Liran Tal
@lirantal.com
🦄 Node.js Secure Coding: http://nodejs-security.com
🌟 @GitHub Star
🏅 @OpenJS Pathfinder award for Security
🥑 DevRel at @snyksec
🌟 @GitHub Star
🏅 @OpenJS Pathfinder award for Security
🥑 DevRel at @snyksec
if you're working with URLs from users (as input) you should be concerned about SSRF
Server-side Request Forgery might take more than just a library even but url-sheriff should give you an idea and some added protection
Server-side Request Forgery might take more than just a library even but url-sheriff should give you an idea and some added protection
November 10, 2025 at 4:01 PM
if you're working with URLs from users (as input) you should be concerned about SSRF
Server-side Request Forgery might take more than just a library even but url-sheriff should give you an idea and some added protection
Server-side Request Forgery might take more than just a library even but url-sheriff should give you an idea and some added protection
look ma, I'm on seclists!!
November 10, 2025 at 10:01 AM
look ma, I'm on seclists!!
hey look I'm on the Apache mailing list, can you tell why? ;-)
November 10, 2025 at 7:00 AM
hey look I'm on the Apache mailing list, can you tell why? ;-)
agent aliasing is new rick rolling
john you're killing me 😆
john you're killing me 😆
November 7, 2025 at 7:01 PM
agent aliasing is new rick rolling
john you're killing me 😆
john you're killing me 😆
It's never been a better time to be a developer
November 7, 2025 at 4:01 PM
It's never been a better time to be a developer
academic research recommends Snyk too arxiv.org/html/2508.21...
you can just secure your dependencies ✨
you can just secure your dependencies ✨
November 7, 2025 at 10:01 AM
academic research recommends Snyk too arxiv.org/html/2508.21...
you can just secure your dependencies ✨
you can just secure your dependencies ✨
newly published research on LLM vulnerabilities stemming from open-source third-party dependencies relied on Snyk to scan
very very nice ;-)
very very nice ;-)
November 7, 2025 at 7:00 AM
newly published research on LLM vulnerabilities stemming from open-source third-party dependencies relied on Snyk to scan
very very nice ;-)
very very nice ;-)
newly published research on LLM vulnerabilities stemming from open-source third-party dependencies relied on Snyk to scan
very very nice ;-)
very very nice ;-)
November 6, 2025 at 7:00 PM
newly published research on LLM vulnerabilities stemming from open-source third-party dependencies relied on Snyk to scan
very very nice ;-)
very very nice ;-)
this feels like I'm on Windows or something... going on for like 20 minutes what the heck
November 6, 2025 at 4:00 PM
this feels like I'm on Windows or something... going on for like 20 minutes what the heck
real nerds see the world in 0x
November 6, 2025 at 10:00 AM
real nerds see the world in 0x
wait do I want to get this update ???
November 6, 2025 at 7:00 AM
wait do I want to get this update ???
I published an article about what is Glassworm, the prior Trojan Source incident and there's a walkthrough and usage guide for using anti-trojan-source npm CLI to detect and integrate it into a GitHub Actions CI or otherwise.
Let me know if you run into any issues:
Let me know if you run into any issues:
Defending Against Glassworm: The Invisible Malware That's Rewriting Supply Chain Security | Snyk
Defend against Glassworm, the invisible malware rewriting supply chain security. Learn how anti-trojan-source detects and prevents these Unicode attacks, protecting your VS Code extensions and credentials.
snyk.io
November 5, 2025 at 7:00 PM
I published an article about what is Glassworm, the prior Trojan Source incident and there's a walkthrough and usage guide for using anti-trojan-source npm CLI to detect and integrate it into a GitHub Actions CI or otherwise.
Let me know if you run into any issues:
Let me know if you run into any issues:
will I be showing up with a green yoda hat at AI Native DevCon event to speak about the droids, scratch, MCP tools that will compromise the security of your agentic coding tools? probably!
see you in New York, nerds!
see you in New York, nerds!
