Liran Tal

Israel Israel

Hi lovely human! happy to meet you 🤗 I'm strongly passionate about open source software since an early age, and enjoy mentoring, and empowering others in the community. I'm a Director of Developer Advocacy at Snyk & Node.js Foundation Ecosystem Security Working Group 🥑 Node.js has been a love at first sight for me since 2014 when I joined to lead development on the MEAN.js framework ( A big passion of mine is creating Node.js command line applications, and actively advocating for web security through my work at Snyk, OWASP and the Node.js Foundation. 🚤 Creator of Gigsboat ( ✍️ Author of Essential Node.js Security ( ✍️ Author of O'Reilly Serverless Security ( 🔥 Author of Node.js CLI Best Practices ( 🦸‍♂️ Ambassador at foundations such as OpenSSF, Node.js Foundation's Ecosystem Security working group 🥑 DevRel at

Community Contributions


I built a vulnerable React application that has many security issues both due to outdated vulnerable dependencies but also due to insecure coding practices. My hope is that this work that I open sourced will be fruitful for developers to skill up on their security knowledge, and in particular in writing secure React codebases. My premise for this open source GitHub repository: Modern frontend frameworks like React are well thought-of in their application security design and that’s great. However, there is still plenty of room for developers to make mistakes and use insecure APIs, vulnerable components, or generally do the wrong thing that turns user input into a Cross-site Scripting vulnerability (XSS). Let me show you how React applications get hacked in the real-world.
Open source project / 11-27-2021


Detect trojan source attacks that employ unicode bidi attacks to inject malicious code. Why is Anti Trojan Source important? The following publication on the topic of unicode characters attacks, dubbed Trojan Source: Invisible Vulnerabilities, has caused a lot of concern from potential supply chain attacks where adversaries are able to inject malicious code into the source code of a project, slipping by unseen in the code review process. For more information on the topic, you're welcome to read on the official website and the following source code repository which contains the source code of the publication.
Open source project / 11-05-2021

Gigsboat - Track your speaking activities all within your GitHub opensource repository!

Do you have a boatload of speaking gigs? Use the gigsboat CLI to manage them all via GitHub in the open source way! Gigsboat is a GitHub-driven approach to manage your speaking activities. Anything from podcasts, conference talks to webinars, it's all tracked using an open source repository with automation around it. With Gigsboat you own your data by keeping track of your speaking engagements using simple YAMLs in a GitHub repository, then a GitHub Actions workflow kicks in with a special CLI (@gigsboat/cli), and transforms them into a beautiful markdown format as your repo’s README, and spices it up with visual badges for stats It utilizes a special GitHub Repository Templates to allow anyone to kickstart their own public speaking repo super fast and hassle-free. Here’s my own public speaking repository based on gigsboat:
Open source project / 10-22-2021