TypeScript, Security, and Type Juggling with Ariel Shulman & Liran Tal - JSJ 679
JavaScript Jabber29 Touko 2025

TypeScript, Security, and Type Juggling with Ariel Shulman & Liran Tal - JSJ 679

In this episode, we dove headfirst into the swirling waters of TypeScript, its real-world use cases, and where it starts to fall short—especially when it comes to security. Joining us from sunny Tel Aviv (and a slightly cooler Portland), we had the brilliant Ariel Shulman and security advocate Liran Tal bring the heat on everything from type safety to runtime vulnerabilities.


We started off with a friendly debate: Has TypeScript really taken over the world? Our verdict? Pretty much. Whether it’s starter projects, enterprise codebases, or AI-generated snippets, TypeScript has become the de facto standard. But as we quickly found out, that doesn’t mean it’s perfect.


Key Takeaways:
-TypeScript ≠ Security
We tend to trust TypeScript a bit too much. It’s a build-time tool, not a runtime enforcer. As Liran pointed out, “TypeScript is not a security tool,” and treating it like one leads to dangerous assumptions.
-Type Juggling is Real (and Sneaky)
We explored how something as innocent as using as string on request data can open the door to vulnerabilities like HTTP parameter pollution and prototype pollution. Just because your IDE is happy doesn’t mean your runtime is.
-Enter Zod – Runtime Type Checking to the Rescue?
Zod got some love for bridging the dev-time/runtime gap by validating data on the fly and inferring TypeScript types. But even Zod isn’t foolproof. For example, unless you're using .strict(), extra fields can sneak past your validations, leading to mass assignment bugs.
-Common Developer Fallacies
We discussed the misplaced confidence developers have in things like code coverage and TypeScript alone. One of the big takeaways: defense in depth matters. Just like testing, layering your security practices (like using Zod, type guards, and proper sanitization) is key.
-TypeScript Best Practices Are Evolving
From discriminated unions to avoiding any, from using Maps over plain objects to prevent prototype pollution—TypeScript developers are adapting. And tools like modern Node.js now support type stripping, which makes working with .ts files at runtime a bit easier.


Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

Jaksot(735)

JSJ 262 Mozilla Firefox Developer Tools with Jason Laster

JSJ 262 Mozilla Firefox Developer Tools with Jason Laster

Join AJ, Aimee, and Joe as they discuss Mozilla Firefox Developer Tools with Jason Laster. Jason just started working at Mozilla since March. But even before that, he has been working on Chrome's dev tool extension called Marionette. That's when he discovered that the browser is an open source that anyone can play with. Now, he is working on a new debugger in Firefox. Tune in!Special Guest: Jason Laster. Support this podcast at — https://redcircle.com/javascript-jabber/donationsPrivacy & Opt-Out: https://redcircle.com/privacyBecome a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

16 Touko 201736min

JSJ 261 HTTP 2 with Surma

JSJ 261 HTTP 2 with Surma

On today's episode, Charles, Aimee, and Cory discuss HTTP 2 with Surma. Alongside being part of the Chrome DevRel Team for Google, Surma works on different web app performance. He is also engaged in HTTP 2, interaction, UX, and spec work. Stay tuned to discover what HTTP 2 can do for you!Special Guest: Surma. Support this podcast at — https://redcircle.com/javascript-jabber/donationsPrivacy & Opt-Out: https://redcircle.com/privacyBecome a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

9 Touko 20171h 2min

JSJ 260 Practical JavaScript with Gordon Zhu

JSJ 260 Practical JavaScript with Gordon Zhu

On today's episode, Charles, Joe, and Cory discuss Practical JavaScript with Gordon Zhu. Gordon is the founder of Watch and Code, and teaches the Practical JavaScript online course. His mission is to help beginners become developers through tutorials. Tune in!Special Guest: Gordon Zhu. Support this podcast at — https://redcircle.com/javascript-jabber/donationsPrivacy & Opt-Out: https://redcircle.com/privacyBecome a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