November 5, 2025 at 4:00 PM
will I be showing up with a green yoda hat at AI Native DevCon event to speak about the droids, scratch, MCP tools that will compromise the security of your agentic coding tools? probably!
see you in New York, nerds!
see you in New York, nerds!
Music to Break Models By
Gödelian limits of prompt-safe AI
matthodges.com
November 5, 2025 at 10:00 AM
Can I kindly ask for your support?
We launched Snyk Studio for securing AI coding agents on Product Hunt: www.producthunt.com/products/sny...
Can you take a quick look and if it's interesting give us an upvote and share your thoughts in a comment pretty please?
We launched Snyk Studio for securing AI coding agents on Product Hunt: www.producthunt.com/products/sny...
Can you take a quick look and if it's interesting give us an upvote and share your thoughts in a comment pretty please?
Snyk Studio - Real-time security guardrails for your AI code assistant | Product Hunt
Stop insecure AI code before it lands. Snyk Studio plugs into your AI code assistants (and VS Code, Cursor, and others) to scan code suggestions in real time, flag risky patterns, and guide safer fixe...
www.producthunt.com
November 5, 2025 at 8:15 AM
Can I kindly ask for your support?
We launched Snyk Studio for securing AI coding agents on Product Hunt: www.producthunt.com/products/sny...
Can you take a quick look and if it's interesting give us an upvote and share your thoughts in a comment pretty please?
We launched Snyk Studio for securing AI coding agents on Product Hunt: www.producthunt.com/products/sny...
Can you take a quick look and if it's interesting give us an upvote and share your thoughts in a comment pretty please?
Matt Hodges with a wonderful write-up that explains why prompt injections are inherently a difficult problem to solve matthodges.com/posts/2025-0...
November 5, 2025 at 7:00 AM
Matt Hodges with a wonderful write-up that explains why prompt injections are inherently a difficult problem to solve matthodges.com/posts/2025-0...
when was the last time you scanned your code-base for invisible characters aka trojan source attacks?
$ npx anti-trojan-source
and hope you don't have any glassworm or other bidi chars malware hiding 😅
$ npx anti-trojan-source
and hope you don't have any glassworm or other bidi chars malware hiding 😅
November 4, 2025 at 7:00 PM
when was the last time you scanned your code-base for invisible characters aka trojan source attacks?
$ npx anti-trojan-source
and hope you don't have any glassworm or other bidi chars malware hiding 😅
$ npx anti-trojan-source
and hope you don't have any glassworm or other bidi chars malware hiding 😅
new version of the anti-trojan-source npm CLI now supports extended categories, glassworm and no-break chars
this extends the existing invisible characters known as "trojan source" in the original cyberattack with more detection points from recent incident
$ npx anti-trojan-source
add it to your
this extends the existing invisible characters known as "trojan source" in the original cyberattack with more detection points from recent incident
$ npx anti-trojan-source
add it to your
November 4, 2025 at 4:00 PM
new version of the anti-trojan-source npm CLI now supports extended categories, glassworm and no-break chars
this extends the existing invisible characters known as "trojan source" in the original cyberattack with more detection points from recent incident
$ npx anti-trojan-source
add it to your
this extends the existing invisible characters known as "trojan source" in the original cyberattack with more detection points from recent incident
$ npx anti-trojan-source
add it to your
the new Product and DevRel KPI is TTW - Time to Wow (or Time to What-the-f**k)
it is highly correlated with hyper pace of AI assistants, high shipping velocity and master-builder profile for developer relations practitions
it is highly correlated with hyper pace of AI assistants, high shipping velocity and master-builder profile for developer relations practitions
November 4, 2025 at 10:00 AM
the new Product and DevRel KPI is TTW - Time to Wow (or Time to What-the-f**k)
it is highly correlated with hyper pace of AI assistants, high shipping velocity and master-builder profile for developer relations practitions
it is highly correlated with hyper pace of AI assistants, high shipping velocity and master-builder profile for developer relations practitions
damn I had to hold my breath for 20 minutes straight on this F15 and MIG-29 fight off
next level storytelling and visual reenactment simulation
next level storytelling and visual reenactment simulation
When MiG-29s Ambushed F-15 Eagles
Follow and Wishlist our game on Steam https://store.steampowered.com/app/3606970/Brass_Rain/ On January 19, 1991, during Operation Desert Storm, Captain Cesar “Rico” Rodriguez of the 58th Tactical Fighter Squadron flew an F-15C Eagle on a mission to protect a large coalition strike force. Accompanying him was his wingman, Captain Craig “Mole” Underhill. Despite the threat from Iraqi SAM sites, the F-15s pressed forward, buying precious time for the strikers. Meanwhile, several brave Iraqi pilots took off in Soviet-made MiG-29 Fulcrums to intercept the American fighters. The ensuing dogfight between the Eagles and Fulcrums became one of the most iconic aerial battles of the Gulf War. Main sources for this film include: Steve Davies, F-15C Eagle Units in Combat, Osprey Publishing, 2005 Jim Corrigan, Desert Storm Air War: The Aerial Campaign against Saddam’s Iraq in the 1991 Gulf War, Stackpole Books, 2017 Interviews with Cesar Rodriguez, available on YouTube Hit join to become a...
