Mastodawn

Liran Tal

673 Followers

288 Following

2.2K Posts

🌟 GitHub Star 2022
🏆 OpenJS Pathfinder award for Security 2022
🥑 DevRel at @snyksec
@NodeJS AppSec & OpenSource ❤️
O'Reilly author on Serverless JavaScript Security
Docker container security hero 🐳

Author of Node.js Security 👉 bit.ly/node-security
Author of Security Headers 👉 bit.ly/http-security

Interests:
#OpenSource #NodeJS #AppSec #JavaScript #Containers #Docker #SupplyChainSecurity #Snyk #OWASP #GitHub #DevSecOps #DevRel #CNCF #OpenSSF #OpenJSF

Website	https://lirantal.com
GitHub	https://github.com/lirantal
Twitter	https://twitter.com/liran_tal
Node.js Secure Coding	https://www.nodejs-security.com/

Liran Tal

4h ago

what are some good benchmarking write-ups you've read? in the form of a blog post and web content, not an academic technical paper

think along the lines of LLM model comparisons etc

Liran Tal

21h ago

hah, it's a funny fix
you know why right

Liran Tal

1d ago

had some questions on the internal Snyk slack that prompted me to shared an old write-up from 2019 about lockfiles so here's a read for ya: https://snyk.io/blog/what-is-package-lock-json/

What is package lock json? Lockfiles for yarn & npm packages | Snyk

In this article we will discuss both npm's package lock file package-lock.json as well as Yarn's _yarn.lock.

Snyk

Liran Tal

1d ago

zero day clock is at 1.1 TTE (time to exploit) on average, and 61 weaponized payloads

hell of a time for cybersecurity

Liran Tal

2d ago

check out AI Sec News for a curated newsletter on AI Security Engineering: https://buttondown.com/aisecnews

Liran Tal

2d ago

When there's a SKILL, there's a way

Ship or die

while we're on the topic of axios malware and supply chain security...

I have friends who do blind upgrades in CI and other places. please don't be them. never blindly install software. npm install == sh -c. not worth it.