Ofri Peretz
Author ProfileClaim This Author Profile
Prove ownership by publishing #HashtagPLUS and this profile link on your author page or an article under your byline. A moderator or admin will review the request before it merges into your real HashtagPLUS username.
π dev.toSource
Math.random() is a PRNG, not a CSPRNG. An attacker who observes a few outputs can predict every future call. I found this exact pattern generating API keys in a 44K-star open-source codebase. Here is why it matters and the ESLint rule that catches it.
π dev.toSource
Our cycle detector returned 0 on a 14K-file repo. oxlint found 17. We audited the rule and found two bugs: a 10-hop depth limit that silenced cycles longer than 10 hops, and a cache contamination bug that made results non-deterministic across runs.
π dev.toSource
We found 5 import cycles in 33 files that were invisible in 14,556. The cause: a 10-hop depth limit that wrote false non-cyclic entries into a shared cache, poisoning later traversals. Here is the bug, the fix, and how to test if your own cycle detector has the same class of fail
π dev.toSource
The codebase had 2 years of feature PRs and zero security audits. In 30 minutes, a fresh ESLint run surfaced 6 distinct vulnerability classes.
π dev.toSource
I gave Claude one prompt and got 200 lines of correct NestJS. TypeScript compiled clean. Then I ran eslint-plugin-nestjs-security. 6 errors, 3 seconds. Here is what it found and why each one is an AI failure mode.
π dev.toSource
From Dev Community: What ground truth caught that unit tests missed: 3 real bugs in 9 flagship lint rules