DEV Community

Ofri Peretz profile picture

Ofri Peretz

IC5/M2 Leader @ Snappy US. Building revenue APIs & AI-ready ESLint plugins. Expert in distributed teams, scalable infra, and fostering a culture of craftsmanship.

Location Austin, Texas, USA Joined Joined on  Personal website https://ofriperetz.dev?utm_source=devto&utm_medium=profile&utm_campaign=website-field twitter website

Education

CS

Work

Engineering Manager @ Snappy | Open Source Developer | ESLint for AI tools

Pin Pinned

eslint-plugin-import Spends 148s Finding Circular Deps in 5,000 Files. import-next Does It in 2.7s.
ofri-peretz profile

eslint-plugin-import Spends 148s Finding Circular Deps in 5,000 Files. import-next Does It in 2.7s.

#eslint #javascript #performance #benchmark
Comments 1
5 min read
I Inherited a 3,000-Line Codebase. One ESLint Run Found 26 Critical Security Bugs.
ofri-peretz profile

I Inherited a 3,000-Line Codebase. One ESLint Run Found 26 Critical Security Bugs.

#eslint #security #node #devsecops
12
Comments 6
4 min read
Getting Started with eslint-plugin-mongodb-security
ofri-peretz profile

Getting Started with eslint-plugin-mongodb-security

#security #node #devsecops #eslint
1
Comments
3 min read

Want to connect with Ofri Peretz?

Create an account to connect with Ofri Peretz. You can also sign in below to proceed if you already have an account.

Create Account
Already have an account? Sign in
Three SQL Injection Patterns That Still Ship in Node.js — And the ESLint Rule That Catches Them
ofri-peretz profile

Three SQL Injection Patterns That Still Ship in Node.js — And the ESLint Rule That Catches Them

#security #postgres #node #eslint
Comments
5 min read
Claude vs Gemini Across 4 Security Domains: A Dead Heat — and the Hardening 63% of AI Code Skips
ofri-peretz profile

Claude vs Gemini Across 4 Security Domains: A Dead Heat — and the Hardening 63% of AI Code Skips

#ai #security #googleai #eslint
4
Comments 4
8 min read
The Bug That Passes Every Toolchain Check: Circular Dependencies in JavaScript
ofri-peretz profile

The Bug That Passes Every Toolchain Check: Circular Dependencies in JavaScript

#javascript #typescript #eslint #node
1
Comments 1
7 min read
Payload CMS Has 508 Circular Dependencies. Next.js Has 17. Here's Why They Form in Every Large JS Codebase.
ofri-peretz profile

Payload CMS Has 508 Circular Dependencies. Next.js Has 17. Here's Why They Form in Every Large JS Codebase.

#eslint #javascript #typescript #node
Comments
10 min read
Math.random() Is Not Secure. I Found It Generating API Keys in a 44K-Star Repo.
ofri-peretz profile

Math.random() Is Not Secure. I Found It Generating API Keys in a 44K-Star Repo.

#security #javascript #node #devsecops
4
Comments
5 min read
Same NestJS Prompt. Claude Got 6 Security Errors. Gemini Got 2. Here's What Both Got Wrong.
ofri-peretz profile

Same NestJS Prompt. Claude Got 6 Security Errors. Gemini Got 2. Here's What Both Got Wrong.

#ai #security #googleai #geminichallenge
2
Comments
6 min read
5 Cycles Invisible in 14,556 Files. The Cache Bug That Hid Them.
ofri-peretz profile

5 Cycles Invisible in 14,556 Files. The Cache Bug That Hid Them.

#eslint #javascript #node #typescript
1
Comments
7 min read
import-next/no-cycle Reported 0 Cycles on Next.js. We Found Why — and Fixed It.
ofri-peretz profile

import-next/no-cycle Reported 0 Cycles on Next.js. We Found Why — and Fixed It.

