on GitHub for authoring books using AsciiDoc.
huge shout out to Dan Allen who’s the co-lead of Asciidoctor proje… Read More
2023-03-16 00:00
Being part of the open source software community has been a fulfilling experience and one that I have been committed to for more than two decades now. I have been fortunate to have the oppor… Read More
2023-02-25 00:00
On April 5th 2022, I wrapped up the very first open source activism program in which I set out to promote hands-on practical education for open source software among inexperienced and underr… Read More
2023-01-24 00:00
PageFind is a client-side search tool that can be used to add search to your static website. It’s a great tool for adding search to your Astro blog, as it’s a client-side tool th… Read More
2023-01-15 00:00
Using Playwright to take screenshots is a handy tool, whether you are
practicing visual regression testing or crawling a 3rd-party webpage
to take a screenshot.
However, what if you needed t… Read More
2022-11-22 00:00
Maybe you missed out on Taylor Swift’s tour tickets but
don’t get too sad, I want to show you some cool features
I use with warp as my
command-line terminal tool.
It’s abou… Read More
2022-11-22 00:00
Background productivity tools
Haikei
Haikei is a free tool that helps you create beautiful wallpapers for your desktop or mobile devices. You can choose from a variety of backgrounds and add… Read More
2022-10-28 00:00
What do you think of the following JavaScript URL validation function code?
Are you accidentally adding security issues while trying to build a feature?
The Snyk blog features a Secure JavaS… Read More
2022-10-21 00:00
How do you find events to attend or speak at?
I often get asked that
and in this article I’ll share the resources I use for CFP (Call for
Papers / Proposals) application and public spe… Read More
2021-11-30 00:00
My Workflow
My GitHub Actions hackathon application entry is about all the small things that would contribute to a better maintainer life.
Maintainers usually get a good grip on the importan… Read More
2019-10-30 00:01
In this section, we review the security risk of the indirect independencies for both Angular and React, and then we also review the direct dependencies, first for Angular and then for React… Read More
2019-10-30 00:01
As a follow-up to Snyk’s State of JavaScript frameworks security report 2019, this section of the report is about Angular and React projects overall security posture.
The full report i… Read More
2019-10-30 00:01
In this blog post we’ll review security vulnerabilities found in other frontend ecosystem projects.
After reviewing Angular and React as major JavaScript frameworks, we’ll take a… Read More
2019-10-09 14:05
In the State of Open Source Security Report 2019, we set out to measure the pulse of the open source security landscape throughout the different language ecosystems and have analyzed respons… Read More
2019-10-04 00:00
[object Object],
,[object Object],
,[object Object],
,[object Object],
,[object Object],
,[object Object],
,[object Object],
,[object Object],
,[object Object],
,[object Object],
,[object Ob… Read More
2019-08-19 00:00
Tip 3: Minimize attack surfaces by ignoring run-scripts (out of 10 npm security best practices)
The npm CLI works with package run-scripts. If you’ve ever run npm start or npm test the… Read More
2019-06-14 00:00
An underrated feature of Jest is customizing the assertion errors that the console displays when tests fail. Imagine the following test code, which needs to programmatically loop an object t… Read More
2019-06-04 00:00
June 4th is a historic date where the millionth package was indexed into the npm registry. npm is a package manager for JavaScript packages.
