DEV Community

Ofri Peretz profile picture

Ofri Peretz

IC5/M2 Leader @ Snappy US. Building revenue APIs & AI-ready ESLint plugins. Expert in distributed teams, scalable infra, and fostering a culture of craftsmanship.

Location Austin, Texas, USA Joined Joined on  Personal website https://ofriperetz.dev?utm_source=devto&utm_medium=profile&utm_campaign=website-field twitter website

Education

CS

Work

Engineering Manager @ Snappy | Open Source Developer | ESLint for AI tools

Pin Pinned

eslint-plugin-import Spends 148s Finding Circular Deps in 5,000 Files. import-next Does It in 2.7s.
ofri-peretz profile

eslint-plugin-import Spends 148s Finding Circular Deps in 5,000 Files. import-next Does It in 2.7s.

#eslint #ai #googleai #geminichallenge
Comments 1
12 min read
I Inherited a 3,000-Line Codebase. 30 Minutes of ESLint Found 26 Critical Bugs.
ofri-peretz profile

I Inherited a 3,000-Line Codebase. 30 Minutes of ESLint Found 26 Critical Bugs.

#security #node #ai #devsecops
12
Comments 6
6 min read
Your MongoDB Login Can Be Bypassed With No Password and No Quotes. The ESLint Plugin That Catches It.
ofri-peretz profile

Your MongoDB Login Can Be Bypassed With No Password and No Quotes. The ESLint Plugin That Catches It.

#security #node #devsecops #ai
1
Comments
6 min read

Want to connect with Ofri Peretz?

Create an account to connect with Ofri Peretz. You can also sign in below to proceed if you already have an account.

Create Account
Already have an account? Sign in
Three SQL Injection Patterns That Still Ship in Node.js — And the ESLint Rule That Catches Them
ofri-peretz profile

Three SQL Injection Patterns That Still Ship in Node.js — And the ESLint Rule That Catches Them

#ai #security #node #postgres
Comments
7 min read
Claude vs Gemini Across 4 Security Domains: A Dead Heat — and the Hardening 63% of AI Code Skips
ofri-peretz profile

Claude vs Gemini Across 4 Security Domains: A Dead Heat — and the Hardening 63% of AI Code Skips

#ai #security #googleai #eslint
6
Comments 7
8 min read
The Bug That Passes Every Toolchain Check: Circular Dependencies in JavaScript

Bundler trade-offs and hidden CI slowdowns
ofri-peretz profile

The Bug That Passes Every Toolchain Check: Circular Dependencies in JavaScript

#javascript #typescript #eslint #node
2
Comments 4
7 min read
Payload CMS Has 508 Circular Dependencies. Next.js Has 17. Here's Why They Form in Every Large JS Codebase.
ofri-peretz profile

Payload CMS Has 508 Circular Dependencies. Next.js Has 17. Here's Why They Form in Every Large JS Codebase.

#eslint #javascript #typescript #node
Comments
12 min read
Math.random() Is Not Secure. I Found It Generating API Keys in a 44K-Star Repo.
ofri-peretz profile

Math.random() Is Not Secure. I Found It Generating API Keys in a 44K-Star Repo.

#security #javascript #node #devsecops
4
Comments 2
5 min read
Same NestJS Prompt. Claude Got 6 Security Errors. Gemini Got 2. Here's What Both Got Wrong.
ofri-peretz profile

Same NestJS Prompt. Claude Got 6 Security Errors. Gemini Got 2. Here's What Both Got Wrong.

#ai #security #node #geminichallenge
2
Comments
10 min read
5 Cycles Invisible in 14,556 Files. The Cache Bug That Hid Them.
ofri-peretz profile

5 Cycles Invisible in 14,556 Files. The Cache Bug That Hid Them.

#eslint #node #ai #javascript
1
Comments
10 min read
Our no-cycle Rule Reported 0 Cycles on Next.js. oxlint Found 17. Here's the Bug.
ofri-peretz profile

Our no-cycle Rule Reported 0 Cycles on Next.js. oxlint Found 17. Here's the Bug.

