Be careful when you're sent a Node.js test project as part of a job application.
Some of these projects contain outdated, vulnerable, or even malicious packages.
Before running anything on your local machine, always run:
npm install
npm audit
npm audit fix
🔍 npm audit will scan for known security risks in the packages.
🛠️ npm audit fix can automatically resolve many of those issues.
I’ve seen test projects with dozens of vulnerabilities, including high-risk ones.
Don’t take unnecessary risks just to complete a test — your machine's security matters.
Don’t blindly trust code — even if it comes from a “recruiter.”
Stay alert. Stay safe.
Top comments (0)