#eslint #javascript #node #webdev
1
Comments
5 min read
Claude Wrote a NestJS Service. TypeScript Was Happy. ESLint Found 6 Security Holes.
ofri-peretz profile

Claude Wrote a NestJS Service. TypeScript Was Happy. ESLint Found 6 Security Holes.

#ai #security #node #devsecops
3
Comments 7
10 min read
I Inherited a NestJS Codebase. The First Lint Run Found 6 Vulnerabilities.
ofri-peretz profile

I Inherited a NestJS Codebase. The First Lint Run Found 6 Vulnerabilities.

#nestjs #security #node #devsecops
1
Comments
5 min read
I Benchmarked 17 ESLint Security Plugins. Only One Found Every Vulnerability.
ofri-peretz profile

I Benchmarked 17 ESLint Security Plugins. Only One Found Every Vulnerability.

#security #eslint #javascript #benchmark
Comments
9 min read
no-cycle finds 0 cycles in next.js (and other lies caches tell you)
ofri-peretz profile

no-cycle finds 0 cycles in next.js (and other lies caches tell you)

#eslint #staticanalysis #performance #algorithms
Comments
5 min read
Aggregate Benchmarks Lie. Here's What 700 AI Functions Look Like by Security Domain.
ofri-peretz profile

Aggregate Benchmarks Lie. Here's What 700 AI Functions Look Like by Security Domain.

#ai #security #googleai #javascript
Comments
12 min read
What ground truth caught that unit tests missed: 3 real bugs in 9 flagship lint rules
ofri-peretz profile

What ground truth caught that unit tests missed: 3 real bugs in 9 flagship lint rules

#staticanalysis #eslint #testing #benchmarks
Comments
7 min read
We Ranked 5 AI Models by Security. The Leaderboard Is Wrong.
ofri-peretz profile

We Ranked 5 AI Models by Security. The Leaderboard Is Wrong.

#ai #security #googleai #gemini
2
Comments
9 min read
The AI Hydra Problem: Fix One AI Bug, Get Two More
ofri-peretz profile

The AI Hydra Problem: Fix One AI Bug, Get Two More

#ai #security #javascript #eslint
Comments
12 min read
Microsoft's SDL ESLint Plugin Caught 3 of My Node Vulns; the Domain Plugins Caught 46 — It's a Frontend Tool
ofri-peretz profile

Microsoft's SDL ESLint Plugin Caught 3 of My Node Vulns; the Domain Plugins Caught 46 — It's a Frontend Tool

#security #eslint #javascript #benchmark
1
Comments
4 min read
SonarJS Has 269 Rules and Found 13 Security Issues Where the Domain Plugins Found 46 — It's a Quality Linter
ofri-peretz profile

SonarJS Has 269 Rules and Found 13 Security Issues Where the Domain Plugins Found 46 — It's a Quality Linter

#security #eslint #javascript #benchmark
Comments
4 min read
eslint-plugin-security Is the 14-Rule Generic Floor. Here's the Domain Depth to Layer on Top.
ofri-peretz profile

eslint-plugin-security Is the 14-Rule Generic Floor. Here's the Domain Depth to Layer on Top.

#security #eslint #javascript #node
Comments
4 min read
I Let Claude Write 80 Functions. 65-75% Had Security Vulnerabilities.
ofri-peretz profile

I Let Claude Write 80 Functions. 65-75% Had Security Vulnerabilities.

#ai #security #eslint #javascript
4
Comments 4
12 min read
PostgreSQL's COPY FROM Can Read /etc/passwd Into Your Database. One ESLint Rule Blocks It.
ofri-peretz profile

PostgreSQL's COPY FROM Can Read /etc/passwd Into Your Database. One ESLint Rule Blocks It.

#eslint #postgres #security #node
Comments
5 min read
One INSERT Loop Made Our CSV Import 500x Slower. One ESLint Rule Catches It Before It Ships.
ofri-peretz profile

One INSERT Loop Made Our CSV Import 500x Slower. One ESLint Rule Catches It Before It Ships.