#eslint #node #javascript #ai
1
Comments
12 min read
Claude Wrote a NestJS Service. TypeScript Was Happy. ESLint Found 6 Security Holes.
ofri-peretz profile

Claude Wrote a NestJS Service. TypeScript Was Happy. ESLint Found 6 Security Holes.

#ai #security #node #eslint
5
Comments 7
12 min read
I Inherited a NestJS Codebase. 12 Seconds of ESLint Found 47 Violations Across 6 Vulnerability Classes.
ofri-peretz profile

I Inherited a NestJS Codebase. 12 Seconds of ESLint Found 47 Violations Across 6 Vulnerability Classes.

#security #node #ai #devsecops
1
Comments 2
8 min read
The #1 ESLint Security Plugin Has 1.5M Downloads and Caught 0 of My 40 Vulnerabilities
ofri-peretz profile

The #1 ESLint Security Plugin Has 1.5M Downloads and Caught 0 of My 40 Vulnerabilities

#security #eslint #node #ai
Comments
12 min read
Our cycle detector reported 0. The real number was 245 files.
ofri-peretz profile

Our cycle detector reported 0. The real number was 245 files.

#eslint #node #ai #javascript
Comments
8 min read
Aggregate Benchmarks Lie. Here's What 700 AI Functions Look Like by Security Domain.
ofri-peretz profile

Aggregate Benchmarks Lie. Here's What 700 AI Functions Look Like by Security Domain.

#ai #security #googleai #eslint
Comments
15 min read
A 5KB corpus that runs in 3 seconds found 3 bugs months of unit tests missed
ofri-peretz profile

A 5KB corpus that runs in 3 seconds found 3 bugs months of unit tests missed

#eslint #testing #ai #security
Comments
10 min read
We Ranked 5 AI Models by Security. The Leaderboard Is Wrong.
ofri-peretz profile

We Ranked 5 AI Models by Security. The Leaderboard Is Wrong.

#ai #security #googleai #gemini
2
Comments
9 min read
The AI Hydra Problem: Fix One AI Bug, Get Two More
ofri-peretz profile

The AI Hydra Problem: Fix One AI Bug, Get Two More

#ai #security #javascript #eslint
Comments
12 min read
Microsoft's SDL ESLint Plugin Caught 3 Node Vulns. The Domain Plugins Caught 46 — Same File, Wrong Layer
ofri-peretz profile

Microsoft's SDL ESLint Plugin Caught 3 Node Vulns. The Domain Plugins Caught 46 — Same File, Wrong Layer

#security #node #ai #eslint
1
Comments
9 min read
SonarJS Has 269 Rules. On 40 Vulnerabilities It Caught 14 — It Misses 65% of the Security Surface.
ofri-peretz profile

SonarJS Has 269 Rules. On 40 Vulnerabilities It Caught 14 — It Misses 65% of the Security Surface.

#security #ai #eslint #geminichallenge
Comments
9 min read
Same File: eslint-plugin-security Caught 21, the Domain Plugins Caught 46. It's a Floor, Not a Ceiling.
ofri-peretz profile

Same File: eslint-plugin-security Caught 21, the Domain Plugins Caught 46. It's a Floor, Not a Ceiling.

#security #node #ai #eslint
Comments
8 min read
I Let Claude Write 80 Functions. 65-75% Had Security Vulnerabilities.
ofri-peretz profile

I Let Claude Write 80 Functions. 65-75% Had Security Vulnerabilities.

#ai #security #eslint #javascript
4
Comments 4
14 min read
PostgreSQL's COPY FROM Can Read /etc/passwd Into Your Database. One ESLint Rule Blocks It.
ofri-peretz profile

PostgreSQL's COPY FROM Can Read /etc/passwd Into Your Database. One ESLint Rule Blocks It.