We wanted to share some insights that we thought… Read More
Are You Building Docker Images? Here's How To Avoid Leaking Sensitive Information Into Docker Images
2019-05-09 00:00
Sometimes, when building an application inside a Docker image, you need secrets such as an SSH private key to pull code from a private repository, or you need tokens to install private packa… Read More
2019-05-01 00:00
Docker provides two commands for copying files from the host to the Docker image when building it: COPY and ADD. The instructions are similar in nature, but differ in their functionality:
CO… Read More
2019-04-22 00:00
Use a least privileged user
When a Dockerfile doesn’t specify a USER, it defaults to executing the container using the root user. In practice, there are very few reasons why the contai… Read More
2019-04-09 00:00
I recently shared the outline of events and technical details behind the backdoor that was wisely hidden in the 3.2.0.3 version of bootstrap-sass, a popular ruby gem that was downloaded 28 m… Read More
2019-03-28 20:30
It is likely you experienced the painful situation of deploying to production only to find out that an API service you integrate with has broken the contract. How can we effectively ensure t… Read More
2019-03-18 00:00
Tip 4: Assess npm project health (out of 10 npm security best practices)
Outdated dependencies
Rushing to constantly upgrade dependencies to their latest releases is not necessarily a good p… Read More
2019-03-11 00:00
We embraced the birth of package lockfiles with open arms, which introduced: deterministic installations across different environments, and enforced dependency expectations across team colla… Read More
2019-03-05 00:00
It is important to take npm security into account for both frontend, and backend developers. Leaking secrets is an easy mistake that can happen for you at work or when you work on your open… Read More
2019-02-07 10:18
The JSHeroes conference will take place this year in April and bring in people from all over the world to connect with new and old friends, and learn about new topics.
The State of JSHeroes… Read More
2019-01-26 00:00
Knock knock. It’s 2019.
The past year has been perhaps the biggest yet for open source with several tech giants doubling down on open source investments.
Can you imagine yourself writi… Read More
2019-01-11 16:01
In an effort to better promote and increase engagement in the Node.js Security WG we would like to share highlights more often, ideally each quarter, in the following areas:
Agenda &m&helli…Read More
2018-12-06 17:39
Last week the imaginable happened. A malicious package, flatmap-stream, was published to npm and was later added as a dependency to the widely used event-stream package by user right9ctrl. S… Read More
2018-09-18 01:01
I guess naming is a hard task in general, and for the npm registry, the naming rules have evolved from what they were to begin with, much of which was about mitigating typosquatting attacks… Read More
2018-08-09 11:47
There are several traps that are easy to fall to when it comes to async testing. Moreover, there are several methods of achieving the same thing depending on your flavor.
An important insigh… Read More
2018-07-17 09:56
What if someone was able to directly publish a new vulnerable React version?
What if someone gained direct publish access to popular npm modules?
More precisely these are the numbers:
Read… Read More
2018-07-01 00:00
Let’s assume you are tasked with hiring a VP Engineering for a relatively small team, say 10 engineers, which is on a growth trend as the company gets bigger.
What topics and areas wou… Read More
2018-06-28 05:50
Oh yes. The Developer Experience with Jest is transforming the act of writing tests from a chore to hell of a fun time, promise! 🤓
This post is a follow-up from my previous post abou… Read More
2018-06-20 11:56
We had Tape, Mocha, Ava, and now Jest. Let’s see what this is all about!
I enjoy writing tests, but Jest takes it to a whole new level.
It’s like I get up in the morning and ask… Read More
2018-05-31 15:00
In this post I would like to acquaint you with the work being done by the Node.js Security Working Group (WG) and how we’re improving the state of security for the Node.js ecosystem.
S… Read More
2018-05-14 13:26
The use of Regular Expressions (RegEx) is quite common among software engineers and DevOps or IT roles where they specify a string pattern to match a specific string in a text.
Often, progra… Read More
2018-04-28 18:40
Side projects are an amazing thing.
We learn, experiment, and collaborate with the world through them.
Most of us probably approach side projects by building them, function by function, feat… Read More
2018-04-04 10:21
A crucial part of being an engineering manager is on-boarding to a new team, or on-boarding others to yours. The important bits there is setting correct two-way expectations and atmosphere f… Read More
2018-03-05 18:41
In a previous article we reviewed how Consumer-Driven Contracts (CDC) help with integration testing in an environment that is rich with microservices.
Scalable Integration Testing for Micro… Read More
2018-02-16 14:14
Dedicated to everyone whom are helpless romantics as I am, and hopelessly in-love with their Node.js apps.
In a Relationship You Respect a Spouse’s Privileges!
