https://github.com/lirantal/lirantal

https://github.com/lirantal/lirantal

Last synced: 23 days ago
JSON representation

• Host: GitHub
• URL: https://github.com/lirantal/lirantal
• Owner: lirantal
• Created: 2016-09-08T09:32:11.000Z (over 8 years ago)
• Default Branch: main
• Last Pushed: 2024-09-30T09:21:31.000Z (7 months ago)
• Last Synced: 2025-02-06T06:48:49.686Z (3 months ago)
• Size: 408 KB
• Stars: 5
• Watchers: 2
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
Hi, I'm Liran 👋


  


    I wrote these two comprehensive deep-dive books on Secure Coding in Node.js to help developers master Node.js security with hands-on vulnerability review and remediation walkthroughs

  


  

    

      

          

          


          Node.js Secure Coding: Defending Against Command Injection Vulnerabilities

      

    

    

      

          

          


          Node.js Secure Coding: Defending Against Command Injection Vulnerabilities

      

    

  

Software Engineer · Web Security Activist · Author



  

    

  

  

    

  

  

    

  

  

    

  





A GitHub Star, world-wide recognized for championing open source software and actively working within communities to inspire and lift other humans. Liran also received the OpenJS Foundation's Pathfinder for Security for his work on Node.js security. A JavaScript & Node.js software developer, building web applications and command-line tools. A web security activist , engaging in security research, software supply chain security, and regular contributor and project lead to OWASP Foundation projects. An avid member of the Node.js Foundation ecosystem security working group, dedicated to advancing Node.js security awareness and skill-set in the open source community. Developer Advocate at Snyk.

>



  

    

  






Awarded:

- ⭐️ 2023 [GitHub Star](https://stars.github.com/profiles/lirantal)

- 🏆 2022 OpenJS Foundation's [Pathfinder Award for Security](https://openjsf.org/blog/first-ever-javascriptlandia-awards-celebrate-community-leaders)

- ⭐️ 2022 [GitHub Star](https://stars.github.com/profiles/lirantal)

- ⭐️ 2021 [GitHub Star](https://stars.github.com/profiles/lirantal)

## Web Security Activism 

- Member of Node.js Foundation's [Ecosystem Security working group](https://github.com/nodejs/security-wg)

- OWASP Project Member of [NodeGoat](https://github.com/OWASP/NodeGoat)

- OWASP Project Lead for [CWE Tool](https://github.com/OWASP/cwe-tool) and [CWE SDK](https://github.com/OWASP/cwe-sdk-javascript)

- Author of [npm Security Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/NPM_Security_Cheat_Sheet.html)

- Author of [Node.js Docker Security Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/NodeJS_Docker_Cheat_Sheet.html)

## [Liran's articles on the Snyk blog](https://snyk.io/contributors/liran-tal/), [Liran Tal blog](https://lirantal.com) and [Node.js Security Blog](https://www.nodejs-security.com/blog)

* 2023-09-13 [Vue.js Patterns: Using Vue.js 3 Composition API for Reactive Parent to Child Communication](https://lirantal.com/blog/vuejs-patterns-using-vuejs-3-composition-api-for-reactive-parent-to-child-communication)

* 2023-09-15 [Securing Your Node.js Apps by Analyzing Real-World Command Injection Examples](https://www.nodejs-security.com/blog/securing-your-nodejs-apps-by-analyzing-real-world-command-injection-examples)

* 2023-09-04 [Generating presentation titles using OpenAI background jobs with Node.js, Express and Trigger.dev](https://lirantal.com/blog/background-jobs-processing-with-node-js-express-trigger-dev)

* 2023-08-17 [How to Process Scheduled Queue Jobs in Node.js with BullMQ and Redis on Heroku](https://lirantal.com/blog/how-to-process-scheduled-queue-jobs-in-nodejs-with-bullmq-and-redis-on-heroku)

* 2023-08-07 [Configuration Decoded: Lesser-Known Tips for Working with env-schema in Node.js](https://lirantal.com/blog/configuration-decoded-lesser-known-tips-for-working-with-env-schema-in-nodejs)

* 2023-07-17 [Introducing Changesets: Simplify Project Versioning with Semantic Releases](https://lirantal.com/blog/introducing-changesets-simplify-project-versioning-with-semantic-releases)

* 2023-07-08 [Deploying a Fastify & Vue 3 Static Site to Heroku](https://lirantal.com/blog/deploying-a-fastify-vue-3-static-site-to-heroku)

* 2023-06-30 [Avoid Fastify's reply.raw and reply.hijack Despite Being A Powerful HTTP Streams Tool](https://lirantal.com/blog/avoid-fastify-reply-raw-and-reply-hijack-despite-being-a-powerful-http-streams-tool)

* 2023-06-23 [An Introduction to Command Injection Vulnerabilities in Node.js and JavaScript](https://www.nodejs-security.com/blog/introduction-command-injection-vulnerabilities-nodejs-javascript)

