Liran Tal articles - 74 total
Getting started with Neural Networks in JavaScript
Much of the tooling and educational content around machine learning is focused on Python and its...
How I use GenAI to Speed Up Demo Apps in My DevRel Role
Often the questions posed to software developers is whether AI will replace them. If you’re a...
What is an LLMs.txt File?
Large Language Models have made it into mainstream fields of technologies, beyond code generation,...
The CJS module system, globals and other hardships with maintainable code in Node.js
In the next set of examples we will review some common scenarios of tight coupling in Node.js...
What would you say are your top most struggles when it comes to securing your Node.js apps today?
server-side security challenges
How to Read and Parse PDFs with PDF.js and Create PDFs with PDF Lib in Node.js
You probably caught up on the title that we are going to mention two different npm packages to handle...
TypeScript in 2025 with ESM and CJS npm publishing is still a mess
How does the JavaScript ecosystem tooling looks like in 2025 for TypeScript developers and publishing...
Home Assistant YouTube DNS Blocking with AdGuard and Lovelace Buttons Setup
In a prior article I’ve written how to block client devices in your LAN from accessing YouTube on...
Customizing Astro Starlight Sidebar for Gated Content with Authentication
The Astro framework powers this personal blog, my Node.js Secure Coding website, and now my newly...
How to Setup Google Cloud Project and Store Images in Google Cloud
In this write-up I will describe how to setup a Google Cloud project (on GCP) and use it to store...
Thinking Fast and Slow in Application Security
Imagine if we applied behavioral economics principles to application security methodologies and...
Component auto import in Astro framework
The Astro frontend framework is such a delight to work with but I was missing a feature with regards...
Using Promise.withResolvers in Node.js Tests
If you often encounter scenarios where managing asynchronous operations efficiently is crucial but...
Supercharging Your Vue.js 3 App with TanStack Query: A Practical Refactoring Guide
Hey there fellow Vue.js enthusiasts! 👋 Ever found yourself wrestling with data fetching in your...
Zero Dependency JavaScript is the Future?
The JavaScript ecosystem is well known for its use of small packages (left-pad anyone?) and being a...
How to run a local LLM for inference with an offline-first approach
The Large Language Model (LLM) hype train is in full swing even two years after the release of the...
GenAI Predictions and The Future of LLMs as local-first offline Small Language Models (SLMs)
We’ve been increasingly accustomed to subscription-based economic model, which did not skip the GenAI...
Installing Playwright on Heroku for Programmatic Node.js Browser Automation
Installing Playwright on Heroku is a bit more involved than just running npm install playwright and...
Poor Express Authentication Patterns in Node.js and How to Avoid Them
It’s ok to roll your own authentication if you want to build that into your Express applications, but...
How to block LAN clients from accessing YouTube and other media with AdGuard and Home Assistant
I use Home Assistant to manage my smart home devices and AdGuard Home to block ads, lower bandwidth...
HTTP webhooks on Firebase Functions and Fastify: A Practical Case Study with Lemon Squeezy
I’m building a side-project on Firebase and as it usually is with overly abstracted platforms, the...
How To Get Social Media Previews Right on Astro blog with OpenGraph Meta Tags
So, you’ve got this fantastic website, and you’re ready to share it with the world. But wait, have...
Best Practices for Bootstrapping a Node.js Application Configuration
Bootstrapping a Node.js application often requires loading configuration, whether from environment...
How I Deployed Tailscale VPN to Securely Access Home Assistant Remotely
Often smart home automation enthusiasts want to access their Home Assistant instance remotely. This...
Environment variables and configuration anti patterns in Node.js applications
Crafting robust and maintainable applications is no small feat. One of the fundamental pillars of...
Vue.js Patterns: Using Vue.js 3 Composition API for Reactive Parent to Child Communication
Here’s the use-case: A parent Vue.js component needs to pass data to a child component. It does so...
How to Process Scheduled Queue Jobs in Node.js with BullMQ and Redis on Heroku
Background job processing is a technique for running tasks that can take a long time to complete in a...
Securing Your Node.js Apps by Analyzing Real-World Command Injection Examples
This article explores real-world command injection vulnerabilities that have impacted popular applications, emphasizing the need for secure coding practices. We take you through the background of Node.js and its vast user base, setting the stage for understanding the gravity of command injection attacks.
An Introduction to Command Injection Vulnerabilities in Node.js and JavaScript
Command injection vulnerabilities pose a significant threat to Node.js and JavaScript applications' security. By understanding the risks involved, referencing real-world incidents, and following best practices, developers can effectively mitigate these vulnerabilities. Remember, validating and sanitizing user input, utilizing command argument separation, and following the least privilege principle are essential steps toward creating secure applications.
The security concerns of a JavaScript sandbox with the Node.js VM module
Were you tasked with building a product that requires the execution of dynamic JavaScript originating...