Liran Tal | The Blog Pros

May 13, 2019

Snyk Found Over Four Times More Vulnerabilities in RHEL, Debian, and Ubuntu

Snyk recently released its annual State of Open-Source Security Report for 2019, which highlights the current landscape of open-source security, as a whole, and clearly illustrates that vulnerabilities in container images are no exception.

The report showed results from data collected in a recent survey of more than 500 open-source developers and maintainers, data from public application registries, library datasets, GitHub repositories, and Snyk’s comprehensive vulnerability database continuously pulling in data from hundreds of thousands of projects monitored and protected by Snyk.

May 3, 2019

How to Avoid Leaking Sensitive Information Into Docker Images

This tip is part of a complete 10 Docker image security best practices you should adopt. Thanks for reading, and thanks to Omer Levi Hevroni who worked helped me.

Sometimes, when building an application inside a Docker image, you need secrets such as an SSH private key to pull code from a private repository, or you need tokens to install private packages.

April 26, 2019

JavaScript and Node.js Security: The Common Pitfalls [Video]

JavaScript and Node.js have shown themselves to be amazing platforms. Their sheer ease of use has empowered an entire community of creative individuals to build amazing things. As in all cases, however, amongst the goodness lurk some risks. Nobody’s perfect, including Node.js and JavaScript, and a language’s strength can quickly translate to its vulnerability if looked through an evil (or paranoid) lens.

We created a cheat sheet on 10 npm Security Best Practices that we encourage you to follow where you will find npm security and productivity tips for both open source maintainers and developers.

April 25, 2019

Reasons to Love Jest: The Developer Experience

I'm a developer advocate at Snyk, and couldn't reinforce more how important it is to test your applications for security vulnerabilities in third-party open source libraries. If there's something I like as much as the sSyk developer tooling, it's Jest. The developer experience with it just amazing!

Oh yes. The developer experience with Jest is transforming the act of writing tests from a chore to hell of a fun time. I promise!

April 24, 2019

So You Think You’re Just Gonna npm install? Think Again

We embraced the birth of package lockfiles with open arms, which introduced deterministic installations across different environments and enforced dependency expectations across team collaboration.

Life is good! Or so I thought… what would have happened had I slipped some changes into the project’s package.json file but had forgotten to commit the lockfile along side of it?

April 16, 2019

Node.js and Yarn for Happy Local Package Development

This is not another praise piece for npm package management with Yarn, but rather a concise recipe for working with locally developed packages.

npm modules begin their lives when you init them on your local dev machine, but there comes a point when you want to test them out or simply use them with other Node.js projects you have.