Skip to content

Instantly share code, notes, and snippets.

Avatar

Liran Tal lirantal

View GitHub Profile
@lirantal
lirantal / snyk-frontend-vulns-convert-to-wpt-format.js
Created Jul 12, 2020
Transform Snyk's frontend vulns snapshot to WebPageTest DB
View snyk-frontend-vulns-convert-to-wpt-format.js
/* eslint-disable security/detect-non-literal-fs-filename */
/* eslint-disable security/detect-object-injection */
'use strict'
const fs = require('fs')
// const
const filePath = process.argv[2]
console.log('Input file is: ', filePath)
@lirantal
lirantal / why-absence-of-lockfiles-doesnt-help-consumers.md
Created Dec 30, 2019
why-absence-of-lockfiles-doesnt-help-consumers.md
View why-absence-of-lockfiles-doesnt-help-consumers.md

Why the absence of lockfiles doesn't help consumers

  1. you build a library: thewesley
  2. it has no lockfile
  3. it has a prod dep: baby-yoda@~1.0.0
  4. you published thewesley@1.0.0 and tested it works well with baby-yoda@1.0.0
  5. it’s Dec 30: you’re on your honeymoon
  6. it’s Dec 31: baby-yoda published incompatible version@1.0.1
  7. it’s Jan 1st: I install thewesley@1.0.0
@lirantal
lirantal / README.md
Created Dec 23, 2019
lockfile-lint concerns with package.lock
View README.md

How to reproduce

  1. Use only the package.json manifest
  2. Run npm install
  3. Check /tmp/world.txt (should be empty)
  4. Update the package-lock.json file with the one provided in this gist
  5. Run rm -rf node_modules/ && npm install (notice how it's necessary in this vector to remove the node_modules/ folder)
  6. Confirm /tmp/world.txt is now created on the filesystem

References

@lirantal
lirantal / README.md
Last active Dec 23, 2019
lockfile-lint concerns with yarn.lock
View README.md

How to reproduce

  1. Use only the package.json manifest
  2. Run yarn install
  3. Check /tmp/world.txt (should be empty)
  4. Update the yarn.lock file with the one provided in this gist
  5. Run yarn install (or yarn install --frozen-lockfile which is also susceptible to this attack vector)
  6. Confirm /tmp/world.txt is now created on the filesystem
@lirantal
lirantal / making-the-terminal-great-again-jsheroes.md
Created Apr 20, 2018
making-the-terminal-great-again-jsheroes.md
View making-the-terminal-great-again-jsheroes.md
What's the advantage of having a dashboard in the terminal instead of for example a webpage?

-> it’s mostly about context-switch for me. about dockly for example, it’s not just to open a webpage, you first need to run the container with the web ui, etc. I generally find it more comfortable just to say on the terminal if I can.

1. What shell do you use?
2. How did you make your terminal to look like that? :)
3.
@lirantal
lirantal / example-regex.js
Created Feb 9, 2018
How a RegEx can bring your system down
View example-regex.js
var testEmail = /^([a-zA-Z0-9])(([\-.]|[_]+)?([a-zA-Z0-9]+))*(@){1}[a-z0-9]+[.]{1}(([a-z]{2,3})|([a-z]{2,3}[.]{1}[a-z]{2,3}))$/.exec('john@example.com');
View jscodemod-import-statistics.js
const fs = require('fs');
const crypto = require('crypto');
module.exports = function transformer(file, api, options) {
const j = api.jscodeshift;
const importSource = options.importSource || '';
const importInstances = [];
j(file.source)
.find(j.ImportDeclaration)
@lirantal
lirantal / protractor_element_explorer.md
Last active Oct 3, 2018
protractor element explorer
View protractor_element_explorer.md
@lirantal
lirantal / terminal-with-powerline.sh
Last active Mar 24, 2020
Hyper terminal + Powerline 9k terminal theme for oh-my-zsh
View terminal-with-powerline.sh
# Use hyper.is or iTerm2 as terminal emulators
# Install ohmyzsh
# https://github.com/robbyrussell/oh-my-zsh
# Copy over configs from ~/.bash_profile
# For example, it may have the nvm setup or any aliases like exa=ls and cat=bat
# ~/.hyper.js configuration:
copyOnSelect: true
@lirantal
lirantal / index.js
Last active Mar 26, 2017
LicenseWatch-CLI With Blessed UI
View index.js
'use strict'
const LicenseWatch = require('licensewatch')
const blessed = require('blessed')
const blessedContrib = require('blessed-contrib')
const fs = require('fs')
const screen = blessed.screen()
var bar = blessedContrib.bar({
You can’t perform that action at this time.