2 Touko 201750min

JSJ 259 Clean Code JavaScript with Ryan McDermott

JSJ 259 Clean Code JavaScript with Ryan McDermott

On today's JavaScript Jabber Show, Charles, Joe, Aimee, Cory, and AJ discuss Clean Code JavaScript with Ryan McDermott. Ryan is a UX Engineer at Google and has been a professional developer for 5 years. He's focused on frontend Angular and backend node.js. Stay tuned to learn more about his current project with JavaScript!Special Guest: Ryan McDermott. Support this podcast at — https://redcircle.com/javascript-jabber/donationsPrivacy & Opt-Out: https://redcircle.com/privacyBecome a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

25 Huhti 201754min

JSJ 258 Development in a Public Institution with Shawn Clabough

JSJ 258 Development in a Public Institution with Shawn Clabough

On today's JavaScript Jabber Show, Charles and Aimee discuss Development in a Public Institution with Shawn Clabough. Shawn is a developer and developer manager at Washington State University. He works with the research office, and has been in the industry for 20 years. Tune in to this exciting episode!Special Guest: Shawn Clabough. Support this podcast at — https://redcircle.com/javascript-jabber/donationsPrivacy & Opt-Out: https://redcircle.com/privacyBecome a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

18 Huhti 201740min

JSJ 257 Graphcool with Johannes Schickling

JSJ 257 Graphcool with Johannes Schickling

On today's JavaScript Jabber Show, Charles, Aimee, and AJ discuss Graphcool with Johannes Schickling. Johannes is based in Berlin, Germany and is the founder of Graphcool, Inc. He also founded Optonaut, an Instagram for VR, which he sold about a year ago. Tune in to learn more about GraphQL and see what's in store for you!Special Guest: Johannes Schickling. Support this podcast at — https://redcircle.com/javascript-jabber/donationsPrivacy & Opt-Out: https://redcircle.com/privacyBecome a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

11 Huhti 201754min

JSJ 256 Wordpress and Wordpress API for JavaScript Developers with Roy Sivan

JSJ 256 Wordpress and Wordpress API for JavaScript Developers with Roy Sivan

On today's JavaScript Jabber Show, Charles, Aimee, Joe, and Cory discuss Wordpress and Wordpress API for JavaScript Developers with Roy Sivan. Roy is a WordPress (WP) developer at Disney Interactive. He has long been a fan of JavaScript and WP. During a WordCamp, the WP Founder announced the need for WP developers to learn JavaScript. But, what's in WP that developers should be interested about? Tune in to learn!Special Guest: Roy Sivan. Support this podcast at — https://redcircle.com/javascript-jabber/donationsPrivacy & Opt-Out: https://redcircle.com/privacyBecome a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

4 Huhti 201756min

JSJ 255 Docker for Developers with Derick Bailey

JSJ 255 Docker for Developers with Derick Bailey

On today's JavaScript Jabber Show, Charles Max Wood, AJ O'neal, Aimee Knight, Joe Eames, and Cory House discuss Docker for Developers with Derick Bailey. Derick is currently into Docker and has been doing a series on it at WatchMeCode. He is also writing an ebook titled Docker Recipes for Node.js Development which aims to provide solutions for things that concern Node.js. Stay tuned to learn more about Docker and the ebook which Derick is working on!Special Guest: Derick Bailey. Support this podcast at — https://redcircle.com/javascript-jabber/donationsPrivacy & Opt-Out: https://redcircle.com/privacyBecome a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

28 Maalis 20171h 20min

Suosittua kategoriassa Liike-elämä ja talous

sijotuskasti
mimmit-sijoittaa
psykopodiaa-podcast
rss-rahapodi
ostan-asuntoja-podcast
oppimisen-psykologia
pomojen-suusta
taloudellinen-mielenrauha
rss-lahtijat
sijoituspodi
rss-rahamania
rss-seuraava-potilas
rss-viisas-raha-podi
rss-neuvottelija-sami-miettinen
rahapuhetta
sijoituskaverit
kasvun-kipuja
rss-rikasta-elamaa
rss-turvacast
rss-merja-mahkan-rahat