Liran Tal
@lirantal.com
🦄 Node.js Secure Coding: http://nodejs-security.com
🌟 @GitHub Star
🏅 @OpenJS Pathfinder award for Security
🥑 DevRel at @snyksec
🌟 @GitHub Star
🏅 @OpenJS Pathfinder award for Security
🥑 DevRel at @snyksec
the government will put you in jail for reading phrack while distributing their own sabotage manuals
November 28, 2025 at 7:01 PM
the government will put you in jail for reading phrack while distributing their own sabotage manuals
the government will put you in jail for reading phrack while distributing their own sabotage manuals
November 28, 2025 at 4:01 PM
the government will put you in jail for reading phrack while distributing their own sabotage manuals
what other book should read for the checkout cart ?
November 28, 2025 at 1:04 PM
what other book should read for the checkout cart ?
best city in the world?
November 28, 2025 at 7:01 AM
best city in the world?
look I know it's a 19 minutes read 😅😅😅
but you'll thank me later when you've adopted these hands-on npm security practices for you and your team and thwarted the next Shai-Hulud from attacking you: snyk.io/articles/npm...
but you'll thank me later when you've adopted these hands-on npm security practices for you and your team and thwarted the next Shai-Hulud from attacking you: snyk.io/articles/npm...
November 27, 2025 at 7:00 PM
look I know it's a 19 minutes read 😅😅😅
but you'll thank me later when you've adopted these hands-on npm security practices for you and your team and thwarted the next Shai-Hulud from attacking you: snyk.io/articles/npm...
but you'll thank me later when you've adopted these hands-on npm security practices for you and your team and thwarted the next Shai-Hulud from attacking you: snyk.io/articles/npm...
FYI Snyk has a dedicated Zero-Day report available to quickly show you across your entire projects if any of them is impacted by the Shai-Hulud malware campaign of malicious packages
(screenshot shows the older one from September available too if you haven't keep up to date!)
(screenshot shows the older one from September available too if you haven't keep up to date!)
November 27, 2025 at 10:00 AM
FYI Snyk has a dedicated Zero-Day report available to quickly show you across your entire projects if any of them is impacted by the Shai-Hulud malware campaign of malicious packages
(screenshot shows the older one from September available too if you haven't keep up to date!)
(screenshot shows the older one from September available too if you haven't keep up to date!)
fun to see how good the LLM is on bash scripts
November 26, 2025 at 4:01 PM
fun to see how good the LLM is on bash scripts
I published on the weekend about 6+ blog posts on public disclosures of security vulnerabilities in npm packages that sadly their maintainers did not respond, you're welcome to browse and learn about secure coding practices
November 25, 2025 at 10:01 AM
I published on the weekend about 6+ blog posts on public disclosures of security vulnerabilities in npm packages that sadly their maintainers did not respond, you're welcome to browse and learn about secure coding practices
when are we getting Andrej Karpathy's version of vibe coding disclaimer for AI generated code?
that's very thoughtful (source from his repo of llm council)
that's very thoughtful (source from his repo of llm council)
November 25, 2025 at 7:00 AM
when are we getting Andrej Karpathy's version of vibe coding disclaimer for AI generated code?
that's very thoughtful (source from his repo of llm council)
that's very thoughtful (source from his repo of llm council)
minimax m2 looks like a good local small model for agentic coding, especially as it is just 10B params
November 24, 2025 at 7:00 PM
minimax m2 looks like a good local small model for agentic coding, especially as it is just 10B params
Soon hitting 900 subscribers to my Node.js Security Newsletter: www.nodejs-security.com/newsletter
November 24, 2025 at 10:01 AM
Soon hitting 900 subscribers to my Node.js Security Newsletter: www.nodejs-security.com/newsletter
wrapped up my MCP Security talk at AI Native DevCon, it was fun and great, thanks for coming to my talk and hit me up if you have any questions :-)
November 19, 2025 at 7:01 PM
wrapped up my MCP Security talk at AI Native DevCon, it was fun and great, thanks for coming to my talk and hit me up if you have any questions :-)
there, I fixed it for ya
November 17, 2025 at 10:01 AM
there, I fixed it for ya
v0 project of the weekend - my own text animation to gif generator
I had troubles having it export transparent background, any tips?
I had troubles having it export transparent background, any tips?
November 14, 2025 at 10:01 AM
v0 project of the weekend - my own text animation to gif generator
I had troubles having it export transparent background, any tips?
I had troubles having it export transparent background, any tips?
all the gpt in the world but which model do you choose for application security ???
November 14, 2025 at 7:01 AM
all the gpt in the world but which model do you choose for application security ???
do you see the issues in this slide or do you want me to call it out? I genuinely want to know if you understand the risk here (both from secure coding practices as well as from relying on AI coding agents without a safety net)
November 13, 2025 at 7:01 PM
do you see the issues in this slide or do you want me to call it out? I genuinely want to know if you understand the risk here (both from secure coding practices as well as from relying on AI coding agents without a safety net)
how do you avoid insecure code from crawling into your project if you don't have the Snyk MCP server installed ? 🤔
November 13, 2025 at 4:01 PM
how do you avoid insecure code from crawling into your project if you don't have the Snyk MCP server installed ? 🤔
I feel like I always re-scaffold MCP servers to add library documentation in projects again and again so I built automcp to automate that for me.
November 13, 2025 at 10:01 AM
I feel like I always re-scaffold MCP servers to add library documentation in projects again and again so I built automcp to automate that for me.
just do things
like give your Cursor coding agent a security brain by integrating Snyk Studio (it's an MCP server and more, it's also free)
like give your Cursor coding agent a security brain by integrating Snyk Studio (it's an MCP server and more, it's also free)
November 13, 2025 at 7:01 AM
just do things
like give your Cursor coding agent a security brain by integrating Snyk Studio (it's an MCP server and more, it's also free)
like give your Cursor coding agent a security brain by integrating Snyk Studio (it's an MCP server and more, it's also free)
great stuff from Cooper Press Node Weekly as always and thank you for the shout out 😘
November 12, 2025 at 7:01 PM
great stuff from Cooper Press Node Weekly as always and thank you for the shout out 😘
devcontainers on VS Code started becoming a real pain to work with, what now
November 12, 2025 at 10:01 AM
devcontainers on VS Code started becoming a real pain to work with, what now
agent acceptance rate is the new kpi on the block
November 12, 2025 at 7:01 AM
agent acceptance rate is the new kpi on the block
you can just plug in the Snyk MCP server and give your LLM a security brain
November 11, 2025 at 4:01 PM
you can just plug in the Snyk MCP server and give your LLM a security brain