Liran Tal

safely install npm packages by auditing them pre-install stage

Build Awesome MCPs with Awesome Best Practices for MCP Servers and MCP Clients

List MCP Server configurations in your system used by AI applications like Cursor, Claude Desktop, VS Code and others

MCP Server for Node.js API documentation

Rules and instructions for agentic coding tools like Cursor, Claude CLI, Gemini CLI, Qodo, Cline and more

Collection of npm package manager Security Best Practices

Immersive terminal interface for managing docker containers and services

The largest Node.js CLI Apps best practices list ✨

Awesome Node.js Security resources

finds publicly known security vulnerabilities in a website's frontend JavaScript libraries

daloRADIUS is an advanced RADIUS web management application for managing hotspots and general-purpose ISP deployments. It features user management, graphical reporting, accounting, a billing engine, and integrates with OpenStreetMap for geolocation. The system is based on FreeRADIUS with which it shares access to the backend database.

Lint an npm or yarn lockfile to analyze and detect security issues

A curated list of Israeli-made projects, events, and individuals

Cypress authentication flows using social network providers

Collection of PyPI registry package manager Security Best Practices featuring uv and pip

Documentation for Essential Node.js Security

A Node.js express middleware that implements API versioning for route controllers

Awesome resources for Consumer-Driven Contract Testing

Detect Glassworm & trojan source attacks that employ unicode bidi attacks to inject malicious code

ESLint plugin to detect and stop Trojan Source attacks

A template repository that is ready to author and publish books written in AsciiDoc format

a unix-like du command line tool to count token usage per files and directories

Analyze a git source code repository for health signals and project vitals

A developer-friendly secrets detection tool for CI and pre-commit hooks based on Yelp's detect-secrets

Scaffold a batteries-included Node.js library project with docs, tests, semantic releases and more

Node.js CLI tool to visualize an aggregate list of your dependencies' licenses

Visualize your project security vulnerabilities as a pie chart in the terminal

Hands-on practical use of HTTP security headers as browser security controls to help secure web applications

Do you want to start a meetup group but you don't know exactly where to start? You're in the right place!

A Node.js middleware for Express that implements Security.txt - A Method for Web Security Policies

A friendlier Typeform Node.js API client

Collection of enterprise application patterns

GitHub Action adding a comment with information about new npm dependencies detected in a pull request

Riess.js is a de-coupled full stack JavaScript application framework

Node.js library to convert unix or linux CRON syntax to Quartz Scheduler

No description.

Twitter awesomeness browser extension

HPE's Agile Manager client API module for NodeJS

validate and prevent against SSRF

Travis CLI in a docker container (encrypt, lint, env, monitor)

versions an incoming request to Express based on header or URL

Pipe any mail envelope input and output forward as SMTP client

Inject JS to the DOM to find vulnerable JavaScript libraries

Liran Tal's portfolio of public speaking engagements

React Suspended is an educational frontend application riddled with security vulnerabilities

An Astro plugin that binds keyboard keys for actions like focus on search box and others

GitHub Actions Best Practices for Node.js applications

An AI-BOM visual viewer

A Node.js Fastify microservice that uses SuperTokens for authentication

NodePulse is a live Node.js dashboard

Best practices for building and maintaining Node.js docker images

A CLI that copies files and directories from GitHub repo paths and downloads them to a local path

A Node.js API service that fetches files and checks for virus or malware

Dependency Frost is an educational platform game to promote awareness of security in open source dependencies

CVE-2024-27983 this repository builds up a vulnerable HTTP2 Node.js server (`server-nossl.js`) based on CVE-2024-27983 which exploits a continuation flood vulnerability in HTTP2 servers.

Export a Typeform survey questionnaire to an Excel format

cross-platform execution of command line programs in shells

Pact Workshop - Consumer in Node.js

Exercise resources about HTTP security headers in Node.js and Express applications

Mr Audit is a Gulp plugin to audit JavaScript code for security related static code analysis

AutoMCP scaffolds your Model Context Protocol config from package.json deps

SAY NO TO SECRETS IN ENVIRONMENT VARIABLES

Demo for practicing Dependency Confusion supply chain attacks

Liran Tal's repository for public speaking

A Fastify example codebase for using dotenv with env-schema wrapper

A CLI for Snyk's SnykCon 2020 DevSecOps and Developer-first security conference

A Claude Code status line for Pikud Haoref red alerts

Spin-off an isolated Node.js environment using Docker containers

A reference Git repository to demonstrate vulnerable C and C++ patterns in code

RADIUS monitoring and statistics reporting for FreeRADIUS-based deployments (it's a pingdom for RADUIS servers)

Exercise resources about browser security controls

An opinionated Fastify project starter

Slides for talk: How React Applications Get Hacked in the Real World

HPE's Operations Orchestration client API module for NodeJS

Slides for talk: How React Applications Get Hacked in the Real World

Report a security vulnerability

No description.

