
Celebrating Community: My Journey to Receiving the GitHub Stars 2023 Award
Reflecting on the spirit of the GitHub Stars award and capturing the essence of the journey towards the recognition and open source community engagement.
Liran Tal researches AI Security with a focus on hardening agentic developer workflows and the Model Context Protocol (MCP). Over the past years, Liran has uncovered and responsibly disclosed CVEs in MCP servers, AI frameworks, and open-source libraries, publishing practical write-ups that show how issues like command injection, path traversal, and SQL read-only bypasses emerge in real systems and how to mitigate them. His work also extends to open-source projects that audit and documents supply chain security, how tool-poisoning in MCP tool metadata can steer agents toward unsafe actions, along with concrete guardrails for build pipelines, IDE assistants, and CI that keep AI-generated code from introducing vulnerabilities. Beyond AI, Liran is a longstanding Node.js developer and secure-coding advocate. He authored books on Node.js security, contributed to the Node.js Security Working Group, and led community education through OWASP initiatives and the OpenSSF Secure Coding Labs. He's recognized as a GitHub Star and received the OpenJS Foundation JavaScriptLandia "Pathfinder for Security" award. Today, he leads Developer Relations at Snyk, where he turns research into approachable education with guidance—frameworks, demos, policies, and tooling that teams can adopt to safely use LLMs, agentic systems, and secure code in production.
Testimonials from social media
FANTASTIC WORKSHOP! Learned a ton! Thanks a lot 🙏
👀 Wow what great work from @HTTPArchive on the 2022 Web Almanac's Security chapter! Nice job @_clarkio, @liran_tal, @Saptak013 https://almanac.httparchive.org/en/2022/security Lots of detailed analysis of progress and opportunities to better secure the web
What an honor. Thank you Liran. Some people talk about AppSec (me) and some people really dig in and do the work (you). I’m a big fan. 🤙🏻
This is an excellent little article by @liran_tal on installing Ruby on macOS for local development. There are plenty of options available to you. (I prefer `asdf`.) The most important thing is not to use the system Ruby.
This is one of the best guides I've seen on this topic, really cool stuff. Definitely going to take a look at @snyksec's @github action to add it in our @hoprnet project.
This has become my primary source for learning docker with node. Thanks for sharing these 💝
After being in a workshop by @liran_tal and realizing that RegExps can be exploited fairly easily, I decided to use a validation library. I even contributed to the @DefinitelyTyped definition of it :D
Just watched @liran_tal's talk about path traversal vulnerability @NodeConfEU. It was absolutely amazing! I was always into security issues and learning things from such an expert was an honor!
Reflecting on the spirit of the GitHub Stars award and capturing the essence of the journey towards the recognition and open source community engagement.
It is likely you experienced the painful situation of deploying to production only to find out that an API service you integrate with has…
In this post, I will show you some advanced usage patterns for working with Playwright in order to take a screenshot of a specific element and modify the contents of the image, either before taking the screenshot or after, using image preprocessing tools.
Oh yes. The Developer Experience with Jest is transforming the act of writing tests from a chore to hell of a fun time, promise! 🤓