#security #node #ai #devsecops
Comments
7 min read
One INSERT Loop Made Our CSV Import 500x Slower. One ESLint Rule Catches It Before It Ships.
ofri-peretz profile

One INSERT Loop Made Our CSV Import 500x Slower. One ESLint Rule Catches It Before It Ships.

#node #performance #ai #eslint
1
Comments 3
7 min read
search_path Hijacking: the PostgreSQL Attack That Turns SELECT * FROM users Into the Attacker's Table
ofri-peretz profile

search_path Hijacking: the PostgreSQL Attack That Turns SELECT * FROM users Into the Attacker's Table

#security #node #postgres #ai
Comments
7 min read
Your Express App Has No Helmet, No Rate Limit, and a ReDoS in Its Routes. 14 ESLint Rules Catch the Middleware You Forgot.
ofri-peretz profile

Your Express App Has No Helmet, No Rate Limit, and a ReDoS in Its Routes. 14 ESLint Rules Catch the Middleware You Forgot.

#eslint #express #security #ai
Comments
8 min read
NestJS Hands You Guards, Pipes, and Throttlers. You — and Your AI — Ship Controllers Without Them. 6 ESLint Rules Catch It.
ofri-peretz profile

NestJS Hands You Guards, Pipes, and Throttlers. You — and Your AI — Ship Controllers Without Them. 6 ESLint Rules Catch It.

#eslint #nestjs #security #ai
Comments
8 min read
An SSRF in Your Lambda Steals the Execution Role. Action: '*' Hands Over the Account. 14 ESLint Rules Break the Chain.
ofri-peretz profile

An SSRF in Your Lambda Steals the Execution Role. Action: '*' Hands Over the Account. 14 ESLint Rules Break the Chain.

#eslint #security #aws #ai
Comments
9 min read
Your Frontend Stores JWTs in localStorage and Posts to '*'. 45 ESLint Rules Catch What the Backend Audit Misses.
ofri-peretz profile

Your Frontend Stores JWTs in localStorage and Posts to '*'. 45 ESLint Rules Catch What the Backend Audit Misses.

#eslint #javascript #security #ai
Comments
9 min read
jsonwebtoken Will Verify a Token Signed With algorithm: none. These 13 ESLint Rules Stop It.
ofri-peretz profile

jsonwebtoken Will Verify a Token Signed With algorithm: none. These 13 ESLint Rules Stop It.

#security #ai #node #geminichallenge
Comments
11 min read
MD5, exec(), and Zip Slip: 34 ESLint Rules That Fail Your Node.js CI Before They Ship.
ofri-peretz profile

MD5, exec(), and Zip Slip: 34 ESLint Rules That Fail Your Node.js CI Before They Ship.

#security #node #ai #eslint
Comments
8 min read
Performance at Scale: The Static Analysis Standard for 100x Faster Linting
ofri-peretz profile

Performance at Scale: The Static Analysis Standard for 100x Faster Linting

#eslint #javascript #imports #tutorial
Comments
2 min read
Your Vercel AI SDK Agent Has 19 Attack Surfaces. Here's an ESLint Rule for Each.
ofri-peretz profile

Your Vercel AI SDK Agent Has 19 Attack Surfaces. Here's an ESLint Rule for Each.

#security #ai #eslint #googleai
Comments
16 min read
BEGIN on a Postgres Pool Scatters Your Transaction Across Connections. One ESLint Rule Stops It.
ofri-peretz profile

BEGIN on a Postgres Pool Scatters Your Transaction Across Connections. One ESLint Rule Stops It.

#eslint #node #ai #javascript
Comments
6 min read
A Missing client.release() Exhausted Our Postgres Pool at 3 AM. The ESLint Rule That Catches It.
ofri-peretz profile

A Missing client.release() Exhausted Our Postgres Pool at 3 AM. The ESLint Rule That Catches It.

#eslint #node #security #devsecops
Comments
9 min read
A Hardcoded sk_live_ Key Passes Code Review. It Won't Pass These 27 ESLint Rules.
ofri-peretz profile

A Hardcoded sk_live_ Key Passes Code Review. It Won't Pass These 27 ESLint Rules.

