Liran Tal 

@[email protected]
673 Followers
288 Following
2.1K Posts

🌟 GitHub Star 2022
🏆 OpenJS Pathfinder award for Security 2022
🥑 DevRel at @snyksec
@NodeJS AppSec & OpenSource ❤️
O'Reilly author on Serverless JavaScript Security
Docker container security hero 🐳

Author of Node.js Security 👉 bit.ly/node-security
Author of Security Headers 👉 bit.ly/http-security

Interests:
#OpenSource #NodeJS #AppSec #JavaScript #Containers #Docker #SupplyChainSecurity #Snyk #OWASP #GitHub #DevSecOps #DevRel #CNCF #OpenSSF #OpenJSF

Websitehttps://lirantal.com
GitHubhttps://github.com/lirantal
Twitterhttps://twitter.com/liran_tal
Node.js Secure Codinghttps://www.nodejs-security.com/
Liran Tal 4h ago
well the question is whether you buy the sandbox permissions on the claude agent sdk or not
Liran Tal 11h ago

pffff are you for real Claude?
I need to change a file to extend capability?

looks like someone skipped the design patterns class at uni. guess I'm gonna teach it about the open/closed principle ;-)

Liran Tal 1d ago

claude'ing away a coding agent security benchmark

what would you like to know?

Liran Tal 1d ago

Been tinkering on a little side project that I’m genuinely excited about: gh-cp.

It’s a lightweight tool to help you copy things out of GitHub quickly and cleanly. The kind of CLI that so when “small friction” problem you hit constantly when sharing code snippets, issue/PR links, file contents, or repo context with teammates (or future-you).

Anyways, the goal is simple: less context switching, fewer clicks, faster sharing - https://github.com/lirantal/gh-cp 🚀

GitHub - lirantal/gh-cp: A CLI that copies files and directories from GitHub repo paths and downloads them to a local path

A CLI that copies files and directories from GitHub repo paths and downloads them to a local path - lirantal/gh-cp

GitHub
Liran Tal 1d ago

Scaffold Node.js CLIs easily with create-node-lib

Go from idea → clean, shippable package fast. Think: sensible structure, helpful defaults, and a path that encourages “production-ready” habits 🚀

Great for Node tooling, SDKs, utilities, CLIs: https://github.com/lirantal/create-node-lib

Liran Tal 2d ago

cooking a new coding agent security benchmark project

as a dev, what are you curious about learning in terms of evaluating components and LLM models?

Liran Tal 2d ago

Just shipped a small project I’m genuinely excited about: **AIBOM**.

If you’ve ever tried to bring AI/LLM tooling into a real codebase, you’ve probably felt the gap between “it works on my prompt” and “it’s reliable, reviewable, and secure.”

It’s a practical repo, built for builders: clearer visibility, better hygiene, and fewer surprises as AI dependencies and workflows evolve 🚀

Link: https://github.com/lirantal/aibom

GitHub - lirantal/aibom: An AI-BOM visual viewer

An AI-BOM visual viewer. Contribute to lirantal/aibom development by creating an account on GitHub.

GitHub
Liran Tal 2d ago

💡 The security failures that lead to the LiteLLM compromise and malware propagation weren't new...

In fact, Snyk already in 2024 warned of GitHub Actions failures and provided tools to pin down dependencies and lock down your CI workflows: https://labs.snyk.io/resources/exploring-vulnerabilities-github-actions/

Call for action: Exploring vulnerabilities in Github Actions | Snyk Labs

In this blog post, we will provide an overview of GitHub Actions, examine various vulnerable scenarios with real-world examples, offer clear guidance on securely using error-prone features, and introduce an open source tool designed to scan configuration files and flag potential issues.

Snyk Labs
Liran Tal 3d ago

the gh cli has no way of copying directories/files from a given repo to disk and you have to use a community gh-cp extension for it?? 🤦‍♂️

oh lord

Liran Tal 3d ago

supposedly this article about "MCP is a Fad" is suggesting to use "just" as a wrapper for commands to avoid bash tool use. genius or epic fail?

if you think that's a security mitigation then you haven't seen how creative LLMs can be