lirantal

Follow

💟

Writing a book on Node.js Secure Coding

Liran Tal lirantal

💟

Writing a book on Node.js Secure Coding

Follow

🦄 Node.js Secure Coding: nodejs-security.com 🌟 @github Star 🏅 @Openjs Pathfinder award for Security 🥑 DevRel at @snyksec

2.1k followers · 966 following

Achievements

Achievements

Highlights

Organizations

lirantal/README.md

Hi, I'm Liran 👋

I wrote these two comprehensive deep-dive books on Secure Coding in Node.js to help developers master Node.js security with hands-on vulnerability review and remediation walkthroughs

Node.js Secure Coding: Defending Against Command Injection Vulnerabilities

_{Node.js Secure Coding: Defending Against Command Injection Vulnerabilities}

Node.js Secure Coding:Prevention and Exploitation of Path Traversal Vulnerabilities

_{Node.js Secure Coding: Defending Against Command Injection Vulnerabilities}

Software Engineer · Web Security Activist · Author

A GitHub Star, world-wide recognized for championing open source software and actively working within communities to inspire and lift other humans. Liran also received the OpenJS Foundation's Pathfinder for Security for his work on Node.js security. A JavaScript & Node.js software developer, building web applications and command-line tools. A web security activist , engaging in security research, software supply chain security, and regular contributor and project lead to OWASP Foundation projects. An avid member of the Node.js Foundation ecosystem security working group, dedicated to advancing Node.js security awareness and skill-set in the open source community. Developer Advocate at Snyk.

Awarded:

⭐️ 2023 GitHub Star
🏆 2022 OpenJS Foundation's Pathfinder Award for Security
⭐️ 2022 GitHub Star
⭐️ 2021 GitHub Star

Web Security Activism

Member of Node.js Foundation's Ecosystem Security working group
OWASP Project Member of NodeGoat
OWASP Project Lead for CWE Tool and CWE SDK
Author of npm Security Cheat Sheet
Author of Node.js Docker Security Cheat Sheet

Liran's articles on the Snyk blog, Liran Tal blog and Node.js Security Blog

2023-09-13 Vue.js Patterns: Using Vue.js 3 Composition API for Reactive Parent to Child Communication
2023-09-15 Securing Your Node.js Apps by Analyzing Real-World Command Injection Examples
2023-09-04 Generating presentation titles using OpenAI background jobs with Node.js, Express and Trigger.dev
2023-08-17 How to Process Scheduled Queue Jobs in Node.js with BullMQ and Redis on Heroku
2023-08-07 Configuration Decoded: Lesser-Known Tips for Working with env-schema in Node.js
2023-07-17 Introducing Changesets: Simplify Project Versioning with Semantic Releases
2023-07-08 Deploying a Fastify & Vue 3 Static Site to Heroku
2023-06-30 Avoid Fastify's reply.raw and reply.hijack Despite Being A Powerful HTTP Streams Tool
2023-06-23 An Introduction to Command Injection Vulnerabilities in Node.js and JavaScript
2023-05-22 How to generate an SBOM for JavaScript and Node.js applications
2023-02-25 Open Source activism with ReadyCodePush
2023-02-22 The security concerns of a JavaScript sandbox with the Node.js VM module
2023-01-24 How to add client-side search with PageFind to your Astro blog static website
2023-01-15 Advanced usage patterns for taking page element screenshots with Playwright
2022-12-28 5 "no experience needed" tips for building secure applications
2022-12-05 How to verify and secure your Mastodon account
2022-11-22 Enhance your command line with Warp
2022-11-22 Content creators web resources
2022-11-07 NPM security: preventing supply chain attacks
2022-10-28 Are you also validating a JavaScript URL using RegEx?
2022-10-21 Resources for Public Speaking and Conference CFP application
2022-10-14 How to add Playwright tests to your pull request CI with GitHub Actions
2022-09-29 Choosing the best Node.js Docker image
2022-09-01 The npm faker package and the unexpected demise of open source libraries
2022-08-17 Ruby gem installations can expose you to lockfile injection attacks
2022-08-04 A definitive guide to Ruby gems dependency management
2022-08-03 Slidev 101: Coding presentations with Markdown
2022-05-04 3 Jedi-inspired lessons to level up your JavaScript security
2022-03-16 peacenotwar module sabotages npm developers in the node-ipc package to protest the invasion of Ukraine ⚠️
2022-03-14 Build a software bill of materials (SBOM) for open source supply chain security
2022-03-08 Celebrating amazing open source innovation from Ukraine 🇺🇦
2022-02-09 Join “The Big Fix” to secure your projects with Snyk and earn cool swag
2022-01-09 Open source maintainer pulls the plug on npm packages colors and faker, now what?
2021-12-13 The Log4j vulnerability and its impact on software supply chain security
2021-11-11 Best practices for containerizing Python applications with Docker
2021-11-09 How to effectively detect and mitigate Trojan Source attacks in JavaScript codebases with ESLint

Published Author

Essential Node.js Security

_{Essential Node.js Security}
_{Liran Tal}

Web Security: Learning HTTP Security Headers

_{Web Security: Learning HTTP Security Headers}
_{Liran Tal}

O'Reilly Serverless Security

_{O'Reilly Serverless Security}
_{Guy Podjarny, Liran Tal}

State of Open Source Security 2019

_{Snyk's State of Open Source Security 2019}
_{Liran Tal}

Pinned Loading

dockly dockly Public

Immersive terminal interface for managing docker containers and services

JavaScript 3.8k 151
nodejs-cli-apps-best-practices nodejs-cli-apps-best-practices Public

The largest Node.js CLI Apps best practices list ✨

3.6k 149
is-website-vulnerable is-website-vulnerable Public

finds publicly known security vulnerabilities in a website's frontend JavaScript libraries

JavaScript 1.9k 112
awesome-nodejs-security awesome-nodejs-security Public

Awesome Node.js Security resources

2.7k 242
lockfile-lint lockfile-lint Public

Lint an npm or yarn lockfile to analyze and detect security issues

JavaScript 785 35
npq npq Public

🎖safely* install packages with npm or yarn by auditing them as part of your install process

JavaScript 956 28