TypeScript, Security, and Type Juggling with Ariel Shulman & Liran Tal - JSJ 679
JavaScript Jabber29 Touko 2025

TypeScript, Security, and Type Juggling with Ariel Shulman & Liran Tal - JSJ 679

In this episode, we dove headfirst into the swirling waters of TypeScript, its real-world use cases, and where it starts to fall short—especially when it comes to security. Joining us from sunny Tel Aviv (and a slightly cooler Portland), we had the brilliant Ariel Shulman and security advocate Liran Tal bring the heat on everything from type safety to runtime vulnerabilities.


We started off with a friendly debate: Has TypeScript really taken over the world? Our verdict? Pretty much. Whether it’s starter projects, enterprise codebases, or AI-generated snippets, TypeScript has become the de facto standard. But as we quickly found out, that doesn’t mean it’s perfect.


Key Takeaways:
-TypeScript ≠ Security
We tend to trust TypeScript a bit too much. It’s a build-time tool, not a runtime enforcer. As Liran pointed out, “TypeScript is not a security tool,” and treating it like one leads to dangerous assumptions.
-Type Juggling is Real (and Sneaky)
We explored how something as innocent as using as string on request data can open the door to vulnerabilities like HTTP parameter pollution and prototype pollution. Just because your IDE is happy doesn’t mean your runtime is.
-Enter Zod – Runtime Type Checking to the Rescue?
Zod got some love for bridging the dev-time/runtime gap by validating data on the fly and inferring TypeScript types. But even Zod isn’t foolproof. For example, unless you're using .strict(), extra fields can sneak past your validations, leading to mass assignment bugs.
-Common Developer Fallacies
We discussed the misplaced confidence developers have in things like code coverage and TypeScript alone. One of the big takeaways: defense in depth matters. Just like testing, layering your security practices (like using Zod, type guards, and proper sanitization) is key.
-TypeScript Best Practices Are Evolving
From discriminated unions to avoiding any, from using Maps over plain objects to prevent prototype pollution—TypeScript developers are adapting. And tools like modern Node.js now support type stripping, which makes working with .ts files at runtime a bit easier.


Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

Jaksot(735)

JSJ 254 Contributor Days with Tracy Lee

JSJ 254 Contributor Days with Tracy Lee

On today's JavaScript Jabber Show, Aimee Knight and Charles Max Wood discuss Contributor Days with Tracy Lee. Tracy is a Google Developer Expert and a co-founder of This Dot Media and This Dot Labs. She's passionately into helping startups create a connection with investors. Part of what she's been up to lately is what this episode is about. Tune in to learn about it!Special Guest: Tracy Lee. Support this podcast at — https://redcircle.com/javascript-jabber/donationsPrivacy & Opt-Out: https://redcircle.com/privacyBecome a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

21 Maalis 201745min

JSJ Special Episode: Azure with Jonathan Carter

JSJ Special Episode: Azure with Jonathan Carter

On today's episode, Aimee Knight, AJ O'Neal, Cory House, Joe Eames, and Charles Max Wood discuss Azure with Jonathan Carter. Jonathan has been working at Microsoft for 10 years. He currently focuses on Node.js and Azure. Tune in to learn how you can use Azure in building applications and services.Special Guest: Jonathan Carter. Support this podcast at — https://redcircle.com/javascript-jabber/donationsPrivacy & Opt-Out: https://redcircle.com/privacyBecome a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

17 Maalis 201754min

JSJ 253 Gomix with Daniel X Moore

JSJ 253 Gomix with Daniel X Moore

On today's JavaScript Jabber Show, Aimee Knight, Cory House, and Charles Max Wood discuss Gomix with Daniel X Moore. Daniel is a Software Developer at Fog Creek Software, and has been in the industry for 10 years. Their company currently offers an amazingly convenient way to build apps. Tune in to learn about it!Special Guest: Daniel X Moore. Support this podcast at — https://redcircle.com/javascript-jabber/donationsPrivacy & Opt-Out: https://redcircle.com/privacyBecome a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

14 Maalis 201747min

JSJ 252 The 20th Anniversary of Visual Studio with Bowden Kelly

JSJ 252 The 20th Anniversary of Visual Studio with Bowden Kelly

Javascript Jabber is hosted this week by Joe Eames, Aimee Knight, AJ O'Neal, Cory House, Charles Max Wood and their special guest Bowden Kelly. Bowden is a program manager at Microsoft and he shares some insight into the new features in Visual Studio 2017 RTM with Bowden Kelly. Special Guest: Bowden Kelly. Support this podcast at — https://redcircle.com/javascript-jabber/donationsPrivacy & Opt-Out: https://redcircle.com/privacyBecome a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

7 Maalis 201758min

JSJ 250 Celebration

JSJ 250 Celebration

JavaScript Jabber turns 5! On today's episode, Charles Max Wood, AJ ONeil, and Aimee Knight travel down memory lane to reminisce the highlights of the show. Tune in and enjoy the celebration! Support this podcast at — https://redcircle.com/javascript-jabber/donationsPrivacy & Opt-Out: https://redcircle.com/privacyBecome a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

28 Helmi 20171h 4min

JSJ 251 InfoSec for Web Developers with Kim Carter

JSJ 251 InfoSec for Web Developers with Kim Carter

On today's episode, Charles Max Wood and Aimee Knight discuss InfoSec for Web Developers with Kim Carter. Kim is a senior software engineer/architect, an information security professional, and the founder of binarymist.io. He is currently working on his book called Holistic InfoSec for Web Developers. Tune in to learn more on what his book is all about.Special Guest: Kim Carter. Support this podcast at — https://redcircle.com/javascript-jabber/donationsPrivacy & Opt-Out: https://redcircle.com/privacyBecome a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

21 Helmi 201748min

JSJ 249 Loading and Optimizing Web Applications with Sam Saccone and Jeff Cross

JSJ 249 Loading and Optimizing Web Applications with Sam Saccone and Jeff Cross

On today's episode, Charles Max Wood, Joe Eames, and Aimee Knight discuss Loading and Optimizing Web Applications with Sam Saccone and Jeff Cross. Tune in to their interesting talk, and learn how you can improve user experience and performance with better loading!Special Guests: Jeff Cross and Sam Saccone. Support this podcast at — https://redcircle.com/javascript-jabber/donationsPrivacy & Opt-Out: https://redcircle.com/privacyBecome a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

14 Helmi 201759min

JSJ 248 Reactive Programming and RxJS with Ben Lesh

JSJ 248 Reactive Programming and RxJS with Ben Lesh

On today's episode, Charles Max Wood, Joe Eames, and Tracy Lee discuss Reactive Programming and RxJS with Ben Lesh. Ben works at Netflix and also has a side job for Rx Workshop with Tracy. He is the lead author of RxJS 5. Tune in to learn more about RxJS!Special Guest: Ben Lesh. Support this podcast at — https://redcircle.com/javascript-jabber/donationsPrivacy & Opt-Out: https://redcircle.com/privacyBecome a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

7 Helmi 20171h 7min

Suosittua kategoriassa Liike-elämä ja talous

sijotuskasti
mimmit-sijoittaa
psykopodiaa-podcast
rss-rahapodi
ostan-asuntoja-podcast
oppimisen-psykologia
pomojen-suusta
taloudellinen-mielenrauha
rss-lahtijat
sijoituspodi
rss-rahamania
rss-seuraava-potilas
rss-viisas-raha-podi
rss-neuvottelija-sami-miettinen
rahapuhetta
sijoituskaverit
kasvun-kipuja
rss-rikasta-elamaa
rss-turvacast
rss-merja-mahkan-rahat