This repository will contain benchmark comparison between Snyk and npm audit, based on personal observation, as objective as possible

A docker image for Yelp's docker-secrets python application

Recurses a given node_modules directory to fetch all npm package licenses

render images on the terminal (forked from substack/picture-tube)

smtp-watch will create an smtp server for incoming mail connections, and display these e-mails on a web page

Israel Rail API and CLI in Node.js (npx)

Prototype Pollution in minimist

Exercise resources about HTTP security headers in Node.js and Express applications

The most insecure FinServ banking application you ever scanned

🚀📩 effortless remote push notifications for the CLI

Lockfiles have needs too and this package takes care of them

A starter template for Public Speaking templates 🎤 💫

An Agent SKILL for Israel Rail API

Cloudflare Extra utilities (SDK to interface with R2, CLI upload utility, etc)

CLI to detect terminal support for properties like color, unicode and others

A web app that shows and compares technology stacks and trends around the world

Race your friend to the Snyk palace

No description.

This repository contains the code for experiments that demonstrate AI-Powered Developer Relations tools.

DevRel Content Writer AI agent

A TutorialKit based Command Injection challenge to teach Node.js Secure Coding best practices

ESLint collection of curated security rules for static code analysis linter

Linter for a Swagger JSON API spec

CLI to manage GitHub repositories in bulk

No description.

A Skill that teaches a coding agent (like Claude Code) how to create a statusline

Summarize release notes of new Node.js versions

A GitHub Action that updates the PR title with information about the base branch it wants to merge to

No description.

Node.js library providing high-level wrapper for convenient AWS S3 capabilities

Token comparison

The source-code for the speak|easy website which promotes inspirational and information public speaking tips

No description.

Easily install all packages required to create an Atom Bundle for a Language or Platform

No description.

NodeJS Backup Tool (Import/Export) for HPE's Operations Orchestration

A Fastify example codebase for using dotenv

An Awesome List of Personal AI Assistant Tools, MCP Servers, and Resources

Manage GitHub repositories in bulk

A CLI providing a terminal user interface for NodeTLV international Node.js conference in Tel Aviv

A Bluesky embed component for Slidev (sli.dev)

A Claude Code Statusline showing Snyk Security status for the current project

why-are-you-not-using-dependency-injection

Express + TypeScripte template

No description.

No description.

A skill that creates skills, relies on the official skill-creator and then some!

Presentation: Open Source and the MEAN stack

Pact Workshop - Provider in Node.js

Exercise resources about HTTP security headers in Node.js and Express applications

Code snippets for showing common Node.js APIs to know about for backend development in 2024

MEAN.JS + Freeboard multi-purpose real-time dashboard

Lockfile injection research

No description.

Exploit Proof of Concept for allocation-of-resources-without-limits-or-throttling

A Claude Agent SDK security benchmark project

No description.

Web UI for easy setup and composition of open source project's badges

Log4Game is an educational game to learn about Log4shell and log4j related vulnerabilities in open source Java libraries

A Cloudflare webapp (Nuxt + Hono worker) uses Gemini API to analyze Israeli Payslips

A vulnerable AI demo app for Event Ticket Admission using visual AI

Crawling meetup.com to retrieve data

A Neural Network that solves an ASCII based Maze

Converts an Array to an Object Hash based on specified object key

Angular 2 web interface for converting CRON notation to Quartz Scheduler format

React.js based project to serve as a console for Companies to register and provide feedback loop to job applicants

PieMyVulns Twitter bot cloud functions for firebase

Node.js maintainers security best practices

No description.

supply chain security and package health API

No description.

No description.

No description.

An example vulnerable app (SSRF) with Laravel PHP web framework

No description.

The software guidebook for techtribes.je

No description.

No description.

A Snyk themed screen-saver style website

No description.

AI App to generate selfie with Yoda using Gemini Nano Banana, AI SDK and Nuxt App

No description.

Presentation: Welcome to GitHub

npm audit client poc

A Neural Network that predicts whether a number is even or odd based on its binary representation

A repository for useful Home Assistant config and utils

Express hello world app

No description.

No description.

MCP Server enhancing Fast Agent Python framework for terminal chat bot

No description.

Elggx Userpoints allows users to accumulate points for actions such as posting blogs, commenting, logging in, tagging a photo and many other actions.

Elgg Polls

Fivestar adds a clean, attractive voting widget to Elgg.

No description.

No description.

Book: The Emerging Engineering Manager

No description.

The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.

CVE-2024-21533 PoC ggit

CVE-2024-21532 PoC ggit

Automerge PRs after green CI checks

Creative Selfie Booth images with Gemini Nano Banana

ESM package that is marked as deprecated on various registries

No description.

Node.js CLI to run a filter query on Jira REST API and return the data

No description.

No description.

Example code project for Lemon Squeezy webhook on Firebase Functions with Fastify

An Astro-native integration for Trigger.dev background jobs platform

Created with StackBlitz ⚡️

No description.

No description.

No description.

Publicly disclosed Proof-of-Concept (POC) exploit for the [email protected] version

A set of Mastra AI agent workflows to evaluate conference proposals (CFPs) and speakers

A benchmark of Node.js Docker images

NodeJS Tool for scheduling and converting crontab entries to HPE's Operations Orchestration

Snyk Theme for Slidev presentation tool

A declarative, efficient, and flexible JavaScript library for building user interfaces.

The Project shares all information on MCP related CVE's published

Hirefeed's project Admin Management platform

No description.