#eslint #postgres #performance #node
1
Comments 3
4 min read
search_path Hijacking: the PostgreSQL Attack That Turns SELECT * FROM users Into the Attacker's Table
ofri-peretz profile

search_path Hijacking: the PostgreSQL Attack That Turns SELECT * FROM users Into the Attacker's Table

#eslint #postgres #security #node
Comments
4 min read
Your Express App Has No Helmet, No Rate Limit, and a ReDoS in Its Routes. 10 ESLint Rules Catch the Middleware You Forgot.
ofri-peretz profile

Your Express App Has No Helmet, No Rate Limit, and a ReDoS in Its Routes. 10 ESLint Rules Catch the Middleware You Forgot.

#eslint #express #security #node
Comments
5 min read
NestJS Hands You Guards, Pipes, and Throttlers. Your Controllers Ship Without Them. 6 ESLint Rules Catch What You Forgot.
ofri-peretz profile

NestJS Hands You Guards, Pipes, and Throttlers. Your Controllers Ship Without Them. 6 ESLint Rules Catch What You Forgot.

#eslint #nestjs #security #node
Comments
5 min read
An SSRF in Your Lambda Steals the Execution Role. Action: '*' Hands Over the Account. 14 ESLint Rules Break the Chain.
ofri-peretz profile

An SSRF in Your Lambda Steals the Execution Role. Action: '*' Hands Over the Account. 14 ESLint Rules Break the Chain.

#eslint #aws #lambda #serverless
Comments
6 min read
Your Frontend Stores JWTs in localStorage and Posts to '*'. 45 ESLint Rules Catch What the Backend Audit Misses.
ofri-peretz profile

Your Frontend Stores JWTs in localStorage and Posts to '*'. 45 ESLint Rules Catch What the Backend Audit Misses.

#eslint #javascript #security #browser
Comments
6 min read
jsonwebtoken Will Verify a Token Signed With algorithm: none. These 13 ESLint Rules Stop It.
ofri-peretz profile

jsonwebtoken Will Verify a Token Signed With algorithm: none. These 13 ESLint Rules Stop It.

#eslint #jwt #security #authentication
Comments
5 min read
MD5, exec(), and Zip Slip: 34 ESLint Rules That Fail Your Node.js CI Before They Ship.
ofri-peretz profile

MD5, exec(), and Zip Slip: 34 ESLint Rules That Fail Your Node.js CI Before They Ship.

#eslint #node #security #cryptography
Comments
6 min read
Performance at Scale: The Static Analysis Standard for 100x Faster Linting
ofri-peretz profile

Performance at Scale: The Static Analysis Standard for 100x Faster Linting

#eslint #javascript #imports #tutorial
Comments
2 min read
Your Vercel AI SDK Agent Has 19 Attack Surfaces. Here's an ESLint Rule for Each.
ofri-peretz profile

Your Vercel AI SDK Agent Has 19 Attack Surfaces. Here's an ESLint Rule for Each.

#eslint #ai #security #vercel
Comments
10 min read
BEGIN on a Postgres Pool Scatters Your Transaction Across Connections. One ESLint Rule Stops It.
ofri-peretz profile

BEGIN on a Postgres Pool Scatters Your Transaction Across Connections. One ESLint Rule Stops It.

#eslint #postgres #node #database
Comments
4 min read
A Missing client.release() Exhausted Our Postgres Pool at 3 AM. The ESLint Rule That Catches It.
ofri-peretz profile

A Missing client.release() Exhausted Our Postgres Pool at 3 AM. The ESLint Rule That Catches It.

#eslint #postgres #node #database
Comments
4 min read
A Hardcoded sk_live_ Key Passes Code Review. It Won't Pass These 27 ESLint Rules.
ofri-peretz profile

A Hardcoded sk_live_ Key Passes Code Review. It Won't Pass These 27 ESLint Rules.