* 2023-05-22 [How to generate an SBOM for JavaScript and Node.js applications](https://snyk.io/blog/generate-sbom-javascript-node-js-applications/)

* 2023-02-25 [Open Source activism with ReadyCodePush](https://www.lirantal.com/blog/open-source-activism-readycodepush)

* 2023-02-22 [The security concerns of a JavaScript sandbox with the Node.js VM module](https://snyk.io/blog/security-concerns-javascript-sandbox-node-js-vm-module/)

* 2023-01-24 [How to add client-side search with PageFind to your Astro blog static website](https://www.lirantal.com/blog/2023-01-01_-how_to_add_client-side_search_to_your_astro_blog_static_website)

* 2023-01-15 [Advanced usage patterns for taking page element screenshots with Playwright](https://www.lirantal.com/blog/advanced-usage-patterns-for-taking-page-element-screenshots-with-playwright)

* 2022-12-28 [5 "no experience needed" tips for building secure applications](https://snyk.io/blog/no-experience-needed-secure-applications/)

* 2022-12-05 [How to verify and secure your Mastodon account](https://snyk.io/blog/verify-and-secure-your-mastodon-account/)

* 2022-11-22 [Enhance your command line with Warp](https://www.lirantal.com/blog/2022-11-22_enhance-your-command-line-with-warp)

* 2022-11-22 [Content creators web resources](https://www.lirantal.com/blog/2022-12-03_content_creators_web_resources)

* 2022-11-07 [NPM security: preventing supply chain attacks](https://snyk.io/blog/npm-security-preventing-supply-chain-attacks/)

* 2022-10-28 [Are you also validating a JavaScript URL using RegEx?](https://www.lirantal.com/blog/2022-10-28_are_you_validating_javascript_url_safely)

* 2022-10-21 [Resources for Public Speaking and Conference CFP application](https://www.lirantal.com/blog/2022-10-21_resources_for_public_speaking_and_conference_cfp_application)

* 2022-10-14 [How to add Playwright tests to your pull request CI with GitHub Actions](https://snyk.io/blog/how-to-add-playwright-tests-pr-ci-github-actions/)

* 2022-09-29 [Choosing the best Node.js Docker image](https://snyk.io/blog/choosing-the-best-node-js-docker-image/)

* 2022-09-01 [The npm faker package and the unexpected demise of open source libraries](https://snyk.io/blog/npm-faker-package-open-source-libraries/)

* 2022-08-17 [Ruby gem installations can expose you to lockfile injection attacks](https://snyk.io/blog/ruby-gem-installation-lockfile-injection-attacks/)

* 2022-08-04 [A definitive guide to Ruby gems dependency management](https://snyk.io/blog/a-definitive-guide-to-ruby-gems-dependency-management/)

* 2022-08-03 [Slidev 101: Coding presentations with Markdown](https://snyk.io/blog/slidev-101-coding-presentations-with-markdown/)

* 2022-05-04 [3 Jedi-inspired lessons to level up your JavaScript security](https://snyk.io/blog/jedi-lessons-to-level-up-javascript-security) 

* 2022-03-16 [peacenotwar module sabotages npm developers in the node-ipc package to protest the invasion of Ukraine](https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/) ⚠️

* 2022-03-14 [Build a software bill of materials (SBOM) for open source supply chain security](https://snyk.io/blog/building-sbom-open-source-supply-chain-security/)

* 2022-03-08 [Celebrating amazing open source innovation from Ukraine](https://snyk.io/blog/celebrating-amazing-open-source-innovation-ukraine) 🇺🇦

* 2022-02-09 [Join “The Big Fix” to secure your projects with Snyk and earn cool swag](https://snyk.io/blog/join-the-big-fix)

* 2022-01-09 [Open source maintainer pulls the plug on npm packages colors and faker, now what?

](https://snyk.io/blog/open-source-npm-packages-colors-faker)

* 2021-12-13 [The Log4j vulnerability and its impact on software supply chain security](https://snyk.io/blog/log4j-vulnerability-software-supply-chain-security-log4shell)

* 2021-11-11 [Best practices for containerizing Python applications with Docker](https://snyk.io/blog/best-practices-containerizing-python-docker/)

* 2021-11-09 [How to effectively detect and mitigate Trojan Source attacks in JavaScript codebases with ESLint](https://snyk.io/blog/how-to-detect-mitigate-trojan-source-attacks-javascript-eslint/)

## Published Author

  

    

      

          

          


          Essential Node.js Security

      

      


      Liran Tal

    

    

      

          

          


          Web Security: Learning HTTP Security Headers

      

      


      Liran Tal

    

    

      

          

          


          O'Reilly Serverless Security

      

      


      Guy Podjarny, Liran Tal

    

    

      

          

          


          Snyk's State of Open Source Security 2019

      

      


      Liran Tal