#eslint #security #javascript #ai
Comments
10 min read
node-postgres Will Happily Build a CVSS 9.8 SQL Injection For You. 13 ESLint Rules Say No.
ofri-peretz profile

node-postgres Will Happily Build a CVSS 9.8 SQL Injection For You. 13 ESLint Rules Say No.

#eslint #security #node #ai
Comments
9 min read
I Mapped the OWASP Top 10 to ESLint Rules. 8 Hold Up. 2 Are Vendor Theater.
ofri-peretz profile

I Mapped the OWASP Top 10 to ESLint Rules. 8 Hold Up. 2 Are Vendor Theater.

#security #ai #node #devsecops
1
Comments
10 min read
13 Security Questions Every JS Interview Asks — and Why Reciting Them Won't Stop You Shipping the Bug
ofri-peretz profile

13 Security Questions Every JS Interview Asks — and Why Reciting Them Won't Stop You Shipping the Bug

#security #ai #node #javascript
Comments
8 min read
The JWT alg:none Attack: Change One Header Field, Forge an Admin Token. One ESLint Rule Blocks It.
ofri-peretz profile

The JWT alg:none Attack: Change One Header Field, Forge an Admin Token. One ESLint Rule Blocks It.

#security #node #ai #eslint
1
Comments
5 min read
'3 Lines of Vercel AI SDK Code Are a Prompt-Injection Hole — and "Just Sanitize It" Won''t Close It'
ofri-peretz profile

'3 Lines of Vercel AI SDK Code Are a Prompt-Injection Hole — and "Just Sanitize It" Won''t Close It'

#security #ai #javascript #eslint
Comments
9 min read
Your node-postgres Data Layer Fails 4 Ways in Production. SQL Injection Is Only the First.
ofri-peretz profile

Your node-postgres Data Layer Fails 4 Ways in Production. SQL Injection Is Only the First.

#security #node #eslint #ai
Comments
7 min read
AI Coding Assistants Hardcode Secrets. This ESLint Rule Catches Them — in a Format the AI Can Auto-Fix.
ofri-peretz profile

AI Coding Assistants Hardcode Secrets. This ESLint Rule Catches Them — in a Format the AI Can Auto-Fix.

#security #ai #eslint #javascript
Comments
7 min read
Post-Mortem: Why ESLint Performance Failed (And the 100x Fix)
ofri-peretz profile

Post-Mortem: Why ESLint Performance Failed (And the 100x Fix)

#eslint #javascript #performance #typescript
Comments
2 min read
Same Vulnerable File, 4 Linters: Your Security Plugin Caught 21 of 46. Oxlint Native Caught 1.
ofri-peretz profile

Same Vulnerable File, 4 Linters: Your Security Plugin Caught 21 of 46. Oxlint Native Caught 1.

#security #node #javascript #eslint
Comments
8 min read
Your Vercel AI SDK Agent Can Delete Your Database. 5 ESLint Rules That Gate Every Tool Call.
ofri-peretz profile

Your Vercel AI SDK Agent Can Delete Your Database. 5 ESLint Rules That Gate Every Tool Call.

#eslint #ai #security #node
Comments
6 min read
Your Vercel AI SDK App vs the OWASP LLM Top 10: 8 Categories ESLint Catches in CI — and 2 It Honestly Can't.
ofri-peretz profile

Your Vercel AI SDK App vs the OWASP LLM Top 10: 8 Categories ESLint Catches in CI — and 2 It Honestly Can't.

#security #ai #owasp #geminichallenge
Comments
9 min read
Your Vercel AI SDK App Has a Prompt Injection Vulnerability — in 1 of 3 Places. Here's the ESLint Rule for Each.
ofri-peretz profile

Your Vercel AI SDK App Has a Prompt Injection Vulnerability — in 1 of 3 Places. Here's the ESLint Rule for Each.

#eslint #ai #security #node
Comments
6 min read
loading...