Roses are red… Read More
2018-01-07 23:41
So you too panicked over security in the npm repository due to a recent blog post?
This one in particular:
I’m harvesting credit card numbers and passwords from your site. Here’s… Read More
2017-11-26 11:06
I like mocha just like the next guy, but sometimes it’s time to move on. We’re talking about iced coffee, right?
The Why
So I actually had a chance to take the Jest testing fram… Read More
2017-10-09 05:58
This is a story of patience in Open Source, where every bug, every Pull-Request gets attention.
I discovered freeboard, an opensource dashboard for Visual UI Widgets.
I needed to use it for… Read More
2017-10-09 00:00
This is a story of patience in Open Source, where every bug, every Pull-Request gets attention.
I discovered freeboard, an opensource dashboard for Visual UI Widgets. I needed to use it for… Read More
2017-09-19 21:00
Many jumped the gun on microservices, and they are ubiquitous today more than ever for implementing service oriented architectures. Moreover, tools and ecosystems like Docker and Kubernetes… Read More
2017-08-10 15:38
Intro
We use RethinkDB at work across different projects. It isn’t used for any sort of big-data applications, but rather as a NoSQL database, which spices things up with real-time up… Read More
2017-03-16 19:12
Gulp, the streaming build system for JavaScript source code probably doesn’t require an introduction, and most probably you’ve configured it, used it to run a project, or at leas… Read More
2017-02-28 14:56
Everyone talk about Yarn’s speed and reliability but no one mentions any of the below nice-to-know facts about Yarn.
1. Yarn Depends on npm
Well guess what? Yarn’s source c… Read More
2017-02-08 16:40
This is not another praise for npm package management with Yarn but rather a concise recipe for working with locally developed packages.
npm modules begin their lives when you init them on y… Read More
2017-01-23 15:49
This is a bit of a follow-up to my previous post on Wiring up Ava.js Integration Tests with Express, Gulp, but not Supertest.
To make a long story short, I ended up using Gulp to bring up a… Read More
2017-01-10 21:55
Like with everything else in the JavaScript ecosystem, test automation tools are also going through a high pursuit speed race and nobody is taking prisoners.
Mocha and Tape
Mocha has b… Read More
2017-01-06 07:09
Oh those magnificent days of the 1990s.
Skateboards, punks, disc-man, phreaking, IRC, slackware, packetstormsecurity, Michael Jackson and Java. Ahh wait, scratch that last one, who’s a… Read More
2016-12-29 20:26
This Open Source thing is the real deal.
I have previously written about how easily you can contribute to other open source projects, but contributing code to startups and help them succeed?… Read More
2016-12-19 10:40
In my previous post we did a crash course to Babel.js, let’s now dive deeper down the rabbit hole.
Experimenting with Stage-X
Presets are a collection of plugins that perform tran… Read More
2016-12-08 22:05
By all means this is not a joke, nor a spam.
You can really, truly, make $500 dollars if you are able to just find one security vulnerability in the qmail project.
In all truth &mdash&hell…Read More
2016-12-05 15:39
I recently announced on social media about my latest Docker utility — a Node.js shell UI to easily manage your docker containers. It’s an amazingly useful tool for me… Read More
2016-11-28 13:36
I’m sure you’re interested in ES6, supporting JSX, etc.
So I worked out this intro so you can get up to speed really quick and really clear (I hope!)
This is the bare-bones, quic… Read More
2016-11-24 11:02
It seems they no longer have an ego.
Those engineers no longer care how to monetize or limit your use of their software.
Those engineers are philanthropists of the highest level.
And yes, we… Read More
2016-11-17 14:09
Keeping your 3rd party project dependencies secured is such an important task that you can’t under-estimate.
Snyk is a great tool for monitoring and tracking security vulnerabilities… Read More
2016-11-08 13:22
So you’re interested in writing up some ES6 on your server-side Node.js project? awesome! you’re in the right place.
Node.js ES6 Support
Node.js follows a release plan, and… Read More
2016-11-01 15:38
We recently celebrated Rosh Hashana, which is the Jewish New Year, so obviously a lot of self examination which translate to us engineers as a Retrospective.
This year has been yet another… Read More
2016-09-26 14:57
We often find ourselves creating a new libraries, tools, and some times frameworks and bigger projects. When you end up releasing those works as Open Source you get my appreciation and love… Read More
2016-09-18 08:37
Linux is all over the place. Seriously.
It is powering your smartphone, a drone network, NASA’s international space station, supercomputers, mainframes and your grandma’s IP web… Read More
2016-09-13 14:41
So what does Open Source software mean in real life? I promise no fancy philosophies and day-long lectures by Richard Stallman about open source and free software.
Contributing documentation… Read More
2016-09-12 00:00
Let me tell you how quickly you can get up and running with developing on the MEAN.JS JavaScript stack.
If you’re working on Linux, Windows, or OSX it’s simply a matter of lunchi… Read More
2016-08-15 08:45
You might have shrugged, and taken a few steps back to sit down and process this. Me? Contributing to AngularJS? there are probably more professional people than me to do it.
Wrong.
I could… Read More
2016-07-21 15:42
Without having any formal experience with Docker in the past I was able to help the Docker project and contribute to the official repository and help other users. How? Here is the story.
It… Read More
2016-07-15 09:21
Have you ever wondered what is the worst time delay ping from 2 cities around the world?
The winners are a ping sent from Dagupan, Philippines to Alblasserdam, Netherlands, which are here on… Read More
2016-06-06 09:21
With the hope of raising awareness on information security topics, and the openness of the web I would like to take one step further to show how a basic configuration can help secure your No… Read More
2016-05-07 13:37
Andrew Milner shaped my childhood. Google that name, I bet you a beer you’ve no idea who this guy is, and apparently Google isn’t helpful, so I’ll help out.
This begins wi… Read More
2016-04-11 05:02
You might be the conservative character, the shy person, or possibly the one taking less risks when it comes to making decisions all around. If that’s the case, I want to let you in on… Read More
2016-04-04 08:37
My manager’s probably best team building concept is Diversity. Why? read on and get some insight on building your next team to accomplish an amazingly performant, and adaptive team.
Ou… Read More
2015-11-16 00:00
Verigreen – https://github.com – is a lightweight, server side solution for verification of git commits. Now open-sourced by HPE’s VeriGreen team Read More
2015-11-01 00:00
Screenshots from old school UNIX, Linux and open source major developers
https://anders.unix.se/2015/10/28/screenshots-from-developers–unix-people-2002 Read More
2015-04-13 00:00
This YouTube video doesn’t need any further explanation beside it’s title: The Drupal Rap song – Everyday I’m Drupalin’
Lyrics:
Chorus
Everyday I’m drupal… Read More
2015-03-12 00:00
Security is an important aspect to keep an eye for, and this time it’s about preventing clickjacking on Drupal and other Apache web applications.
Edit apache’s configuration file… Read More
2015-03-09 00:00
Apache Obfuscation can be achieved very easily and the benefits are great – it doesn’t disclose server information such as versions, OS, and does output verbose errors when &lsqu&hell…Read More
2015-01-12 00:00
In the spirit of the computer video game Doom and its skill levels, we’ll review a few ways you can improve your Drupal speed performance and optimize for better results and server res… Read More
2014-12-15 00:00
In the spirit of the computer video game Doom and its skill levels, we’ll review a few ways you can improve your Drupal speed performance and optimize for better results and server res… Read More
2014-11-12 00:00
In the spirit of the computer video game Doom and its skill levels, we’ll review a few ways you can improve your Drupal speed performance and optimize for better results and server… Read More
2014-11-12 00:00
In the spirit of the computer video game Doom and its skill levels, we’ll review a few ways you can improve your Drupal speed performance and optimize for better results and server res… Read More
Subscribe to Liran Tal's
Get updates delivered right to your inbox!