#eslint #security #javascript #tutorial
Comments
7 min read
pg Lets You Concatenate SQL, Hijack search_path, and Leak Every Connection. 13 ESLint Rules Say No.
ofri-peretz profile

pg Lets You Concatenate SQL, Hijack search_path, and Leak Every Connection. 13 ESLint Rules Say No.

#eslint #postgres #node #database
Comments
6 min read
8 of the OWASP Top 10 Are ESLint Rules. 2 Aren't — and That's the Honest Audit Answer.
ofri-peretz profile

8 of the OWASP Top 10 Are ESLint Rules. 2 Aren't — and That's the Honest Audit Answer.

#eslint #security #owasp #devsecops
1
Comments
8 min read
13 Security Questions Every JavaScript Interview Asks — and the ESLint Rule That Answers Each in CI
ofri-peretz profile

13 Security Questions Every JavaScript Interview Asks — and the ESLint Rule That Answers Each in CI

#eslint #career #security #javascript
Comments
5 min read
The JWT alg:none Attack: Change One Header Field, Forge an Admin Token. One ESLint Rule Blocks It.
ofri-peretz profile

The JWT alg:none Attack: Change One Header Field, Forge an Admin Token. One ESLint Rule Blocks It.

#eslint #security #jwt #node
1
Comments
3 min read
'3 Lines of Vercel AI SDK Code Are a Prompt-Injection Hole — and "Just Sanitize It" Won''t Close It'
ofri-peretz profile

'3 Lines of Vercel AI SDK Code Are a Prompt-Injection Hole — and "Just Sanitize It" Won''t Close It'

#eslint #ai #security #vercel
Comments
4 min read
Your node-postgres Data Layer Fails 4 Ways in Production. SQL Injection Is Only the First.
ofri-peretz profile

Your node-postgres Data Layer Fails 4 Ways in Production. SQL Injection Is Only the First.

#eslint #postgres #node #security
Comments
4 min read
AI Coding Assistants Hardcode Secrets. This ESLint Rule Catches Them — in a Format the AI Can Auto-Fix.
ofri-peretz profile

AI Coding Assistants Hardcode Secrets. This ESLint Rule Catches Them — in a Format the AI Can Auto-Fix.

#eslint #javascript #security #devops
Comments
5 min read
Post-Mortem: Why ESLint Performance Failed (And the 100x Fix)
ofri-peretz profile

Post-Mortem: Why ESLint Performance Failed (And the 100x Fix)

#eslint #javascript #performance #typescript
Comments
2 min read
Same Vulnerable File, 4 Linters: Oxlint Native Caught 1, eslint-plugin-security 21, Interlace 46
ofri-peretz profile

Same Vulnerable File, 4 Linters: Oxlint Native Caught 1, eslint-plugin-security 21, Interlace 46

#eslint #security #javascript #webdev
Comments
5 min read
Your Vercel AI SDK Agent Can Delete Your Database. 5 ESLint Rules That Gate Every Tool Call.
ofri-peretz profile

Your Vercel AI SDK Agent Can Delete Your Database. 5 ESLint Rules That Gate Every Tool Call.

#eslint #ai #security #vercel
Comments
5 min read
Your Vercel AI SDK App vs the OWASP LLM Top 10: 8 Categories ESLint Catches in CI — and 2 It Honestly Can't.
ofri-peretz profile

Your Vercel AI SDK App vs the OWASP LLM Top 10: 8 Categories ESLint Catches in CI — and 2 It Honestly Can't.

#eslint #ai #security #owasp
Comments
4 min read
Your Vercel AI SDK App Has a Prompt Injection Vulnerability — in 1 of 3 Places. Here's the ESLint Rule for Each.
ofri-peretz profile

Your Vercel AI SDK App Has a Prompt Injection Vulnerability — in 1 of 3 Places. Here's the ESLint Rule for Each.

#eslint #vercel #ai #security
Comments
4 min read
loading...