www.youtube.com
November 4, 2025 at 7:00 AM
damn I had to hold my breath for 20 minutes straight on this F15 and MIG-29 fight off
next level storytelling and visual reenactment simulation
next level storytelling and visual reenactment simulation
ehh conflict resolution UI inside GitHub is pretty nice (although these days I'd expect an agent to autonomously do it 😆 )
November 3, 2025 at 7:00 PM
ehh conflict resolution UI inside GitHub is pretty nice (although these days I'd expect an agent to autonomously do it 😆 )
🚨 The new Glassworm malware? it invisible Unicode characters to hide in source code. 35,800+ victims.
Protect your codebase:
```bash
npx anti-trojan-source --files='**/*.js'
```
Here's a full guide: snyk.io/articles/def...
Protect your codebase:
```bash
npx anti-trojan-source --files='**/*.js'
```
Here's a full guide: snyk.io/articles/def...
Defending Against Glassworm: The Invisible Malware That's Rewriting Supply Chain Security | Snyk
Defend against Glassworm, the invisible malware rewriting supply chain security. Learn how anti-trojan-source detects and prevents these Unicode attacks, protecting your VS Code extensions and credent...
snyk.io
November 3, 2025 at 5:57 PM
🚨 The new Glassworm malware? it invisible Unicode characters to hide in source code. 35,800+ victims.
Protect your codebase:
```bash
npx anti-trojan-source --files='**/*.js'
```
Here's a full guide: snyk.io/articles/def...
Protect your codebase:
```bash
npx anti-trojan-source --files='**/*.js'
```
Here's a full guide: snyk.io/articles/def...
they said AI is going to fix everything what the heck
November 3, 2025 at 4:00 PM
they said AI is going to fix everything what the heck
Cursor 2.0 leaves behind the classical IDE and takes a step into the future of ADE: Agentic Development Environment
Both types of applications for software engineering will be applicable but an ADE is a futuristic eye opener into autonomous software self-development
Both types of applications for software engineering will be applicable but an ADE is a futuristic eye opener into autonomous software self-development
November 3, 2025 at 10:00 AM
Cursor 2.0 leaves behind the classical IDE and takes a step into the future of ADE: Agentic Development Environment
Both types of applications for software engineering will be applicable but an ADE is a futuristic eye opener into autonomous software self-development
Both types of applications for software engineering will be applicable but an ADE is a futuristic eye opener into autonomous software self-development
Y'all are eligible for a 25% discount to AI Native DevCon with my code LIRANT25 because I'm speaking there hah ;-)
Register and I'll see you there:
Register and I'll see you there:
AI Native DevCon | Nov 18-19 | NYC | Limited Tickets
AI Native DevCon is hitting NYC (and online) Nov 18-19, 2025, focusing on spec-driven, AI-native development and coding agents.
ainativedev.io
November 3, 2025 at 7:00 AM
Y'all are eligible for a 25% discount to AI Native DevCon with my code LIRANT25 because I'm speaking there hah ;-)
Register and I'll see you there:
Register and I'll see you there: